|
suricata-update list-enabled-sources
|
|
26/7/2018 -- 21:00:28 - <Info> -- Loading /etc/suricata/update.yaml
|
|
26/7/2018 -- 21:00:28 - <Info> -- Using data-directory /var/lib/suricata.
|
|
26/7/2018 -- 21:00:28 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
|
|
26/7/2018 -- 21:00:28 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
|
|
26/7/2018 -- 21:00:28 - <Info> -- Found Suricata version 4.0.4 at /usr/bin/suricata.
|
|
From /etc/suricata/update.yaml:
|
|
- https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz
|
|
- https://sslbl.abuse.ch/blacklist/sslblacklist.rules
|
|
- https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
Enabled sources:
|
|
- oisf/trafficid
|
|
- ptresearch/attackdetection
|
|
- et/open
|
|
|
|
**********************************************************
|
|
|
|
suricata-update
|
|
26/7/2018 -- 20:58:35 - <Info> -- Loading /etc/suricata/update.yaml
|
|
26/7/2018 -- 20:58:35 - <Info> -- Using data-directory /var/lib/suricata.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
|
|
26/7/2018 -- 20:58:35 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Found Suricata version 4.0.4 at /usr/bin/suricata.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Loading /etc/suricata/disable.conf.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Loading /etc/suricata/enable.conf.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Loading /etc/suricata/modify.conf.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Loading /etc/suricata/drop.conf.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Loading /etc/suricata/suricata.yaml
|
|
26/7/2018 -- 20:58:35 - <Info> -- Disabling rules with proto ntp
|
|
26/7/2018 -- 20:58:35 - <Info> -- Disabling rules with proto modbus
|
|
26/7/2018 -- 20:58:35 - <Info> -- Disabling rules with proto enip
|
|
26/7/2018 -- 20:58:35 - <Info> -- Disabling rules with proto dnp3
|
|
26/7/2018 -- 20:58:35 - <Info> -- Disabling rules with proto nfs
|
|
26/7/2018 -- 20:58:35 - <Info> -- Last download less than 15 minutes ago. Not downloading https://raw.githubusercontent.com/jasonish/suricata-trafficid/master/rules/traffic-id.rules.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Last download less than 15 minutes ago. Not downloading https://rules.emergingthreats.net/open/suricata-4.0.4/emerging.rules.tar.gz.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Last download less than 15 minutes ago. Not downloading https://sslbl.abuse.ch/blacklist/sslblacklist.rules.
|
|
26/7/2018 -- 20:58:35 - <Info> -- Last download less than 15 minutes ago. Not downloading https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=5202df15d4c9f81f35a33abc914687bcd933266f.
|
|
26/7/2018 -- 20:58:37 - <Info> -- Last download less than 15 minutes ago. Not downloading https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz.
|
|
26/7/2018 -- 20:58:37 - <Info> -- Ignoring file rules/emerging-deleted.rules
|
|
26/7/2018 -- 20:58:37 - <Info> -- Ignoring file rules/deleted.rules
|
|
26/7/2018 -- 20:58:42 - <Info> -- Loaded 60656 rules.
