Talos has added and modified multiple rules in the browser-ie, deleted, file-image, file-other, indicator-obfuscation, indicator-scan, malware-cnc, os-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
* 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
* 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
* 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
* 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
* 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (snort3-browser-ie.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (snort3-deleted.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (snort3-deleted.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (snort3-deleted.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (snort3-deleted.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (snort3-file-other.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (snort3-server-webapp.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (snort3-browser-ie.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (snort3-server-webapp.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (snort3-os-other.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (snort3-browser-ie.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (snort3-indicator-obfuscation.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
* 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (snort3-protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (snort3-protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (snort3-protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (snort3-protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (snort3-protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (snort3-protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (snort3-protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (snort3-protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (snort3-protocol-voip.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (snort3-protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (snort3-protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (snort3-protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (snort3-protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (snort3-protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (snort3-protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (snort3-protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (snort3-protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (snort3-protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (snort3-protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (snort3-protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (snort3-protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (snort3-protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (snort3-protocol-voip.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (snort3-protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (snort3-protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (snort3-protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (snort3-protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (snort3-protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (snort3-protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (snort3-protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (snort3-protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (snort3-protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (snort3-protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (snort3-protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (snort3-protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (snort3-protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (snort3-protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (snort3-protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (snort3-protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (snort3-protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (snort3-protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (snort3-protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (snort3-protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (snort3-protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (snort3-protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (snort3-protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (snort3-protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (snort3-protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (snort3-protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (snort3-protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (snort3-protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (snort3-protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (snort3-protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (snort3-protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (snort3-protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (snort3-protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (snort3-protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (snort3-protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (snort3-protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (snort3-protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (snort3-protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (snort3-protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (snort3-protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (snort3-protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (snort3-protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (snort3-protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (snort3-protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (snort3-protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (snort3-protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (snort3-protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (snort3-protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (snort3-protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (snort3-protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (snort3-protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (snort3-protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (snort3-protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (snort3-protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (snort3-protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (snort3-protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (snort3-protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (snort3-protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (snort3-protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (snort3-protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (snort3-protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (snort3-protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (snort3-protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (snort3-protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (snort3-protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (snort3-protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (snort3-protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (snort3-protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (snort3-protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (snort3-protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (snort3-protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (snort3-protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (snort3-protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (snort3-protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (snort3-protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (snort3-protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (snort3-protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (snort3-protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (snort3-protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (snort3-protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (snort3-protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (snort3-protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (snort3-server-webapp.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (snort3-protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (snort3-protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (snort3-protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (snort3-server-other.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (snort3-protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (snort3-protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (snort3-protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (snort3-protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (snort3-protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (snort3-protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (snort3-protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (snort3-protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (snort3-protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (snort3-protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (snort3-protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (snort3-protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (snort3-protocol-voip.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (snort3-browser-ie.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (snort3-protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (snort3-protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (snort3-protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (snort3-indicator-scan.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (snort3-protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (snort3-protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (snort3-protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (snort3-protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (snort3-protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (snort3-protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (snort3-protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (snort3-protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (snort3-protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (snort3-protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (snort3-protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (snort3-protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (snort3-protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (snort3-protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (snort3-protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (snort3-protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (snort3-protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (snort3-protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (snort3-protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (snort3-protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (snort3-protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (snort3-protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (snort3-protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (snort3-protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (snort3-protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (snort3-protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (snort3-protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (snort3-protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (snort3-protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (snort3-protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (snort3-protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (snort3-protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (snort3-protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (snort3-protocol-voip.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (snort3-protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
* 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
* 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
