Talos has added and modified multiple rules in the browser-ie, browser-plugins, deleted, file-executable, file-flash, file-image, file-multimedia, file-office, file-other, malware-cnc, netbios, os-windows, protocol-dns, protocol-icmp and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules)
* 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malformed SupBook record attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18647 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18650 <-> DISABLED <-> DELETED NETBIOS Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18653 <-> DISABLED <-> DELETED NETBIOS Common Internet File System Browser Protocol BowserWriteErrorLogEntry (deleted.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules) * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft IE8 Developer Tool ActiveX clsid access (browser-ie.rules) * 1:18677 <-> DISABLED <-> DELETED SPECIFIC-THREATS Microsoft SMB CIFS split response message overflow attempt (deleted.rules) * 1:33046 <-> DISABLED <-> DELETED SERVER-WEBAPP test rule for avacado community (deleted.rules) * 1:14799 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14800 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14801 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14802 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14803 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14804 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14805 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14806 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14807 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14808 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14809 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14810 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14811 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14812 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14813 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14814 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14815 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14816 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14817 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14818 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14819 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14820 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14821 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14822 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14823 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14824 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14825 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14826 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14827 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14828 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14829 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14830 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14831 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14832 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14833 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14834 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14835 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14836 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14837 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14838 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14839 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14840 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14841 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14842 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14843 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14844 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14845 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14846 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14847 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14848 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14849 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14850 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14851 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14852 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14853 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14854 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14855 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14856 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14857 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14858 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14859 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14860 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14861 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14862 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14863 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14864 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14865 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14866 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14867 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14868 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14869 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14870 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14871 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14872 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14873 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14874 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14875 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14876 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14877 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14878 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14879 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14880 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14881 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14882 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14883 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14884 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14885 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14886 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14887 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14888 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14889 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14890 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14891 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14892 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14893 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14894 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14895 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:15011 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft XML core services cross-domain information disclosure attempt (deleted.rules) * 1:15016 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15017 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15018 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15019 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15020 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15021 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15022 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15023 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15024 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15025 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15026 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15027 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15028 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15029 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15030 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15031 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15032 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15033 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15034 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15035 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15036 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15037 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx object call overflow attempt (deleted.rules) * 1:15038 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15039 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx object call overflow attempt (deleted.rules) * 1:15040 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15041 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian object call overflow attempt (deleted.rules) * 1:15042 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15043 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX object call overflow attempt (deleted.rules) * 1:15044 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15045 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx object call overflow attempt (deleted.rules) * 1:15046 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15047 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx object call overflow attempt (deleted.rules) * 1:15048 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15049 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian object call overflow attempt (deleted.rules) * 1:15050 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15051 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode object call overflow attempt (deleted.rules) * 1:15052 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15053 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx object call overflow attempt (deleted.rules) * 1:15054 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15055 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx object call overflow attempt (deleted.rules) * 1:15056 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15057 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15058 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15059 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15060 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15061 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx object call overflow attempt (deleted.rules) * 1:15062 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15063 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx object call overflow attempt (deleted.rules) * 1:15064 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15065 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian object call overflow attempt (deleted.rules) * 1:15066 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15067 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode object call overflow attempt (deleted.rules) * 1:15068 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid access (browser-plugins.rules) * 1:15119 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid unicode access (browser-plugins.rules) * 1:15120 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call access (browser-plugins.rules) * 1:15121 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call unicode access (browser-plugins.rules) * 1:15451 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 1 (malware-cnc.rules) * 1:15452 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 2 (malware-cnc.rules) * 1:15456 <-> ENABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15470 <-> ENABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules) * 1:15522 <-> ENABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15530 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 1 (deleted.rules) * 1:15532 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 2 (deleted.rules) * 1:15533 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 3 (deleted.rules) * 1:15537 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (deleted.