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20314] PROTOCOL-VOIP Via header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20314] PROTOCOL-VOIP Via header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11980] PROTOCOL-VOIP Attribute header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11980] PROTOCOL-VOIP Attribute header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20349] PROTOCOL-VOIP Subject header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20349] PROTOCOL-VOIP Subject header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19334] PROTOCOL-VOIP Content-Type header invalid format too many slashes
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19334] PROTOCOL-VOIP Content-Type header invalid format too many slashes
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12007] PROTOCOL-VOIP outbound 401 Unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12007] PROTOCOL-VOIP outbound 401 Unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20379] PROTOCOL-VOIP Date header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20379] PROTOCOL-VOIP Date header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19385] PROTOCOL-VOIP Media header description field overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19385] PROTOCOL-VOIP Media header description field overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20414] PROTOCOL-VOIP outbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20414] PROTOCOL-VOIP outbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:21150] PROTOCOL-VOIP Grandstream networks denial of service
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:21150] PROTOCOL-VOIP Grandstream networks denial of service
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:28993] PROTOCOL-VOIP Sipvicious User-Agent detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:28993] PROTOCOL-VOIP Sipvicious User-Agent detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12112] PROTOCOL-VOIP Sivus scanner detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12112] PROTOCOL-VOIP Sivus scanner detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:27899] PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:27899] PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20417] PROTOCOL-VOIP outbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20417] PROTOCOL-VOIP outbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11968] PROTOCOL-VOIP inbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11968] PROTOCOL-VOIP inbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12177] PROTOCOL-VOIP outbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12177] PROTOCOL-VOIP outbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20337] PROTOCOL-VOIP To header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20337] PROTOCOL-VOIP To header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20383] PROTOCOL-VOIP Time header contains negative value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20383] PROTOCOL-VOIP Time header contains negative value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19389] PROTOCOL-VOIP REGISTER flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19389] PROTOCOL-VOIP REGISTER flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20402] PROTOCOL-VOIP Response code 405 Method Not Allowed response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20402] PROTOCOL-VOIP Response code 405 Method Not Allowed response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: DC_SERVERS: [1:10002558] [PT OPEN] DCShadow Replication Attempt - DRSUAPI_REPLICA_ADD from non-DC
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: DC_SERVERS: [1:10002558] [PT OPEN] DCShadow Replication Attempt - DRSUAPI_REPLICA_ADD from non-DC
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:21103] PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:21103] PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:27903] PROTOCOL-VOIP Ghost call attack attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:27903] PROTOCOL-VOIP Ghost call attack attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20421] PROTOCOL-VOIP INVITE message Content-Length header size of zero
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20421] PROTOCOL-VOIP INVITE message Content-Length header size of zero
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20306] PROTOCOL-VOIP CSeq header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20306] PROTOCOL-VOIP CSeq header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11972] PROTOCOL-VOIP Max-Forwards value over 70
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11972] PROTOCOL-VOIP Max-Forwards value over 70
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12181] PROTOCOL-VOIP outbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12181] PROTOCOL-VOIP outbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20341] PROTOCOL-VOIP To header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20341] PROTOCOL-VOIP To header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20371] PROTOCOL-VOIP Contact header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20371] PROTOCOL-VOIP Contact header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20328] PROTOCOL-VOIP From header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20328] PROTOCOL-VOIP From header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19377] PROTOCOL-VOIP Origin invalid header
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19377] PROTOCOL-VOIP Origin invalid header
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20406] PROTOCOL-VOIP inbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20406] PROTOCOL-VOIP inbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20393] PROTOCOL-VOIP BYE flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20393] PROTOCOL-VOIP BYE flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20310] PROTOCOL-VOIP CSeq header multiple CSeq headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20310] PROTOCOL-VOIP CSeq header multiple CSeq headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12680] PROTOCOL-VOIP Via header hostname buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12680] PROTOCOL-VOIP Via header hostname buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11992] PROTOCOL-VOIP Content-Type header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11992] PROTOCOL-VOIP Content-Type header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20297] PROTOCOL-VOIP outbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20297] PROTOCOL-VOIP outbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12172] PROTOCOL-VOIP inbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12172] PROTOCOL-VOIP inbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20375] PROTOCOL-VOIP Contact header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20375] PROTOCOL-VOIP Contact header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20332] PROTOCOL-VOIP To header contains recursive URL-encoded data
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20332] PROTOCOL-VOIP To header contains recursive URL-encoded data
