[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] snort-rules update @ Mon Nov 29 22:15:39 2004
From:       bmc () snort ! org
Date:       2004-11-30 3:15:39
Message-ID: 20041130031539.5C4DA3F0039 () lists ! snort ! org
[Download RAW message or body]

New rules:
3000 - NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt \
(netbios.rules, requires 2.2 or later) 3001 - NETBIOS SMB Session Setup NTMLSSP andx \
asn1 overflow attempt (netbios.rules, requires 2.2 or later) 3002 - NETBIOS SMB \
Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules, requires 2.2 \
or later) 3003 - NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt \
(netbios.rules, requires 2.2 or later) 3004 - NETBIOS SMB-DS Session Setup NTMLSSP \
andx asn1 overflow attempt (netbios.rules, requires 2.2 or later) 3005 - NETBIOS \
SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules, \
requires 2.2 or later) 3006 - EXPLOIT Volition Freespace 2 buffer overflow attempt \
(exploit.rules, requires 2.1 or later) 3007 - IMAP delete overflow attempt \
(imap.rules, requires 2.1 or later) 3008 - IMAP delete literal overflow attempt \
(imap.rules, requires 2.1 or later) 3009 - BACKDOOR NetBus Pro 2.0 connection request \
(backdoor.rules, requires 2.2 or later) 3010 - BACKDOOR RUX the Tick get windows \
directory attempt (backdoor.rules) 3011 - BACKDOOR RUX the Tick get system directory \
attempt (backdoor.rules) 3012 - BACKDOOR RUX the Tick upload/execute arbitrary file \
attempt (backdoor.rules) 3013 - BACKDOOR Asylum 0.1 connection request \
(backdoor.rules, requires 2.2 or later) 3014 - BACKDOOR Asylum 0.1 connection \
established (backdoor.rules, requires 2.2 or later) 3015 - BACKDOOR Insane Network \
4.0 connection established (backdoor.rules) 3016 - BACKDOOR Insane Network 4.0 \
connection established port 63536 (backdoor.rules) 3017 - EXPLOIT WINS overflow \
attempt (exploit.rules)

Updated rules:
 115 - BACKDOOR NetBus Pro 2.0 connection established (backdoor.rules, requires 2.2 \
or later)  492 - INFO TELNET login failed (info.rules)
 716 - INFO TELNET access (info.rules)
 718 - INFO TELNET login incorrect (info.rules)
 837 - WEB-CGI uploader.exe access (web-cgi.rules)
1209 - WEB-MISC .nsconfig access (web-misc.rules)
1485 - WEB-IIS mkilog.exe access (web-iis.rules)
1866 - POP3 USER overflow attempt (pop3.rules, requires 2.1 or later)
1919 - FTP CWD overflow attempt (ftp.rules, requires 2.1 or later)
2344 - FTP XCWD overflow attempt (ftp.rules, requires 2.1 or later)
2382 - NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules, \
requires 2.2 or later) 2383 - NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow \
attempt (netbios.rules, requires 2.2 or later)



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


[prev in list] [next in list] [prev in thread] [next in thread]