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15851 <-> ENABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:15974 <-> ENABLED <-> SERVER-IIS Microsoft IIS ASP handling buffer overflow attempt (server-iis.rules) * 1:16146 <-> DISABLED <-> DELETED EXPLOIT Adobe Acrobat Reader javascript heap corruption attempt (deleted.rules) * 1:16150 <-> ENABLED <-> BROWSER-IE Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules) * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Publisher invalid pathname overwrite (file-office.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13634 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Access hciR obfuscated download attempt (deleted.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13973 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Excel format record code execution attempt (deleted.rules) * 1:13975 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid access (browser-plugins.rules) * 1:13976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid unicode access (browser-plugins.rules) * 1:13977 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call access (browser-plugins.rules) * 1:13978 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call unicode access (browser-plugins.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:14662 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode object call attempt (deleted.rules) * 1:14663 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian attempt (deleted.rules) * 1:14664 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14665 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14666 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode object call attempt (deleted.rules) * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18427 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash forged atom type attempt (file-flash.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16544 <-> DISABLED <-> DELETED WEB-CLIENT Adobe Reader Linux malformed U3D mesh deceleration block exploit attempt (deleted.rules) * 1:18062 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Internet Explorer CSS style memory corruption attempt (deleted.rules) * 1:18064 <-> ENABLED <-> BROWSER-PLUGINS Microsoft .NET framework EntityObject execution attempt (browser-plugins.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:18423 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules) * 1:18213 <-> ENABLED <-> FILE-OTHER MS Publisher column and row remote code execution attempt (file-other.rules) * 1:18422 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:16171 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation incorrect index remote code execution attempt (deleted.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft LSASS domain name buffer overflow attempt (os-windows.rules) * 1:16395 <-> ENABLED <-> OS-WINDOWS SMB COPY command oversized pathname attempt (os-windows.rules) * 1:16170 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation oversized index remote code execution attempt (deleted.rules) * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:16182 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:18430 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS SMB large session length with small packet (os-windows.rules) * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:17118 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:17127 <-> DISABLED <-> DELETED NETBIOS BytesIndicated validation dos attempt (deleted.rules) * 1:17195 <-> DISABLED <-> DELETED EXPLOIT Adobe Director file exploit attempt (deleted.rules) * 1:16559 <-> DISABLED <-> DELETED WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID / param tag (deleted.rules) * 1:18425 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules) * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Director file file lRTX overflow attempt (file-other.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft DNS Server ANY query cache weakness (protocol-dns.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:16413 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft PowerPoint unbound memcpy and remote code execution attempt (deleted.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16534 <-> DISABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Director file file LsCM overflow attempt (file-other.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:17253 <-> DISABLED <-> DELETED NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt (deleted.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:16179 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:18428 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:17694 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Windows AVI file chunk length integer overflow attempt (deleted.rules) * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft IE HTML parsing memory corruption attempt (browser-ie.rules) * 1:18429 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:18424 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 1:18400 <-> ENABLED <-> OS-WINDOWS MS CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:14685 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14707 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx object call attempt (deleted.rules) * 1:14787 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14691 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14732 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14734 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14730 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14735 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14672 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian attempt (deleted.rules) * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:14687 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14703 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx object call attempt (deleted.rules) * 1:14690 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx object call attempt (deleted.rules) * 1:14786 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14670 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14684 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14705 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx object call attempt (deleted.rules) * 1:14785 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14675 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14793 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14784 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14679 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian object call attempt (deleted.rules) * 1:14708 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14673 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14789 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14697 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14790 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14693 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14683 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs object call attempt (deleted.rules) * 1:14669 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode attempt (deleted.rules) * 1:14739 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration bind attempt (deleted.rules) * 1:14671 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs attempt (deleted.rules) * 1:14668 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs attempt (deleted.rules) * 1:14702 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx object call attempt (deleted.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:14701 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:14788 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14738 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian alter context attempt (deleted.rules) * 1:14676 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode attempt (deleted.rules) * 1:14696 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14688 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14682 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian object call attempt (deleted.rules) * 1:14794 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14791 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14677 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian attempt (deleted.rules) * 1:14736 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14798 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14681 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian object call attempt (deleted.rules) * 1:14699 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14706 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx object call attempt (deleted.rules) * 1:14674 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14792 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14678 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian object call attempt (deleted.rules) * 1:14695 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx attempt (deleted.rules) * 1:14704 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx object call attempt (deleted.rules) * 1:14689 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14698 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14728 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14740 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian bind attempt (deleted.rules) * 1:14692 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs andx attempt (deleted.rules) * 1:14727 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14700 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14731 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14680 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX object call attempt (deleted.rules) * 1:14733 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14694 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14686 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx object call attempt (deleted.rules) * 1:14729 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14797 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:14796 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14667 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14795 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules)