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19381] PROTOCOL-VOIP Session Name header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19381] PROTOCOL-VOIP Session Name header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:36734] PROTOCOL-VOIP javascript found in SIP headers attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:36734] PROTOCOL-VOIP javascript found in SIP headers attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32211] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32211] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20362] PROTOCOL-VOIP Call-ID header multiple Call-ID headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20362] PROTOCOL-VOIP Call-ID header multiple Call-ID headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:34023] PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20397] PROTOCOL-VOIP INVITE flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20397] PROTOCOL-VOIP INVITE flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11996] PROTOCOL-VOIP CSeq header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11996] PROTOCOL-VOIP CSeq header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20301] PROTOCOL-VOIP TEL URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20301] PROTOCOL-VOIP TEL URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:16351] PROTOCOL-VOIP CSeq buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:16351] PROTOCOL-VOIP CSeq buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20320] PROTOCOL-VOIP From header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20320] PROTOCOL-VOIP From header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19337] PROTOCOL-VOIP invalid SIP-Version field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19337] PROTOCOL-VOIP invalid SIP-Version field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32215] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32215] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20366] PROTOCOL-VOIP Contact header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20366] PROTOCOL-VOIP Contact header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30886] PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30886] PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20385] PROTOCOL-VOIP Version header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20385] PROTOCOL-VOIP Version header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:29441] PROTOCOL-VOIP CISCO Telepresence VCS SIP denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:29441] PROTOCOL-VOIP CISCO Telepresence VCS SIP denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11984] PROTOCOL-VOIP Time header contains long value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11984] PROTOCOL-VOIP Time header contains long value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45578] PROTOCOL-VOIP Mr.SIP options request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45578] PROTOCOL-VOIP Mr.SIP options request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11979] PROTOCOL-VOIP Media header port field invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11979] PROTOCOL-VOIP Media header port field invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:36735] PROTOCOL-VOIP javascript found in SIP headers attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:36735] PROTOCOL-VOIP javascript found in SIP headers attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20324] PROTOCOL-VOIP From header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20324] PROTOCOL-VOIP From header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20354] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20354] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30890] PROTOCOL-VOIP Content-Type media type overflow denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30890] PROTOCOL-VOIP Content-Type media type overflow denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20389] PROTOCOL-VOIP Attribute header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20389] PROTOCOL-VOIP Attribute header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30282] PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30282] PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:33445] PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:33445] PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11988] PROTOCOL-VOIP From header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11988] PROTOCOL-VOIP From header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20424] PROTOCOL-VOIP Sivus scanner detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20424] PROTOCOL-VOIP Sivus scanner detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:13590] PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:13590] PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45582] PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45582] PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11983] PROTOCOL-VOIP Time header contains negative value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11983] PROTOCOL-VOIP Time header contains negative value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20318] PROTOCOL-VOIP From header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20318] PROTOCOL-VOIP From header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20344] PROTOCOL-VOIP To header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20344] PROTOCOL-VOIP To header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12002] PROTOCOL-VOIP BYE flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12002] PROTOCOL-VOIP BYE flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: DC_SERVERS: [1:10002557] [PT OPEN] DCShadow Replication Attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: DC_SERVERS: [1:10002557] [PT OPEN] DCShadow Replication Attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20358] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20358] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19364] PROTOCOL-VOIP Time Stop header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19364] PROTOCOL-VOIP Time Stop header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20409] PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20409] PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20313] PROTOCOL-VOIP Via header missing SIP field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20313] PROTOCOL-VOIP Via header missing SIP field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11971] PROTOCOL-VOIP CSeq buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11971] PROTOCOL-VOIP CSeq buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20348] PROTOCOL-VOIP Subject header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20348] PROTOCOL-VOIP Subject header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19333] PROTOCOL-VOIP Content-Type header invalid format too many slashes
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19333] PROTOCOL-VOIP Content-Type header invalid format too many slashes
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12006] PROTOCOL-VOIP outbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12006] PROTOCOL-VOIP outbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20378] PROTOCOL-VOIP Date header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20378] PROTOCOL-VOIP Date header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19384] PROTOCOL-VOIP Session Name invalid header attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19384] PROTOCOL-VOIP Session Name invalid header attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20413] PROTOCOL-VOIP outbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20413] PROTOCOL-VOIP outbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20416] PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20416] PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20317] PROTOCOL-VOIP Via header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20317] PROTOCOL-VOIP Via header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:27904] PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:27904] PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11975] PROTOCOL-VOIP Via header missing SIP field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11975] PROTOCOL-VOIP Via header missing SIP field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12176] PROTOCOL-VOIP inbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12176] PROTOCOL-VOIP inbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20336] PROTOCOL-VOIP To header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20336] PROTOCOL-VOIP To header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12171] PROTOCOL-VOIP outbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12171] PROTOCOL-VOIP outbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20382] PROTOCOL-VOIP Media header port field invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20382] PROTOCOL-VOIP Media header port field invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20331] PROTOCOL-VOIP From header multiple From headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20331] PROTOCOL-VOIP From header multiple From headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19388] PROTOCOL-VOIP Media header description field format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19388] PROTOCOL-VOIP Media header