File: preprocessor.rules

package info (click to toggle)
snort 2.8.5.2-8
links: PTS
area: main
in suites: squeeze
size: 37,692 kB
ctags: 25,758
sloc: ansic: 177,775; sh: 11,401; makefile: 1,994; yacc: 495; perl: 491; lex: 252; sql: 213
file content (178 lines) | stat: -rw-r--r-- 25,789 bytes
alert ( msg: "TAG_LOG_PKT"; sid: 1; gid: 2; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "BO_TRAFFIC_DETECT"; sid: 1; gid: 105; rev: 1; metadata: rule-type preproc ; classtype:trojan-activity; reference:cve,1999-0660; )
alert ( msg: "BO_CLIENT_TRAFFIC_DETECT"; sid: 2; gid: 105; rev: 1; metadata: rule-type preproc ; classtype:trojan-activity; reference:cve,1999-0660; )
alert ( msg: "BO_SERVER_TRAFFIC_DETECT"; sid: 3; gid: 105; rev: 1; metadata: rule-type preproc ; classtype:trojan-activity; reference:cve,1999-0660;)
alert ( msg: "BO_SNORT_BUFFER_ATTACK"; sid: 4; gid: 105; rev: 1; metadata: rule-type preproc ; classtype:trojan-activity; reference:cve,2005-3252; )
alert ( msg: "RPC_FRAG_TRAFFIC"; sid: 1; gid: 106; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "RPC_MULTIPLE_RECORD"; sid: 2; gid: 106; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "RPC_LARGE_FRAGSIZE"; sid: 3; gid: 106; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "RPC_INCOMPLETE_SEGMENT"; sid: 4; gid: 106; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "RPC_ZERO_LENGTH_FRAGMENT"; sid: 5; gid: 106; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_STEALTH_ACTIVITY"; sid: 1; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon;)
alert ( msg: "STREAM4_EVASIVE_RST"; sid: 2; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_EVASIVE_RETRANS"; sid: 3; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_WINDOW_VIOLATION"; sid: 4; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM4_DATA_ON_SYN"; sid: 5; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_STEALTH_FULL_XMAS"; sid: 6; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_SAPU"; sid: 7; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_FIN_SCAN"; sid: 8; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_NULL_SCAN"; sid: 9; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_NMAP_XMAS_SCAN"; sid: 10; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_VECNA_SCAN"; sid: 11; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_NMAP_FINGERPRINT"; sid: 12; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_STEALTH_SYN_FIN_SCAN"; sid: 13; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "STREAM4_FORWARD_OVERLAP"; sid: 14; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_TTL_EVASION"; sid: 15; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_EVASIVE_RETRANS_DATA"; sid: 16; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_EVASIVE_RETRANS_DATASPLIT"; sid: 17; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_MULTIPLE_ACKED"; sid: 18; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM4_EMERGENCY"; sid: 19; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "STREAM4_SUSPEND"; sid: 20; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "STREAM4_ZERO_TIMESTAMP"; sid: 21; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM4_OVERLAP_LIMIT"; sid: 22; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "STREAM4_TCP_NO_ACK"; sid: 23; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM4_EVASIVE_FIN"; sid: 24; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM4_SYN_ON_ESTABLISHED"; sid: 25; gid: 111; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "ARPSPOOF_UNICAST_ARP_REQUEST"; sid: 1; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC"; sid: 2; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "ARPSPOOF_ETHERFRAME_ARP_MISMATCH_DST"; sid: 3; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "HI_CLIENT_ASCII"; sid: 1; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_DOUBLE_DECODE"; sid: 2; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_U_ENCODE"; sid: 3; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_BARE_BYTE"; sid: 4; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_BASE36"; sid: 5; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "HI_CLIENT_UTF_8"; sid: 6; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_IIS_UNICODE"; sid: 7; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_MULTI_SLASH"; sid: 8; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_IIS_BACKSLASH"; sid: 9; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )
alert ( msg: "HI_CLIENT_SELF_DIR_TRAV"; sid: 10; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
alert ( msg: "HI_CLIENT_DIR_TRAV"; sid: 11; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
alert ( msg: "HI_CLIENT_APACHE_WS"; sid: 12; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
alert ( msg: "HI_CLIENT_IIS_DELIMITER"; sid: 13; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
alert ( msg: "HI_CLIENT_NON_RFC_CHAR"; sid: 14; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "HI_CLIENT_OVERSIZE_DIR"; sid: 15; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; reference:cve,2007-0774; reference:bugtraq,22791;)
alert ( msg: "HI_CLIENT_LARGE_CHUNK"; sid: 16; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; )
alert ( msg: "HI_CLIENT_PROXY_USE"; sid: 17; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "HI_CLIENT_WEBROOT_DIR"; sid: 18; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
