Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, malware-backdoor, malware-cnc, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
* 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
* 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (snort3-server-webapp.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (snort3-server-webapp.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (snort3-browser-ie.rules) * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (snort3-server-webapp.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (snort3-server-webapp.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (snort3-server-webapp.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (snort3-file-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (snort3-file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (snort3-malware-backdoor.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (snort3-malware-cnc.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (snort3-malware-cnc.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules) * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (snort3-server-webapp.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (snort3-file-other.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (snort3-file-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (snort3-policy-other.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (snort3-server-webapp.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (snort3-browser-ie.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (snort3-server-webapp.rules)
* 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (snort3-protocol-voip.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (snort3-exploit-kit.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (snort3-protocol-voip.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (snort3-exploit-kit.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (snort3-protocol-voip.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (snort3-file-other.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (snort3-protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (snort3-protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (snort3-protocol-voip.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (snort3-protocol-voip.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (snort3-protocol-voip.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (snort3-file-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (snort3-file-image.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (snort3-server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (snort3-server-other.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
* 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
* 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
* 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
