This SRU number: 2014-10-16-001
Previous SRU number: 2014-10-15-001
Applies to:
This SEU number: 1189
Previous SEU: 1188
Applies to:
This is the complete list of rules modified in SRU 2014-10-16-001 and SEU 1189.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 3686 | BROWSER-IE | Microsoft Internet Explorer Content Advisor memory corruption attempt | off | off | off |
| 1 | 16356 | SERVER-IIS | multiple extension code execution attempt | off | off | off |
| 1 | 21599 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21600 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21601 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21602 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21603 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21604 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21605 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 21606 | SERVER-IIS | Microsoft Windows IIS 6 multiple executable extension access attempt | off | off | off |
| 1 | 24285 | MALWARE-CNC | Win.Trojan.Nomno variant outbound connection | off | alert | drop |
| 1 | 24379 | SERVER-IIS | Microsoft Windows IIS FastCGI request header buffer overflow attempt | off | off | off |
| 1 | 32173 | DELETED | BLACKLIST DNS request for known malware domain s2.symcb.com - Osx.Backdoor.iWorm | |||
| 1 | 32174 | DELETED | BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm | |||
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 1777 | PROTOCOL-FTP | EXPLOIT STAT asterisk dos attempt | off | off | off |