alert ( msg: "HI_CLIENT_LONG_HEADER"; sid: 19; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "HI_ANOM_SERVER_ALERT"; sid: 1; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
alert ( msg: "FLOW_SCANNER_FIXED_ALERT"; sid: 1; gid: 121; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "FLOW_SCANNER_SLIDING_ALERT"; sid: 2; gid: 121; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "FLOW_TALKER_FIXED_ALERT"; sid: 3; gid: 121; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "FLOW_TALKER_SLIDING_ALERT"; sid: 4; gid: 121; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_PORTSCAN"; sid: 1; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_DECOY_PORTSCAN"; sid: 2; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_PORTSWEEP"; sid: 3; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_DISTRIBUTED_PORTSCAN"; sid: 4; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_FILTERED_PORTSCAN"; sid: 5; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_FILTERED_DECOY_PORTSCAN"; sid: 6; gid: 122; rev: 1; metadata: rule-type preproc ;  classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_PORTSWEEP_FILTERED"; sid: 7; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_TCP_FILTERED_DISTRIBUTED_PORTSCAN"; sid: 8; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_PORTSCAN"; sid: 9; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_DECOY_PORTSCAN"; sid: 10; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_PORTSWEEP"; sid: 11; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_DISTRIBUTED_PORTSCAN"; sid: 12; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_FILTERED_PORTSCAN"; sid: 13; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_FILTERED_DECOY_PORTSCAN"; sid: 14; gid: 122; rev: 1; metadata: rule-type preproc ;  classtype:attempted-recon;)
alert ( msg: "PSNG_IP_PORTSWEEP_FILTERED"; sid: 15; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_IP_FILTERED_DISTRIBUTED_PORTSCAN"; sid: 16; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_PORTSCAN"; sid: 17; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_DECOY_PORTSCAN"; sid: 18; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_PORTSWEEP"; sid: 19; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_DISTRIBUTED_PORTSCAN"; sid: 20; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_FILTERED_PORTSCAN"; sid: 21; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_FILTERED_DECOY_PORTSCAN"; sid: 22; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_PORTSWEEP_FILTERED"; sid: 23; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_UDP_FILTERED_DISTRIBUTED_PORTSCAN"; sid: 24; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_ICMP_PORTSWEEP"; sid: 25; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_ICMP_PORTSWEEP_FILTERED"; sid: 26; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "PSNG_OPEN_PORT"; sid: 27; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )
alert ( msg: "FRAG3_IPOPTIONS"; sid: 1; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FRAG3_TEARDROP"; sid: 2; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "FRAG3_SHORT_FRAG"; sid: 3; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FRAG3_ANOMALY_OVERSIZE"; sid: 4; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "FRAG3_ANOMALY_ZERO"; sid: 5; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "FRAG3_ANOMALY_BADSIZE_SM"; sid: 6; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FRAG3_ANOMALY_BADSIZE_LG"; sid: 7; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FRAG3_ANOMALY_OVLP"; sid: 8; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FRAG3_IPV6_BSD_ICMP_FRAG"; sid: 9; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2007-1365; )
alert ( msg: "FRAG3_IPV6_BAD_FRAG_PKT"; sid: 10; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2007-1365; )
alert ( msg: "FRAG3_MIN_TTL"; sid: 11; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "SMTP_COMMAND_OVERFLOW"; sid: 1; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2001-0260; )
alert ( msg: "SMTP_DATA_HDR_OVERFLOW"; sid: 2; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2002-1337; )
alert ( msg: "SMTP_RESPONSE_OVERFLOW"; sid: 3; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:attempted-user; reference:cve,2002-1090; )
alert ( msg: "SMTP_SPECIFIC_CMD_OVERFLOW"; sid: 4; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; )
alert ( msg: "SMTP_UNKNOWN_CMD"; sid: 5; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "SMTP_ILLEGAL_CMD"; sid: 6; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "SMTP_HEADER_NAME_OVERFLOW"; sid: 7; gid: 124; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2004-0105; )
alert ( msg: "FTPP_FTP_TELNET_CMD"; sid: 1; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FTPP_FTP_INVALID_CMD"; sid: 2; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "FTPP_FTP_PARAMETER_LENGTH_OVERFLOW"; sid: 3; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2004-0286; )
alert ( msg: "FTPP_FTP_MALFORMED_PARAMETER"; sid: 4; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FTPP_FTP_PARAMETER_STR_FORMAT"; sid: 5; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2000-0573; )
alert ( msg: "FTPP_FTP_RESPONSE_LENGTH_OVERFLOW"; sid: 6; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:attempted-user; reference:cve,2007-3161; )
alert ( msg: "FTPP_FTP_ENCRYPTED"; sid: 7; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "FTPP_FTP_BOUNCE"; sid: 8; gid: 125; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; reference:cve,1999-0017; )
