Snort - Network Intrusion Detection & Prevention System

VRT Rules 2014-08-06

This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the bad-traffic and policy-other rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2956

2014-08-06 15:01:48 UTC

Sourcefire VRT Rules Update

Date: 2014-08-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player cross-domain bypass attempt (policy-other.rules)
 * 3:31616 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)
 * 3:31615 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)

Modified Rules:


 * 1:27247 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan (blacklist.rules)

2961

2014-08-06 15:01:48 UTC

Sourcefire VRT Rules Update

Date: 2014-08-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player cross-domain bypass attempt (policy-other.rules)
 * 3:31616 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)
 * 3:31615 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)

Modified Rules:


 * 1:27247 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan (blacklist.rules)

2962

2014-08-06 15:01:48 UTC

Sourcefire VRT Rules Update

Date: 2014-08-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player cross-domain bypass attempt (policy-other.rules)
 * 3:31616 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)
 * 3:31615 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)

Modified Rules:


 * 1:27247 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan (blacklist.rules)