Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] VRT Certified Rules Update

from [Matthew Watchinski] Network Security [Permanent Link]
Subject: [Snort-sigs] VRT Certified Rules Update
Date: Mon, 18 Apr 2005 19:06:02 -0400 
Sourcefire VRT Certified Rules Update

Date: 2005-04-18

Synopsis:
After continuing research into to the Microsoft Security Bulletin
(MS05-017) released on Tuesday April 12 2005, the Sourcefire
Vulnerability Research Team (VRT) has released a number of new rules to
detect possible attempts to exploit the Microsoft Message Queuing vulnerability.
Additionally a rule to detect attempts to cause a Denial of Service
using spoofed ICMP messages is also included in this rule pack.

Details:
Microsoft Message Queuing (MSMQ) enables messages to be queued for
delivery at opportune times. Applications can query the message queue as
they come online or at scheduled times.

A programming error in the MSMQ subsystem may present an attacker with
the opportunity to overflow a fixed length buffer and execute code of
their choosing on an affected host.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 3554 through 3625.

The ICMP path MTU message informs a host that the packet size it has
sent must be fragmented and will be dropped unless it is reduced to the
designated MTU. It may be possible for an attacker to send a spoofed
ICMP path MTU message to a host causing it to send very small packets.
This may then result in the host experiencing a Denial of Service (DoS).

A rule to detect attacks against this vulnerability is included in this
rule pack and is identified as sid 3626.

Below is the complete list of rules modified and added in the Sourcefire
VRT Certified Rule Pack.