alert ( msg: "FTPP_TELNET_AYT_OVERFLOW"; sid: 1; gid: 126; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2001-0554; )
alert ( msg: "FTPP_TELNET_ENCRYPTED"; sid: 2; gid: 126; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode;)
alert ( msg: "FTPP_TELNET_SUBNEG_BEGIN_NO_END"; sid: 3; gid: 126; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM5_SYN_ON_EST"; sid: 1; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM5_DATA_ON_SYN"; sid: 2; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM5_DATA_ON_CLOSED"; sid: 3; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM5_BAD_TIMESTAMP"; sid: 4; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM5_BAD_SEGMENT"; sid: 5; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM5_WINDOW_TOO_LARGE"; sid: 6; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM5_EXCESSIVE_TCP_OVERLAPS"; sid: 7; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )
alert ( msg: "STREAM5_DATA_AFTER_RESET"; sid: 8; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "STREAM5_SESSION_HIJACKED_CLIENT"; sid: 9; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:attempted-user; )
alert ( msg: "STREAM5_SESSION_HIJACKED_SERVER"; sid: 10; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:attempted-user; )
alert ( msg: "STREAM5_DATA_WITHOUT_FLAGS"; sid: 11; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "DCERPC_MEMORY_OVERFLOW"; sid: 1; gid: 130; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )
alert ( msg: "DNS_EVENT_OBSOLETE_TYPES"; sid: 1; gid: 131; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "DNS_EVENT_EXPERIMENTAL_TYPES"; sid: 2; gid: 131; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )
alert ( msg: "DNS_EVENT_RDATA_OVERFLOW"; sid: 3; gid: 131; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2006-3441; reference:url,www.microsoft.com/technet/security/bulletin/ms06-041.mspx; )
alert ( msg: "DCE2_EVENT__MEMCAP"; sid: 1; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: attempted-dos; )
alert ( msg: "DCE2_EVENT__SMB_BAD_NBSS_TYPE"; sid: 2; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BAD_TYPE"; sid: 3; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BAD_ID"; sid: 4; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BAD_WCT"; sid: 5; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BAD_BCC"; sid: 6; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BAD_FORMAT"; sid: 7; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BAD_OFF"; sid: 8; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_TDCNT_ZERO"; sid: 9; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_NB_LT_SMBHDR"; sid: 10; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_NB_LT_COM"; sid: 11; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_NB_LT_BCC"; sid: 12; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_NB_LT_DSIZE"; sid: 13; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_TDCNT_LT_DSIZE"; sid: 14; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_DSENT_GT_TDCNT"; sid: 15; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_BCC_LT_DSIZE"; sid: 16; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_INVALID_DSIZE"; sid: 17; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_EXCESSIVE_TREE_CONNECTS"; sid: 18; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_EXCESSIVE_READS"; sid: 19; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_EXCESSIVE_CHAINING"; sid: 20; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_MULT_CHAIN_SS"; sid: 21; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_MULT_CHAIN_TC"; sid: 22; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_CHAIN_SS_LOGOFF"; sid: 23; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_CHAIN_TC_TDIS"; sid: 24; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_CHAIN_OPEN_CLOSE"; sid: 25; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__SMB_INVALID_SHARE"; sid: 26; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_BAD_MAJ_VERSION"; sid: 27; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_BAD_MIN_VERSION"; sid: 28; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_BAD_PDU_TYPE"; sid: 29; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FLEN_LT_HDR"; sid: 30; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FLEN_LT_SIZE"; sid: 31; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_ZERO_CTX_ITEMS"; sid: 32; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_ZERO_TSYNS"; sid: 33; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FRAG_LT_MAX_XMIT_FRAG"; sid: 34; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FRAG_GT_MAX_XMIT_FRAG"; sid: 35; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_ALTER_CHANGE_BYTE_ORDER"; sid: 36; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FRAG_DIFF_CALL_ID"; sid: 37; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FRAG_DIFF_OPNUM"; sid: 38; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CO_FRAG_DIFF_CTX_ID"; sid: 39; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CL_BAD_MAJ_VERSION"; sid: 40; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CL_BAD_PDU_TYPE"; sid: 41; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CL_DATA_LT_HDR"; sid: 42; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )
alert ( msg: "DCE2_EVENT__CL_BAD_SEQ_NUM"; sid: 43; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: bad-unknown; reference:url,http://msdn.microsoft.com/en-us/library/cc201989.aspx; )