* 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malformed SupBook record attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18647 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18650 <-> DISABLED <-> DELETED NETBIOS Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18653 <-> DISABLED <-> DELETED NETBIOS Common Internet File System Browser Protocol BowserWriteErrorLogEntry (deleted.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules) * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft IE8 Developer Tool ActiveX clsid access (browser-ie.rules) * 1:18677 <-> DISABLED <-> DELETED SPECIFIC-THREATS Microsoft SMB CIFS split response message overflow attempt (deleted.rules) * 1:33046 <-> DISABLED <-> DELETED SERVER-WEBAPP test rule for avacado community (deleted.rules) * 1:14885 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14886 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14887 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14888 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14889 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14890 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14891 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14892 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14893 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14894 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14895 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:15011 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft XML core services cross-domain information disclosure attempt (deleted.rules) * 1:15016 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15017 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15018 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15019 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15020 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15022 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15021 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15023 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15024 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15025 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15026 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15027 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15028 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15029 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15030 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15031 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15032 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15033 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15034 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15035 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15036 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15037 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx object call overflow attempt (deleted.rules) * 1:15038 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15039 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx object call overflow attempt (deleted.rules) * 1:15040 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15041 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian object call overflow attempt (deleted.rules) * 1:15042 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15043 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX object call overflow attempt (deleted.rules) * 1:15044 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15045 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx object call overflow attempt (deleted.rules) * 1:15046 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15047 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx object call overflow attempt (deleted.rules) * 1:15048 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15049 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian object call overflow attempt (deleted.rules) * 1:15050 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15051 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode object call overflow attempt (deleted.rules) * 1:15052 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15053 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx object call overflow attempt (deleted.rules) * 1:15054 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15055 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx object call overflow attempt (deleted.rules) * 1:15056 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15057 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15058 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15059 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15060 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15061 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx object call overflow attempt (deleted.rules) * 1:15062 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15063 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx object call overflow attempt (deleted.rules) * 1:15064 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15065 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian object call overflow attempt (deleted.rules) * 1:15066 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15067 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode object call overflow attempt (deleted.rules) * 1:15068 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid access (browser-plugins.rules) * 1:15119 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid unicode access (browser-plugins.rules) * 1:15120 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call access (browser-plugins.rules) * 1:15121 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call unicode access (browser-plugins.rules) * 1:15451 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 1 (malware-cnc.rules) * 1:15452 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 2 (malware-cnc.rules) * 1:15456 <-> ENABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15470 <-> ENABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules) * 1:15522 <-> ENABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15530 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 1 (deleted.rules) * 1:15532 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 2 (deleted.rules) * 1:15533 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 3 (deleted.rules) * 1:15537 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (deleted.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15851 <-> ENABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:15974 <-> ENABLED <-> SERVER-IIS Microsoft IIS ASP handling buffer overflow attempt (server-iis.rules) * 1:16150 <-> ENABLED <-> BROWSER-IE Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules) * 1:16146 <-> DISABLED <-> DELETED EXPLOIT Adobe Acrobat Reader javascript heap corruption attempt (deleted.rules) * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules) * 1:18400 <-> ENABLED <-> OS-WINDOWS MS CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:18424 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:18429 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft IE HTML parsing memory corruption attempt (browser-ie.rules) * 1:17694 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Windows AVI file chunk length integer overflow attempt (deleted.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:18428 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:16179 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:17253 <-> DISABLED <-> DELETED NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt (deleted.rules) * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Director file file LsCM overflow attempt (file-other.rules) * 1:16534 <-> DISABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16413 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft PowerPoint unbound memcpy and remote code execution attempt (deleted.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft DNS Server ANY query cache weakness (protocol-dns.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Director file file lRTX overflow attempt (file-other.rules) * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules) * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules) * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18425 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:16559 <-> DISABLED <-> DELETED WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID / param tag (deleted.rules) * 1:17195 <-> DISABLED <-> DELETED EXPLOIT Adobe Director file exploit attempt (deleted.rules) * 1:17127 <-> DISABLED <-> DELETED NETBIOS BytesIndicated validation dos attempt (deleted.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:17118 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS SMB large session length with small packet (os-windows.rules) * 1:18430 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16182 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:16395 <-> ENABLED <-> OS-WINDOWS SMB COPY command oversized pathname attempt (os-windows.rules) * 1:16170 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation oversized index remote code execution attempt (deleted.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft LSASS domain name buffer overflow attempt (os-windows.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18422 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:16171 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation incorrect index remote code execution attempt (deleted.rules) * 1:18213 <-> ENABLED <-> FILE-OTHER MS Publisher column and row remote code execution attempt (file-other.rules) * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules) * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:18423 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:18064 <-> ENABLED <-> BROWSER-PLUGINS Microsoft .NET framework EntityObject execution attempt (browser-plugins.rules) * 1:18062 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Internet Explorer CSS style memory corruption attempt (deleted.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16544 <-> DISABLED <-> DELETED WEB-CLIENT Adobe Reader Linux malformed U3D mesh deceleration block exploit attempt (deleted.rules) * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash forged atom type attempt (file-flash.rules) * 1:18427 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Publisher invalid pathname overwrite (file-office.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13634 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Access hciR obfuscated download attempt (deleted.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13973 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Excel format record code execution attempt (deleted.rules) * 1:13975 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid access (browser-plugins.rules) * 1:13976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid unicode access (browser-plugins.rules) * 1:13977 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call access (browser-plugins.rules) * 1:13978 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call unicode access (browser-plugins.