New rules:
3554 - NETBIOS DCERPC-DIRECT mqqm bind attempt (netbios.rules)
3555 - NETBIOS DCERPC-DIRECT mqqm little endian bind attempt (netbios.rules)
3556 - NETBIOS DCERPC mqqm bind attempt (netbios.rules)
3557 - NETBIOS DCERPC mqqm little endian bind attempt (netbios.rules)
3558 - NETBIOS SMB mqqm WriteAndX andx bind attempt (netbios.rules)
3559 - NETBIOS SMB mqqm WriteAndX bind attempt (netbios.rules)
3560 - NETBIOS SMB mqqm WriteAndX little endian andx bind attempt 
(netbios.rules)
3561 - NETBIOS SMB mqqm WriteAndX little endian bind attempt (netbios.rules)
3562 - NETBIOS SMB mqqm WriteAndX unicode andx bind attempt (netbios.rules)
3563 - NETBIOS SMB mqqm WriteAndX unicode bind attempt (netbios.rules)
3564 - NETBIOS SMB mqqm WriteAndX unicode little endian andx bind attempt 
(netbios.rules)
3565 - NETBIOS SMB mqqm WriteAndX unicode little endian bind attempt 
(netbios.rules)
3566 - NETBIOS SMB mqqm andx bind attempt (netbios.rules)
3567 - NETBIOS SMB mqqm bind attempt (netbios.rules)
3568 - NETBIOS SMB mqqm little endian andx bind attempt (netbios.rules)
3569 - NETBIOS SMB mqqm little endian bind attempt (netbios.rules)
3570 - NETBIOS SMB mqqm unicode andx bind attempt (netbios.rules)
3571 - NETBIOS SMB mqqm unicode bind attempt (netbios.rules)
3572 - NETBIOS SMB mqqm unicode little endian andx bind attempt (netbios.rules)
3573 - NETBIOS SMB mqqm unicode little endian bind attempt (netbios.rules)
3574 - NETBIOS SMB-DS mqqm WriteAndX andx bind attempt (netbios.rules)
3575 - NETBIOS SMB-DS mqqm WriteAndX bind attempt (netbios.rules)
3576 - NETBIOS SMB-DS mqqm WriteAndX little endian andx bind attempt 
(netbios.rules)
3577 - NETBIOS SMB-DS mqqm WriteAndX little endian bind attempt (netbios.rules)
3578 - NETBIOS SMB-DS mqqm WriteAndX unicode andx bind attempt (netbios.rules)
3579 - NETBIOS SMB-DS mqqm WriteAndX unicode bind attempt (netbios.rules)
3580 - NETBIOS SMB-DS mqqm WriteAndX unicode little endian andx bind attempt 
(netbios.rules)
3581 - NETBIOS SMB-DS mqqm WriteAndX unicode little endian bind attempt 
(netbios.rules)
3582 - NETBIOS SMB-DS mqqm andx bind attempt (netbios.rules)
3583 - NETBIOS SMB-DS mqqm bind attempt (netbios.rules)
3584 - NETBIOS SMB-DS mqqm little endian andx bind attempt (netbios.rules)
3585 - NETBIOS SMB-DS mqqm little endian bind attempt (netbios.rules)
3586 - NETBIOS SMB-DS mqqm unicode andx bind attempt (netbios.rules)
3587 - NETBIOS SMB-DS mqqm unicode bind attempt (netbios.rules)
3588 - NETBIOS SMB-DS mqqm unicode little endian andx bind attempt 
(netbios.rules)
3589 - NETBIOS SMB-DS mqqm unicode little endian bind attempt (netbios.rules)
3590 - NETBIOS DCERPC-DIRECT mqqm QMDeleteObject little endian overflow attempt 
(netbios.rules)
3591 - NETBIOS DCERPC-DIRECT mqqm QMDeleteObject overflow attempt 
(netbios.rules)
3592 - NETBIOS DCERPC mqqm QMDeleteObject little endian overflow attempt 
(netbios.rules)
3593 - NETBIOS DCERPC mqqm QMDeleteObject overflow attempt (netbios.rules)
3594 - NETBIOS SMB mqqm QMDeleteObject WriteAndX andx overflow attempt 
(netbios.rules)
3595 - NETBIOS SMB mqqm QMDeleteObject WriteAndX little endian andx overflow 
attempt (netbios.rules)
3596 - NETBIOS SMB mqqm QMDeleteObject WriteAndX little endian overflow attempt 
(netbios.rules)
3597 - NETBIOS SMB mqqm QMDeleteObject WriteAndX overflow attempt 
(netbios.rules)
3598 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode andx overflow attempt 
(netbios.rules)
3599 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode little endian andx 
overflow attempt (netbios.rules)
3600 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode little endian overflow 
attempt (netbios.rules)
3601 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode overflow attempt 
(netbios.rules)
3602 - NETBIOS SMB mqqm QMDeleteObject andx overflow attempt (netbios.rules)
3603 - NETBIOS SMB mqqm QMDeleteObject little endian andx overflow attempt 
(netbios.rules)
3604 - NETBIOS SMB mqqm QMDeleteObject little endian overflow attempt 
(netbios.rules)
3605 - NETBIOS SMB mqqm QMDeleteObject overflow attempt (netbios.rules)
3606 - NETBIOS SMB mqqm QMDeleteObject unicode andx overflow attempt 
(netbios.rules)
3607 - NETBIOS SMB mqqm QMDeleteObject unicode little endian andx overflow 
attempt (netbios.rules)
3608 - NETBIOS SMB mqqm QMDeleteObject unicode little endian overflow attempt 
(netbios.rules)
3609 - NETBIOS SMB mqqm QMDeleteObject unicode overflow attempt (netbios.rules)
3610 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX andx overflow attempt 
(netbios.rules)
3611 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian andx overflow 
attempt (netbios.rules)
3612 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian overflow 
attempt (netbios.rules)
3613 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX overflow attempt 
(netbios.rules)
3614 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode andx overflow 
attempt (netbios.rules)
3615 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian andx 
overflow attempt (netbios.rules)
3616 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian 
overflow attempt (netbios.rules)
3617 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode overflow attempt 
(netbios.rules)
3618 - NETBIOS SMB-DS mqqm QMDeleteObject andx overflow attempt (netbios.rules)
3619 - NETBIOS SMB-DS mqqm QMDeleteObject little endian andx overflow attempt 
(netbios.rules)
3620 - NETBIOS SMB-DS mqqm QMDeleteObject little endian overflow attempt 
(netbios.rules)
3621 - NETBIOS SMB-DS mqqm QMDeleteObject overflow attempt (netbios.rules)
3622 - NETBIOS SMB-DS mqqm QMDeleteObject unicode andx overflow attempt 
(netbios.rules)
3623 - NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian andx overflow 
attempt (netbios.rules)
3624 - NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian overflow 
attempt (netbios.rules)
3625 - NETBIOS SMB-DS mqqm QMDeleteObject unicode overflow attempt 
(netbios.rules)
3626 - ICMP PATH MTU denial of service (icmp.rules)



-------------------------------------------------------
This SF.Net email is sponsored by: New Crystal Reports XI.
Version 11 adds new functionality designed to reduce time involved in
creating, integrating, and deploying reporting solutions. Free runtime info,
new features, or free trial, at: http://www.businessobjects.com/devxi/728
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] VRT Certified Rules Update, Matthew Watchinski
Next by Thread:  [Snort-sigs] DNS Cache Poisoning, Jaramillo, Paul D [CC]
Indexes:  [Date] [Thread] [Top] [All Lists]