Talos has added and modified multiple rules in the deleted, file-executable, file-pdf, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40883 <-> ENABLED <-> SERVER-WEBAPP WordPress XMLRPC pingback ddos attempt (server-webapp.rules) * 1:40048 <-> DISABLED <-> DELETED SERVER-OTHER Cisco ACE SSL Client Hello with excessive length denial of service attempt (deleted.rules) * 1:40880 <-> DISABLED <-> DELETED edaec1f2-b660-11e6-8e1c-23d9e3ca6b29 (deleted.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:40881 <-> DISABLED <-> SERVER-WEBAPP Wordpress Symposium get_album_item.php SQL injection attempt (server-webapp.rules) * 1:40882 <-> DISABLED <-> SERVER-WEBAPP Wordpress Symposium get_album_item.php SQL injection attempt (server-webapp.rules) * 3:40878 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:40873 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules) * 3:40872 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules) * 3:40879 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:40875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules) * 3:40877 <-> ENABLED <-> SERVER-OTHER Cisco Application Control Engine SSL handshake parsing denial of service attempt (server-other.rules) * 3:40874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules)
* 1:40618 <-> ENABLED <-> FILE-PDF Adobe Reader XML Metadata memory corruption attempt (file-pdf.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:40619 <-> ENABLED <-> FILE-PDF Adobe Reader XML Metadata memory corruption attempt (file-pdf.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40883 <-> ENABLED <-> SERVER-WEBAPP WordPress XMLRPC pingback ddos attempt (server-webapp.rules) * 1:40882 <-> DISABLED <-> SERVER-WEBAPP Wordpress Symposium get_album_item.php SQL injection attempt (server-webapp.rules) * 1:40881 <-> DISABLED <-> SERVER-WEBAPP Wordpress Symposium get_album_item.php SQL injection attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> DELETED edaec1f2-b660-11e6-8e1c-23d9e3ca6b29 (deleted.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:40048 <-> DISABLED <-> DELETED SERVER-OTHER Cisco ACE SSL Client Hello with excessive length denial of service attempt (deleted.rules) * 3:40872 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules) * 3:40873 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules) * 3:40879 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:40878 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:40877 <-> ENABLED <-> SERVER-OTHER Cisco Application Control Engine SSL handshake parsing denial of service attempt (server-other.rules) * 3:40874 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules) * 3:40875 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0228 attack attempt (file-pdf.rules)
* 1:40618 <-> ENABLED <-> FILE-PDF Adobe Reader XML Metadata memory corruption attempt (file-pdf.rules) * 1:40619 <-> ENABLED <-> FILE-PDF Adobe Reader XML Metadata memory corruption attempt (file-pdf.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