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:14662 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode object call attempt (deleted.rules) * 1:14663 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian attempt (deleted.rules) * 1:14664 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14665 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14666 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode object call attempt (deleted.rules) * 1:14667 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14668 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs attempt (deleted.rules) * 1:14669 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode attempt (deleted.rules) * 1:14670 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14671 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs attempt (deleted.rules) * 1:14672 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian attempt (deleted.rules) * 1:14673 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14674 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14675 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14676 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode attempt (deleted.rules) * 1:14677 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian attempt (deleted.rules) * 1:14678 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian object call attempt (deleted.rules) * 1:14679 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian object call attempt (deleted.rules) * 1:14680 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX object call attempt (deleted.rules) * 1:14681 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian object call attempt (deleted.rules) * 1:14682 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian object call attempt (deleted.rules) * 1:14683 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs object call attempt (deleted.rules) * 1:14684 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14685 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14686 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx object call attempt (deleted.rules) * 1:14687 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14688 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14689 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14690 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx object call attempt (deleted.rules) * 1:14691 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14692 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs andx attempt (deleted.rules) * 1:14693 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14694 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14695 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx attempt (deleted.rules) * 1:14696 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14697 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14698 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14699 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14700 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14701 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14702 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx object call attempt (deleted.rules) * 1:14703 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx object call attempt (deleted.rules) * 1:14704 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx object call attempt (deleted.rules) * 1:14705 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx object call attempt (deleted.rules) * 1:14706 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx object call attempt (deleted.rules) * 1:14707 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx object call attempt (deleted.rules) * 1:14708 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14727 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14728 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14729 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14730 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14731 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14732 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14733 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14734 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14735 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14736 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14738 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian alter context attempt (deleted.rules) * 1:14739 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration bind attempt (deleted.rules) * 1:14740 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian bind attempt (deleted.rules) * 1:14784 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14785 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14786 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14787 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14788 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14789 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14790 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14791 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14792 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14793 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14794 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14795 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14796 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14797 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14798 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14799 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14800 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14801 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14802 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14803 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14804 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14805 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14806 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14807 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14808 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14809 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14810 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14811 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14812 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14813 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14814 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14815 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14816 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14817 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14818 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14819 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14820 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14821 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14822 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14823 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14824 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14825 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14826 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14827 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14828 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14829 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14830 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14831 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14832 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14833 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14834 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14835 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14836 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14837 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14838 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14839 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14840 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14841 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14842 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14843 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14844 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14845 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14846 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14847 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14848 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14849 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14850 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14851 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14852 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14853 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14854 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14855 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14856 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14857 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14858 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14859 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14860 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14861 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14862 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14863 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14864 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14865 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14866 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14867 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14868 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14869 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14870 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14871 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14872 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14873 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14874 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14875 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14876 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14877 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14878 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14879 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14880 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14881 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14882 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14883 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14884 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules)