description field format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20401] PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20401] PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:21102] PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:21102] PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:27902] PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:27902] PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20420] PROTOCOL-VOIP INVITE message invalid IP address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20420] PROTOCOL-VOIP INVITE message invalid IP address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20305] PROTOCOL-VOIP CSeq header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20305] PROTOCOL-VOIP CSeq header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12683] PROTOCOL-VOIP From header field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12683] PROTOCOL-VOIP From header field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11995] PROTOCOL-VOIP Content-Type header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11995] PROTOCOL-VOIP Content-Type header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12180] PROTOCOL-VOIP inbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12180] PROTOCOL-VOIP inbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20340] PROTOCOL-VOIP To header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20340] PROTOCOL-VOIP To header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12175] PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12175] PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20370] PROTOCOL-VOIP Contact header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20370] PROTOCOL-VOIP Contact header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20335] PROTOCOL-VOIP To header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20335] PROTOCOL-VOIP To header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19376] PROTOCOL-VOIP Origin header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19376] PROTOCOL-VOIP Origin header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20405] PROTOCOL-VOIP inbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20405] PROTOCOL-VOIP inbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20670] PROTOCOL-VOIP Digium Asterisk data length field overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20392] PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20392] PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20309] PROTOCOL-VOIP CSeq header multiple CSeq headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20309] PROTOCOL-VOIP CSeq header multiple CSeq headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11999] PROTOCOL-VOIP Via header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11999] PROTOCOL-VOIP Via header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20296] PROTOCOL-VOIP inbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20296] PROTOCOL-VOIP inbound INVITE message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32207] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32207] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20374] PROTOCOL-VOIP Contact header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20374] PROTOCOL-VOIP Contact header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20323] PROTOCOL-VOIP From header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20323] PROTOCOL-VOIP From header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19380] PROTOCOL-VOIP Session Name header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19380] PROTOCOL-VOIP Session Name header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:36733] PROTOCOL-VOIP javascript found in SIP headers attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:36733] PROTOCOL-VOIP javascript found in SIP headers attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32210] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32210] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20361] PROTOCOL-VOIP Call-ID header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20361] PROTOCOL-VOIP Call-ID header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19375] PROTOCOL-VOIP Origin header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19375] PROTOCOL-VOIP Origin header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30885] PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30885] PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:34022] PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:34022] PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20396] PROTOCOL-VOIP INVITE flood attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20396] PROTOCOL-VOIP INVITE flood attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11987] PROTOCOL-VOIP Via header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11987] PROTOCOL-VOIP Via header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20300] PROTOCOL-VOIP SIP URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20300] PROTOCOL-VOIP SIP URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12167] PROTOCOL-VOIP SIP URI multiple at signs in message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12167] PROTOCOL-VOIP SIP URI multiple at signs in message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20327] PROTOCOL-VOIP From header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20327] PROTOCOL-VOIP From header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19336] PROTOCOL-VOIP Content-Type header invalid format missing slash
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19336] PROTOCOL-VOIP Content-Type header invalid format missing slash
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32214] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32214] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20365] PROTOCOL-VOIP Contact header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20365] PROTOCOL-VOIP Contact header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30889] PROTOCOL-VOIP Content-Type media type overflow denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30889] PROTOCOL-VOIP Content-Type media type overflow denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20384] PROTOCOL-VOIP Time header contains long value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20384] PROTOCOL-VOIP Time header contains long value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12074] PROTOCOL-VOIP outbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12074] PROTOCOL-VOIP outbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11991] PROTOCOL-VOIP CSeq header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11991] PROTOCOL-VOIP CSeq header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20427] PROTOCOL-VOIP OpenSBC VIA header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20427] PROTOCOL-VOIP OpenSBC VIA header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45577] PROTOCOL-VOIP Mr.SIP invite request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45577] PROTOCOL-VOIP Mr.SIP invite request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19302] PROTOCOL-VOIP Max-Forwards header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19302] PROTOCOL-VOIP Max-Forwards header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20347] PROTOCOL-VOIP To header multiple To headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20347] PROTOCOL-VOIP To header multiple To headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20353] PROTOCOL-VOIP Expires header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20353] PROTOCOL-VOIP Expires header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:45464] PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20388] PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20388] PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12359] PROTOCOL-VOIP Digium Asterisk data length field overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:13589] PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:13589] PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45581] PROTOCOL-VOIP Mr.SIP options request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45581] PROTOCOL-VOIP Mr.SIP options request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11982] PROTOCOL-VOIP To header contains recursive URL-encoded data
