Talos Rules 2019-10-31
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-other, file-executable, file-identify, file-image, file-office, file-other, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)

Modified Rules:


 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)

Modified Rules:


 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)

Modified Rules:


 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)

Modified Rules:


 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)

Modified Rules:


 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (snort3-file-other.rules)
 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (snort3-server-webapp.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (snort3-file-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (snort3-file-office.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (snort3-file-office.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (snort3-policy-other.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules)

Modified Rules:


 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (snort3-browser-firefox.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (snort3-protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (snort3-protocol-voip.rules)
 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (snort3-protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (snort3-app-detect.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (snort3-protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (snort3-protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (snort3-protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (snort3-protocol-voip.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (snort3-server-webapp.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (snort3-browser-firefox.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (snort3-protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (snort3-policy-other.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (snort3-protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (snort3-protocol-voip.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (snort3-server-webapp.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (snort3-protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (snort3-protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (snort3-protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (snort3-protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (snort3-protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (snort3-protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (snort3-protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (snort3-protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (snort3-protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (snort3-protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (snort3-protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (snort3-protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (snort3-protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (snort3-protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (snort3-protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (snort3-protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (snort3-protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (snort3-protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (snort3-protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (snort3-protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (snort3-protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (snort3-protocol-voip.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (snort3-protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (snort3-protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (snort3-protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (snort3-protocol-voip.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (snort3-protocol-voip.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)

Modified Rules:


 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)

2019-10-31 13:53:50 UTC

Snort Subscriber Rules Update

Date: 2019-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules)
 * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules)
 * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules)
 * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules)
 * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
 * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)

Modified Rules:


 * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules)
 * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
 * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules)
 * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules)
 * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules)
 * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules)
 * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules)
 * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules)
 * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules)
 * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules)
 * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
 * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules)
 * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules)
 * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules)
 * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules)
 * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules)
 * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules)
 * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules)
 * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules)
 * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules)
 * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules)
 * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules)
 * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules)
 * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules)
 * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules)
 * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules)
 * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules)
 * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules)
 * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)