* 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Publisher invalid pathname overwrite (file-office.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13634 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Access hciR obfuscated download attempt (deleted.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13973 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Excel format record code execution attempt (deleted.rules) * 1:13975 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid access (browser-plugins.rules) * 1:13976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid unicode access (browser-plugins.rules) * 1:13977 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call access (browser-plugins.rules) * 1:13978 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call unicode access (browser-plugins.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:14662 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode object call attempt (deleted.rules) * 1:14663 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian attempt (deleted.rules) * 1:14664 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14665 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14666 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode object call attempt (deleted.rules) * 1:14667 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14668 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs attempt (deleted.rules) * 1:14669 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode attempt (deleted.rules) * 1:14670 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14671 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs attempt (deleted.rules) * 1:14672 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian attempt (deleted.rules) * 1:14673 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14674 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14675 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14676 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode attempt (deleted.rules) * 1:14677 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian attempt (deleted.rules) * 1:14678 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian object call attempt (deleted.rules) * 1:14679 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian object call attempt (deleted.rules) * 1:14680 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX object call attempt (deleted.rules) * 1:14681 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian object call attempt (deleted.rules) * 1:14682 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian object call attempt (deleted.rules) * 1:14683 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs object call attempt (deleted.rules) * 1:14684 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14685 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14686 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx object call attempt (deleted.rules) * 1:14687 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14688 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14689 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14690 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx object call attempt (deleted.rules) * 1:14691 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14692 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs andx attempt (deleted.rules) * 1:14693 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14694 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14695 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx attempt (deleted.rules) * 1:14696 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14697 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14698 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14699 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14700 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14701 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14702 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx object call attempt (deleted.rules) * 1:14703 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx object call attempt (deleted.rules) * 1:14704 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx object call attempt (deleted.rules) * 1:14705 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx object call attempt (deleted.rules) * 1:14706 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx object call attempt (deleted.rules) * 1:14707 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx object call attempt (deleted.rules) * 1:14708 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14727 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14728 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14729 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14730 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14731 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14732 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14733 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14734 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14735 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14736 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14738 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian alter context attempt (deleted.rules) * 1:14739 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration bind attempt (deleted.rules) * 1:14740 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian bind attempt (deleted.rules) * 1:14784 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14785 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14786 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14787 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14788 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14789 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14790 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14791 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14792 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14793 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14794 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14795 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14796 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14797 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14798 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14799 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14800 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14801 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14802 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14803 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14804 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14805 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14806 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14807 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14808 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14809 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14810 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14811 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14812 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14813 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14814 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14815 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14816 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14817 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14818 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14819 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14820 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14821 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14822 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14823 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14824 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14825 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14826 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14827 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14828 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14829 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14830 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14831 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14832 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14833 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14834 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14835 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14836 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14837 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14838 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14839 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14840 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14841 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14842 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14843 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14844 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14845 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14846 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14847 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14848 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14849 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14850 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14851 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14852 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14853 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14854 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14855 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14856 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14857 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14858 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14859 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14860 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14861 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14862 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14863 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14864 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14865 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14866 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14867 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14868 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14869 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14870 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14871 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14872 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14873 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14874 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14875 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14876 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14877 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14878 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14879 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14880 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14881 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14882 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14883 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14884 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14885 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14886 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14887 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14888 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14889 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14890 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14891 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14892 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14893 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14894 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14895 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:15011 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft XML core services cross-domain information disclosure attempt (deleted.rules) * 1:15016 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15017 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15018 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15019 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15020 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15021 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15022 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15023 