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11982] PROTOCOL-VOIP To header contains recursive URL-encoded data
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20351] PROTOCOL-VOIP Subject header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20351] PROTOCOL-VOIP Subject header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12001] PROTOCOL-VOIP Version header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12001] PROTOCOL-VOIP Version header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20357] PROTOCOL-VOIP Call-ID header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20357] PROTOCOL-VOIP Call-ID header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:26426] PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:26426] PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19387] PROTOCOL-VOIP Media header description field format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19387] PROTOCOL-VOIP Media header description field format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20408] PROTOCOL-VOIP inbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20408] PROTOCOL-VOIP inbound 415 Unsupported Media Type message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: DC_SERVERS: [1:10002559] [PT OPEN] DCShadow: Fake DC Creation
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: DC_SERVERS: [1:10002559] [PT OPEN] DCShadow: Fake DC Creation
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:32042] OS-OTHER Bash environment variable injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:32042] OS-OTHER Bash environment variable injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20419] PROTOCOL-VOIP outbound 401 Unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20419] PROTOCOL-VOIP outbound 401 Unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20312] PROTOCOL-VOIP Max-Forwards header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20312] PROTOCOL-VOIP Max-Forwards header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11970] PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11970] PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12179] PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12179] PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20339] PROTOCOL-VOIP To header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20339] PROTOCOL-VOIP To header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12005] PROTOCOL-VOIP Connection header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12005] PROTOCOL-VOIP Connection header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20377] PROTOCOL-VOIP Content-Type header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20377] PROTOCOL-VOIP Content-Type header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20412] PROTOCOL-VOIP outbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20412] PROTOCOL-VOIP outbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20423] PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20423] PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20316] PROTOCOL-VOIP Via header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20316] PROTOCOL-VOIP Via header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20343] PROTOCOL-VOIP To header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20343] PROTOCOL-VOIP To header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12170] PROTOCOL-VOIP inbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12170] PROTOCOL-VOIP inbound 408 Request Timeout message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20381] PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20381] PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20330] PROTOCOL-VOIP From header multiple From headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20330] PROTOCOL-VOIP From header multiple From headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19379] PROTOCOL-VOIP Session Name header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19379] PROTOCOL-VOIP Session Name header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20400] PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20400] PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20395] PROTOCOL-VOIP REGISTER flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20395] PROTOCOL-VOIP REGISTER flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:21101] PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:21101] PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:27901] PROTOCOL-VOIP Ghost call attack attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:27901] PROTOCOL-VOIP Ghost call attack attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20304] PROTOCOL-VOIP SIP URI possible format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20304] PROTOCOL-VOIP SIP URI possible format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12682] PROTOCOL-VOIP From header field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12682] PROTOCOL-VOIP From header field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11994] PROTOCOL-VOIP Contact header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11994] PROTOCOL-VOIP Contact header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20299] PROTOCOL-VOIP Invalid request spaces at end of request line attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20299] PROTOCOL-VOIP Invalid request spaces at end of request line attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:33870] PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:33870] PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12174] PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12174] PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20334] PROTOCOL-VOIP To header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20334] PROTOCOL-VOIP To header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19383] PROTOCOL-VOIP Session Name invalid header attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19383] PROTOCOL-VOIP Session Name invalid header attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32209] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32209] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20404] PROTOCOL-VOIP inbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20404] PROTOCOL-VOIP inbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20399] PROTOCOL-VOIP Response code 420 Bad Extension response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20399] PROTOCOL-VOIP Response code 420 Bad Extension response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20308] PROTOCOL-VOIP CSeq header method mismatch attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20308] PROTOCOL-VOIP CSeq header method mismatch attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11998] PROTOCOL-VOIP To header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11998] PROTOCOL-VOIP To header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20303] PROTOCOL-VOIP SIP URI possible format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20303] PROTOCOL-VOIP SIP URI possible format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20373] PROTOCOL-VOIP Contact header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20373] PROTOCOL-VOIP Contact header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32213] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32213] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20360] PROTOCOL-VOIP Call-ID header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20360] PROTOCOL-VOIP Call-ID header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19374] PROTOCOL-VOIP Origin header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19374] PROTOCOL-VOIP Origin header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30884] PROTOCOL-VOIP Cisco MXP Telepresence gssapi-data unauthenticated denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30884] PROTOCOL-VOIP Cisco MXP Telepresence gssapi-data unauthenticated denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:39797] PROTOCOL-VOIP Cisco Unified Communications Manager null pointer dereference attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20387] PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20387] PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11986] PROTOCOL-VOIP Authorization header invalid characters in response parameter
