Talos Rules 2019-10-17
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, deleted, file-image, file-other, indicator-obfuscation, indicator-scan, malware-cnc, os-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)

Modified Rules:


 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (snort3-browser-ie.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (snort3-deleted.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (snort3-deleted.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (snort3-deleted.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (snort3-deleted.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (snort3-file-other.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (snort3-server-webapp.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (snort3-server-webapp.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (snort3-os-other.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (snort3-browser-ie.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (snort3-indicator-obfuscation.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (snort3-malware-cnc.rules)

Modified Rules:


 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (snort3-protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (snort3-protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (snort3-protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (snort3-protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (snort3-protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (snort3-protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (snort3-protocol-voip.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (snort3-protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (snort3-protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (snort3-protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (snort3-protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (snort3-protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (snort3-protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (snort3-protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (snort3-protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (snort3-protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (snort3-protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (snort3-protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (snort3-protocol-voip.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (snort3-protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (snort3-protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (snort3-protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (snort3-protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (snort3-protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (snort3-protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (snort3-protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (snort3-protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (snort3-protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (snort3-protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (snort3-protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (snort3-protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (snort3-protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (snort3-protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (snort3-protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (snort3-protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (snort3-protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (snort3-protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (snort3-protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (snort3-protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (snort3-protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (snort3-protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (snort3-protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (snort3-protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (snort3-protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (snort3-protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (snort3-protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (snort3-protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (snort3-protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (snort3-protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (snort3-protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (snort3-protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (snort3-protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (snort3-protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (snort3-protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (snort3-protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (snort3-protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (snort3-protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (snort3-protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (snort3-protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (snort3-protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (snort3-protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (snort3-protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (snort3-protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (snort3-protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (snort3-protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (snort3-protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (snort3-protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (snort3-protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (snort3-protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (snort3-protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (snort3-protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (snort3-protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (snort3-protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (snort3-protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (snort3-protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (snort3-protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (snort3-protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (snort3-protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (snort3-protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (snort3-protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (snort3-protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (snort3-protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (snort3-protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (snort3-protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (snort3-protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (snort3-protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (snort3-protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (snort3-protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (snort3-protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (snort3-protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (snort3-protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (snort3-protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (snort3-protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (snort3-protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (snort3-protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (snort3-protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (snort3-protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (snort3-protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (snort3-protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (snort3-protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (snort3-server-webapp.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (snort3-protocol-voip.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (snort3-protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (snort3-server-other.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (snort3-protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (snort3-protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (snort3-protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (snort3-protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (snort3-protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (snort3-protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (snort3-protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (snort3-protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (snort3-protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (snort3-protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (snort3-protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (snort3-protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (snort3-protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (snort3-protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (snort3-protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (snort3-protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (snort3-browser-ie.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (snort3-protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (snort3-protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (snort3-protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (snort3-indicator-scan.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (snort3-protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (snort3-protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (snort3-protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (snort3-protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (snort3-protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (snort3-protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (snort3-protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (snort3-protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (snort3-protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (snort3-protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (snort3-protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (snort3-protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (snort3-protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (snort3-protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (snort3-protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (snort3-protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (snort3-protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (snort3-protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (snort3-protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (snort3-protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (snort3-protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (snort3-protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (snort3-protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (snort3-protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (snort3-protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (snort3-protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (snort3-protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (snort3-protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (snort3-protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (snort3-protocol-voip.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)

2019-10-17 16:47:57 UTC

Snort Subscriber Rules Update

Date: 2019-10-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51939 <-> DISABLED <-> DELETED rrAZPB2CvyvtAXaAY74gTWUfLivviq78 (deleted.rules)
 * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules)
 * 1:51942 <-> DISABLED <-> DELETED Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR (deleted.rules)
 * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules)
 * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules)
 * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules)
 * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51941 <-> DISABLED <-> DELETED E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq (deleted.rules)
 * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules)
 * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules)
 * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 1:51940 <-> DISABLED <-> DELETED 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa (deleted.rules)
 * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules)
 * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules)
 * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules)
 * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)
 * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules)
 * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules)
 * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules)
 * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules)

Modified Rules:


 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
 * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules)
 * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)