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15024 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15025 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15026 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15027 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15028 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15029 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15030 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15031 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15032 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15033 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15034 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15035 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15036 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15037 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx object call overflow attempt (deleted.rules) * 1:15038 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15039 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx object call overflow attempt (deleted.rules) * 1:15040 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15041 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian object call overflow attempt (deleted.rules) * 1:15042 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15043 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX object call overflow attempt (deleted.rules) * 1:15044 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15045 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx object call overflow attempt (deleted.rules) * 1:15046 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15047 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx object call overflow attempt (deleted.rules) * 1:15048 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15049 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian object call overflow attempt (deleted.rules) * 1:15050 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15051 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode object call overflow attempt (deleted.rules) * 1:15052 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15053 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx object call overflow attempt (deleted.rules) * 1:15054 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15055 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx object call overflow attempt (deleted.rules) * 1:15056 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15057 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15058 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15059 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15060 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15061 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx object call overflow attempt (deleted.rules) * 1:15062 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15063 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx object call overflow attempt (deleted.rules) * 1:15064 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15065 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian object call overflow attempt (deleted.rules) * 1:15066 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15067 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode object call overflow attempt (deleted.rules) * 1:15068 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid access (browser-plugins.rules) * 1:15119 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid unicode access (browser-plugins.rules) * 1:15120 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call access (browser-plugins.rules) * 1:15121 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call unicode access (browser-plugins.rules) * 1:15451 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 1 (malware-cnc.rules) * 1:15452 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 2 (malware-cnc.rules) * 1:15456 <-> ENABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15470 <-> ENABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules) * 1:15522 <-> ENABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15530 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 1 (deleted.rules) * 1:15532 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 2 (deleted.rules) * 1:15533 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 3 (deleted.rules) * 1:15537 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (deleted.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15851 <-> ENABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:15974 <-> ENABLED <-> SERVER-IIS Microsoft IIS ASP handling buffer overflow attempt (server-iis.rules) * 1:16146 <-> DISABLED <-> DELETED EXPLOIT Adobe Acrobat Reader javascript heap corruption attempt (deleted.rules) * 1:16150 <-> ENABLED <-> BROWSER-IE Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules) * 1:33046 <-> DISABLED <-> DELETED SERVER-WEBAPP test rule for avacado community (deleted.rules) * 1:18677 <-> DISABLED <-> DELETED SPECIFIC-THREATS Microsoft SMB CIFS split response message overflow attempt (deleted.rules) * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft IE8 Developer Tool ActiveX clsid access (browser-ie.rules) * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18653 <-> DISABLED <-> DELETED NETBIOS Common Internet File System Browser Protocol BowserWriteErrorLogEntry (deleted.rules) * 1:18650 <-> DISABLED <-> DELETED NETBIOS Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18647 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malformed SupBook record attempt (file-office.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash forged atom type attempt (file-flash.rules) * 1:18430 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:18429 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:18428 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:18427 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:18425 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:18424 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:18423 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:18422 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18400 <-> ENABLED <-> OS-WINDOWS MS CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18213 <-> ENABLED <-> FILE-OTHER MS Publisher column and row remote code execution attempt (file-other.rules) * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18064 <-> ENABLED <-> BROWSER-PLUGINS Microsoft .NET framework EntityObject execution attempt (browser-plugins.rules) * 1:18062 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Internet Explorer CSS style memory corruption attempt (deleted.rules) * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft DNS Server ANY query cache weakness (protocol-dns.rules) * 1:17694 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Windows AVI file chunk length integer overflow attempt (deleted.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17253 <-> DISABLED <-> DELETED NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt (deleted.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Director file file LsCM overflow attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Director file file lRTX overflow attempt (file-other.rules) * 1:17195 <-> DISABLED <-> DELETED EXPLOIT Adobe Director file exploit attempt (deleted.rules) * 1:17127 <-> DISABLED <-> DELETED NETBIOS BytesIndicated validation dos attempt (deleted.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS SMB large session length with small packet (os-windows.rules) * 1:17118 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:16559 <-> DISABLED <-> DELETED WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID / param tag (deleted.rules) * 1:16544 <-> DISABLED <-> DELETED WEB-CLIENT Adobe Reader Linux malformed U3D mesh deceleration block exploit attempt (deleted.rules) * 1:16534 <-> DISABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules) * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules) * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft IE HTML parsing memory corruption attempt (browser-ie.rules) * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16413 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft PowerPoint unbound memcpy and remote code execution attempt (deleted.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16395 <-> ENABLED <-> OS-WINDOWS SMB COPY command oversized pathname attempt (os-windows.rules) * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16182 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16179 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16171 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation incorrect index remote code execution attempt (deleted.rules) * 1:16170 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation oversized index remote code execution attempt (deleted.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules)
* 1:33046 <-> DISABLED <-> DELETED SERVER-WEBAPP test rule for avacado community (deleted.rules) * 1:18677 <-> DISABLED <-> DELETED SPECIFIC-THREATS Microsoft SMB CIFS split response message overflow attempt (deleted.rules) * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft IE8 Developer Tool ActiveX clsid access (browser-ie.rules) * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18653 <-> DISABLED <-> DELETED NETBIOS Common Internet File System Browser Protocol BowserWriteErrorLogEntry (deleted.rules) * 1:18650 <-> DISABLED <-> DELETED NETBIOS Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18647 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Word .dll dll-load exploit attempt (deleted.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malformed SupBook record attempt (file-office.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash forged atom type attempt (file-flash.rules) * 1:18430 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:18429 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:18428 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:18427 <-> DISABLED <-> DELETED WEB-CLIENT Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:18425 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader cooltype.dll dll-load exploit attempt (deleted.rules) * 1:18424 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader bibutils.dll dll-load exploit attempt (deleted.rules) * 1:18423 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader agm.dll dll-load exploit attempt (deleted.rules) * 1:18422 <-> DISABLED <-> DELETED NETBIOS Firefox Acrobat Reader ace.dll dll-load exploit attempt (deleted.rules) * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18400 <-> ENABLED <-> OS-WINDOWS MS CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18213 <-> ENABLED <-> FILE-OTHER MS Publisher column and row remote code execution attempt (file-other.rules) * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18064 <-> ENABLED <-> BROWSER-PLUGINS Microsoft .NET framework EntityObject execution attempt (browser-plugins.rules) * 1:18062 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Internet Explorer CSS style memory corruption attempt (deleted.rules) * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft DNS Server ANY query cache weakness (protocol-dns.rules) * 1:17694 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Windows AVI file chunk length integer overflow attempt (deleted.