VRT Rules 2014-07-24
This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, file-java, file-multimedia, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-07-24 14:45:52 UTC

Sourcefire VRT Rules Update

Date: 2014-07-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31517 <-> ENABLED <-> BLACKLIST DNS request for known malware domain security-apps.net - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31515 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oguhtell.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31516 <-> ENABLED <-> BLACKLIST DNS request for known malware domain security-apps.biz - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (server-webapp.rules)
 * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31514 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bastelfunboard.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31507 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:31508 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getsearch.net (blacklist.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules)
 * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules)
 * 1:31498 <-> ENABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31497 <-> ENABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31518 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tc-zo.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31509 <-> ENABLED <-> BLACKLIST DNS request for known malware domain greatfindpage.com (blacklist.rules)
 * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules)
 * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)

2014-07-24 14:45:52 UTC

Sourcefire VRT Rules Update

Date: 2014-07-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:25549 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
 * 1:25550 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
 * 1:25589 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25601 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25612 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25617 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25618 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25619 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25620 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules)
 * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:31497 <-> ENABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31498 <-> ENABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (server-webapp.rules)
 * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (server-webapp.rules)
 * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31518 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tc-zo.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31517 <-> ENABLED <-> BLACKLIST DNS request for known malware domain security-apps.net - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31516 <-> ENABLED <-> BLACKLIST DNS request for known malware domain security-apps.biz - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31515 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oguhtell.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31514 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bastelfunboard.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules)
 * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31509 <-> ENABLED <-> BLACKLIST DNS request for known malware domain greatfindpage.com (blacklist.rules)
 * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules)
 * 1:31508 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getsearch.net (blacklist.rules)
 * 1:31507 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)

Modified Rules:


 * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules)
 * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)

2014-07-24 14:45:52 UTC

Sourcefire VRT Rules Update

Date: 2014-07-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31518 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tc-zo.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31517 <-> ENABLED <-> BLACKLIST DNS request for known malware domain security-apps.net - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31516 <-> ENABLED <-> BLACKLIST DNS request for known malware domain security-apps.biz - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31515 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oguhtell.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31514 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bastelfunboard.ch - Andr.Trojan.Emmental (blacklist.rules)
 * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules)
 * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules)
 * 1:31509 <-> ENABLED <-> BLACKLIST DNS request for known malware domain greatfindpage.com (blacklist.rules)
 * 1:31508 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getsearch.net (blacklist.rules)
 * 1:31507 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (server-webapp.rules)
 * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (server-webapp.rules)
 * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31498 <-> ENABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31497 <-> ENABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules)
 * 1:25620 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25619 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25618 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25617 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25612 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25601 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25589 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25550 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
 * 1:25549 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
 * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules)
 * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)