Sourcefire VRT Certified Rules Update

Date: 2005-07-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3814 - WEB-CLIENT IE javaprxy.dll COM access (web-client.rules)
3815 - SMTP eXchange POP3 mail server overflow attempt (smtp.rules)
3816 - WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules)
3817 - TFTP GET transfer mode overflow attempt (tftp.rules)
3818 - TFTP PUT transfer mode overflow attempt (tftp.rules)
3819 - WEB-CLIENT multipacket CHM file transfer start (web-client.rules)
3820 - WEB-CLIENT multipacket CHM file transfer attempt (web-client.rules)
3821 - WEB-CLIENT CHM file transfer attempt (web-client.rules)
3822 - WEB-MISC Real Player realtext long URI request (web-misc.rules)
3823 - WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules)
3824 - SMTP AUTH user overflow attempt (smtp.rules)
3825 - POLICY AOL Instant Messenger Message Send (policy.rules)
3826 - POLICY AOL Instant Messenger Message Receive (policy.rules)
3827 - WEB-PHP xmlrpc.php post attempt (web-php.rules)

Updated rules:
 686 - MS-SQL xp_reg* - registry access (sql.rules)
 689 - MS-SQL/SMB xp_reg* registry access (sql.rules)
 971 - WEB-IIS ISAPI .printer access (web-iis.rules)
1018 - WEB-IIS iisadmpwd attempt (web-iis.rules)
1126 - WEB-MISC AuthChangeUrl access (web-misc.rules)
1447 - MISC MS Terminal server request RDP (misc.rules)
1476 - WEB-CGI sdbsearch.cgi access (web-cgi.rules)
1483 - WEB-CGI ustorekeeper.pl access (web-cgi.rules)
1526 - WEB-MISC basilix sendmail.inc access (web-misc.rules)
1527 - WEB-MISC basilix mysql.class access (web-misc.rules)
1567 - WEB-IIS /exchange/root.asp attempt (web-iis.rules)
1730 - WEB-CGI ustorekeeper.pl directory traversal attempt (web-cgi.rules)
1777 - FTP EXPLOIT STAT * dos attempt (ftp.rules)
1778 - FTP EXPLOIT STAT ? dos attempt (ftp.rules)
1801 - WEB-IIS .asp HTTP header buffer overflow attempt (web-iis.rules)
1802 - WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
1803 - WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
1804 - WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
1810 - ATTACK-RESPONSES successful gobbles ssh exploit GOBBLE (attack-responses.rules)
1970 - WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
1986 - CHAT MSN outbound file transfer request (chat.rules)
1988 - CHAT MSN outbound file transfer accept (chat.rules)
1989 - CHAT MSN outbound file transfer rejected (chat.rules)
2054 - WEB-CGI enter_bug.cgi arbitrary command attempt (web-cgi.rules)
2055 - WEB-CGI enter_bug.cgi access (web-cgi.rules)
2126 - MISC Microsoft PPTP Start Control Request buffer overflow attempt (misc.rules)
2133 - WEB-IIS MS BizTalk server access (web-iis.rules)
2243 - WEB-MISC ndcgi.exe access (web-misc.rules)
2435 - WEB-CLIENT Microsoft emf metafile access (web-client.rules)
2436 - WEB-CLIENT Microsoft wmf metafile access (web-client.rules)
2670 - WEB-CGI pgpmail.pl access (web-cgi.rules)
3148 - WEB-CLIENT winhelp clsid attempt (web-client.rules)
3149 - WEB-CLIENT object type overflow attempt (web-client.rules)
3150 - WEB-IIS SQLXML content type overflow (web-iis.rules)
3192 - WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules)
3199 - EXPLOIT WINS name query overflow attempt TCP (exploit.rules)
3200 - EXPLOIT WINS name query overflow attempt UDP (exploit.rules)
3238 - NETBIOS DCERPC IrotIsRunning attempt (netbios.rules)
3239 - NETBIOS DCERPC IrotIsRunning little endian attempt (netbios.rules)
3256 - NETBIOS SMB IrotIsRunning attempt (netbios.rules)
3257 - NETBIOS SMB IrotIsRunning little endian attempt (netbios.rules)
3258 - NETBIOS SMB IrotIsRunning unicode attempt (netbios.rules)
3259 - NETBIOS SMB IrotIsRunning unicode little endian attempt (netbios.rules)
3260 - NETBIOS SMB IrotIsRunning andx attempt (netbios.rules)
3261 - NETBIOS SMB IrotIsRunning little endian andx attempt (netbios.rules)
3262 - NETBIOS SMB IrotIsRunning unicode andx attempt (netbios.rules)
3263 - NETBIOS SMB IrotIsRunning unicode little endian andx attempt (netbios.rules)
3264 - NETBIOS SMB-DS IrotIsRunning attempt (netbios.rules)
3265 - NETBIOS SMB-DS IrotIsRunning little endian attempt (netbios.rules)
3266 - NETBIOS SMB-DS IrotIsRunning unicode attempt (netbios.rules)
3267 - NETBIOS SMB-DS IrotIsRunning unicode little endian attempt (netbios.rules)
3268 - NETBIOS SMB-DS IrotIsRunning andx attempt (netbios.rules)
3269 - NETBIOS SMB-DS IrotIsRunning little endian andx attempt (netbios.rules)
3270 - NETBIOS SMB-DS IrotIsRunning unicode andx attempt (netbios.rules)
3271 - NETBIOS SMB-DS IrotIsRunning unicode little endian andx attempt (netbios.rules)
3461 - SMTP Content-Type overflow attempt (smtp.rules)
3462 - SMTP Content-Encoding overflow attempt (smtp.rules)
3466 - WEB-MISC Authorization Basic overflow attempt (web-misc.rules)
3682 - SMTP spoofed MIME-Type auto-execution attempt (smtp.rules)