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17253 <-> DISABLED <-> DELETED NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt (deleted.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Director file file LsCM overflow attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Director file file lRTX overflow attempt (file-other.rules) * 1:17195 <-> DISABLED <-> DELETED EXPLOIT Adobe Director file exploit attempt (deleted.rules) * 1:17127 <-> DISABLED <-> DELETED NETBIOS BytesIndicated validation dos attempt (deleted.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS SMB large session length with small packet (os-windows.rules) * 1:17118 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:16559 <-> DISABLED <-> DELETED WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID / param tag (deleted.rules) * 1:16544 <-> DISABLED <-> DELETED WEB-CLIENT Adobe Reader Linux malformed U3D mesh deceleration block exploit attempt (deleted.rules) * 1:16534 <-> DISABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules) * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules) * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft IE HTML parsing memory corruption attempt (browser-ie.rules) * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16413 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft PowerPoint unbound memcpy and remote code execution attempt (deleted.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16395 <-> ENABLED <-> OS-WINDOWS SMB COPY command oversized pathname attempt (os-windows.rules) * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16182 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16179 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16171 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation incorrect index remote code execution attempt (deleted.rules) * 1:16170 <-> DISABLED <-> DELETED WEB-CLIENT U3D CLOD Progressive Mesh Continuation oversized index remote code execution attempt (deleted.rules) * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16150 <-> ENABLED <-> BROWSER-IE Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules) * 1:16146 <-> DISABLED <-> DELETED EXPLOIT Adobe Acrobat Reader javascript heap corruption attempt (deleted.rules) * 1:15974 <-> ENABLED <-> SERVER-IIS Microsoft IIS ASP handling buffer overflow attempt (server-iis.rules) * 1:15851 <-> ENABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15537 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (deleted.rules) * 1:15533 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 3 (deleted.rules) * 1:15532 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 2 (deleted.rules) * 1:15530 <-> DISABLED <-> DELETED WEB-CLIENT Desktop Search information disclosure attempt 1 (deleted.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15522 <-> ENABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules) * 1:15470 <-> ENABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15456 <-> ENABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15452 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 2 (malware-cnc.rules) * 1:15451 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 1 (malware-cnc.rules) * 1:15121 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call unicode access (browser-plugins.rules) * 1:15120 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call access (browser-plugins.rules) * 1:15119 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid unicode access (browser-plugins.rules) * 1:15118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid access (browser-plugins.rules) * 1:15068 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15067 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode object call overflow attempt (deleted.rules) * 1:15066 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15065 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian object call overflow attempt (deleted.rules) * 1:15064 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15063 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx object call overflow attempt (deleted.rules) * 1:15062 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15061 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx object call overflow attempt (deleted.rules) * 1:15060 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15059 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15058 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15057 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15056 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15055 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx object call overflow attempt (deleted.rules) * 1:15054 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15053 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx object call overflow attempt (deleted.rules) * 1:15052 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15051 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode object call overflow attempt (deleted.rules) * 1:15050 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15049 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian object call overflow attempt (deleted.rules) * 1:15048 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15047 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx object call overflow attempt (deleted.rules) * 1:15046 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15045 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx object call overflow attempt (deleted.rules) * 1:15044 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15043 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX object call overflow attempt (deleted.rules) * 1:15042 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15041 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian object call overflow attempt (deleted.rules) * 1:15040 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15039 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx object call overflow attempt (deleted.rules) * 1:15038 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15037 <-> DISABLED <-> DELETED NETBIOS SMB wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx object call overflow attempt (deleted.rules) * 1:15036 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode overflow attempt (deleted.rules) * 1:15035 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian overflow attempt (deleted.rules) * 1:15034 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode little endian andx overflow attempt (deleted.rules) * 1:15033 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel unicode andx overflow attempt (deleted.rules) * 1:15032 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15031 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15030 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian andx overflow attempt (deleted.rules) * 1:15029 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel andx overflow attempt (deleted.rules) * 1:15028 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode overflow attempt (deleted.rules) * 1:15027 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian overflow attempt (deleted.rules) * 1:15026 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode little endian andx overflow attempt (deleted.rules) * 1:15025 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX unicode andx overflow attempt (deleted.rules) * 1:15024 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX overflow attempt (deleted.rules) * 1:15023 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian overflow attempt (deleted.rules) * 1:15022 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX little endian andx overflow attempt (deleted.rules) * 1:15021 <-> DISABLED <-> DELETED NETBIOS SMB v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel WriteAndX andx overflow attempt (deleted.rules) * 1:15020 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15019 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel object call overflow attempt (deleted.rules) * 1:15018 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian overflow attempt (deleted.rules) * 1:15017 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel little endian object call overflow attempt (deleted.rules) * 1:15016 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (deleted.rules) * 1:15011 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft XML core services cross-domain information disclosure attempt (deleted.rules) * 1:14895 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14894 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14893 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14892 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14891 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14890 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14889 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14888 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14887 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14886 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14885 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14884 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14883 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14882 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14881 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14880 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14879 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14878 <-> DISABLED <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14877 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14876 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14875 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14874 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14873 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14872 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14871 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14870 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14869 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14868 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14867 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14866 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14865 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14864 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14863 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14862 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14861 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14860 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14859 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14858 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14857 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14856 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14855 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14854 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14853 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14852 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14851 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14850 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14849 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14848 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14847 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14846 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14845 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14844 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14843 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14842 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14841 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize andx object call path canonicalization stack overflow attempt (deleted.rules) * 1:14840 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14839 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14838 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14837 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX andx path canonicalization stack overflow attempt (deleted.rules) * 1:14836 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14835 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14834 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14833 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14832 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize andx path canonicalization stack overflow attempt (deleted.rules) * 1:14831 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode andx path canonicalization stack overflow attempt (deleted.rules) * 1:14830 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian andx path canonicalization stack overflow attempt (deleted.rules) * 1:14829 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14828 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14827 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14826 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14825 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14824 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14823 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14822 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14821 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14820 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14819 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14818 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14817 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14816 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14815 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14814 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode object call path canonicalization stack overflow attempt (deleted.rules) * 1:14813 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian object call path canonicalization stack overflow attempt (deleted.rules) * 1:14812 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14811 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14810 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14809 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14808 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14807 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14806 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14805 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14804 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14803 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14802 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14801 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14800 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14799 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14798 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14797 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14796 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14795 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14794 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX object call path canonicalization stack overflow attempt (deleted.rules) * 1:14793 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize object call path canonicalization stack overflow attempt (deleted.rules) * 1:14792 <-> DISABLED <-> DELETED NETBIOS SMB srvsvc NetrpPathCanonicalize WriteAndX unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14791 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14790 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14789 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX path canonicalization stack overflow attempt (deleted.rules) * 1:14788 <-> DISABLED <-> DELETED NETBIOS-DG SMB srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14787 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX unicode path canonicalization stack overflow attempt (deleted.rules) * 1:14786 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize unicode little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14785 <-> DISABLED <-> DELETED NETBIOS SMB v4 srvsvc NetrpPathCanonicalize WriteAndX little endian path canonicalization stack overflow attempt (deleted.rules) * 1:14784 <-> DISABLED <-> DELETED NETBIOS-DG SMB v4 srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (deleted.rules) * 1:14740 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian bind attempt (deleted.rules) * 1:14739 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration bind attempt (deleted.rules) * 1:14738 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP host-integration little endian alter context attempt (deleted.rules) * 1:14736 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14735 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14734 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian object call overflow attempt (deleted.rules) * 1:14733 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName object call overflow attempt (deleted.rules) * 1:14732 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14731 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName overflow attempt (deleted.rules) * 1:14730 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14729 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14728 <-> DISABLED <-> DELETED NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14727 <-> DISABLED <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian overflow attempt (deleted.rules) * 1:14708 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14707 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx object call attempt (deleted.rules) * 1:14706 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx object call attempt (deleted.rules) * 1:14705 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian andx object call attempt (deleted.rules) * 1:14704 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx object call attempt (deleted.rules) * 1:14703 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx object call attempt (deleted.rules) * 1:14702 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx object call attempt (deleted.rules) * 1:14701 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14700 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14699 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian andx attempt (deleted.rules) * 1:14698 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14697 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14696 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14695 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs andx attempt (deleted.rules) * 1:14694 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian andx attempt (deleted.rules) * 1:14693 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx attempt (deleted.rules) * 1:14692 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs andx attempt (deleted.rules) * 1:14691 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14690 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode andx object call attempt (deleted.rules) * 1:14689 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX andx attempt (deleted.rules) * 1:14688 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode andx attempt (deleted.rules) * 1:14687 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian andx attempt (deleted.rules) * 1:14686 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode andx object call attempt (deleted.rules) * 1:14685 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian andx attempt (deleted.rules) * 1:14684 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14683 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs object call attempt (deleted.rules) * 1:14682 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian object call attempt (deleted.rules) * 1:14681 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX little endian object call attempt (deleted.rules) * 1:14680 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX object call attempt (deleted.rules) * 1:14679 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode little endian object call attempt (deleted.rules) * 1:14678 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian object call attempt (deleted.rules) * 1:14677 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode little endian attempt (deleted.rules) * 1:14676 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs unicode attempt (deleted.rules) * 1:14675 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX little endian attempt (deleted.rules) * 1:14674 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14673 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14672 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs little endian attempt (deleted.rules) * 1:14671 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs attempt (deleted.rules) * 1:14670 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode little endian attempt (deleted.rules) * 1:14669 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode attempt (deleted.rules) * 1:14668 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs attempt (deleted.rules) * 1:14667 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14666 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs unicode object call attempt (deleted.rules) * 1:14665 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX attempt (deleted.rules) * 1:14664 <-> DISABLED <-> DELETED NETBIOS SMB v4 spoolss EnumJobs WriteAndX unicode attempt (deleted.rules) * 1:14663 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs little endian attempt (deleted.rules) * 1:14662 <-> DISABLED <-> DELETED NETBIOS SMB spoolss EnumJobs WriteAndX unicode object call attempt (deleted.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:13978 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call unicode access (browser-plugins.rules) * 1:13977 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call access (browser-plugins.rules) * 1:13976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid unicode access (browser-plugins.rules) * 1:13975 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid access (browser-plugins.rules) * 1:13973 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Excel format record code execution attempt (deleted.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13634 <-> DISABLED <-> DELETED WEB-CLIENT Microsoft Access hciR obfuscated download attempt (deleted.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Publisher invalid pathname overwrite (file-office.rules) * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