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11986] PROTOCOL-VOIP Authorization header invalid characters in response parameter
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:45770] POLICY-OTHER Polycom VoIP config download attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:14609] PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:14609] PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20326] PROTOCOL-VOIP From header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20326] PROTOCOL-VOIP From header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20364] PROTOCOL-VOIP Contact header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20364] PROTOCOL-VOIP Contact header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20391] PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20391] PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12073] PROTOCOL-VOIP inbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12073] PROTOCOL-VOIP inbound 100 Trying message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19410] PROTOCOL-VOIP INVITE message URI contains global broadcast address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19410] PROTOCOL-VOIP INVITE message URI contains global broadcast address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:13693] PROTOCOL-VOIP Attribute header rtpmap field invalid payload type
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:13693] PROTOCOL-VOIP Attribute header rtpmap field invalid payload type
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11990] PROTOCOL-VOIP Contact header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11990] PROTOCOL-VOIP Contact header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20426] PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20426] PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11977] PROTOCOL-VOIP TEL URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11977] PROTOCOL-VOIP TEL URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19301] PROTOCOL-VOIP Expires header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19301] PROTOCOL-VOIP Expires header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20346] PROTOCOL-VOIP To header multiple To headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20346] PROTOCOL-VOIP To header multiple To headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20352] PROTOCOL-VOIP Expires header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20352] PROTOCOL-VOIP Expires header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20411] PROTOCOL-VOIP inbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20411] PROTOCOL-VOIP inbound 404 Not Found
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20315] PROTOCOL-VOIP Via header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20315] PROTOCOL-VOIP Via header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45580] PROTOCOL-VOIP Mr.SIP invite request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45580] PROTOCOL-VOIP Mr.SIP invite request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11981] PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11981] PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20350] PROTOCOL-VOIP Subject header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20350] PROTOCOL-VOIP Subject header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19335] PROTOCOL-VOIP Content-Type header invalid format missing slash
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19335] PROTOCOL-VOIP Content-Type header invalid format missing slash
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12000] PROTOCOL-VOIP INVITE message invalid IP address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12000] PROTOCOL-VOIP INVITE message invalid IP address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20356] PROTOCOL-VOIP Call-ID header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20356] PROTOCOL-VOIP Call-ID header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:26425] PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:26425] PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19386] PROTOCOL-VOIP Media header description field overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19386] PROTOCOL-VOIP Media header description field overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20415] PROTOCOL-VOIP outbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20415] PROTOCOL-VOIP outbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:21669] PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:21669] PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:28165] PROTOCOL-VOIP attempted DOS detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:28165] PROTOCOL-VOIP attempted DOS detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12113] PROTOCOL-VOIP SIP URI overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12113] PROTOCOL-VOIP SIP URI overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:32041] OS-OTHER Bash environment variable injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:32041] OS-OTHER Bash environment variable injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20418] PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20418] PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20319] PROTOCOL-VOIP From header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20319] PROTOCOL-VOIP From header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11969] PROTOCOL-VOIP inbound 401 unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11969] PROTOCOL-VOIP inbound 401 unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12178] PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12178] PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20338] PROTOCOL-VOIP To header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20338] PROTOCOL-VOIP To header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12004] PROTOCOL-VOIP INVITE message Content-Length header size of zero
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12004] PROTOCOL-VOIP INVITE message Content-Length header size of zero
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20376] PROTOCOL-VOIP Content-Type header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20376] PROTOCOL-VOIP Content-Type header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20403] PROTOCOL-VOIP Response code 405 Method Not Allowed response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20403] PROTOCOL-VOIP Response code 405 Method Not Allowed response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20422] PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20422] PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:36246] PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:36246] PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20307] PROTOCOL-VOIP CSeq header method mismatch attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20307] PROTOCOL-VOIP CSeq header method mismatch attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11973] PROTOCOL-VOIP Via header hostname buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11973] PROTOCOL-VOIP Via header hostname buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20342] PROTOCOL-VOIP To header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20342] PROTOCOL-VOIP To header invalid seperators
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:33869] PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:33869] PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20380] PROTOCOL-VOIP Authorization header invalid characters in response parameter
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20380] PROTOCOL-VOIP Authorization header invalid characters in response parameter
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20329] PROTOCOL-VOIP From header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20329] PROTOCOL-VOIP From header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19378] PROTOCOL-VOIP Origin invalid header
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19378] PROTOCOL-VOIP Origin invalid header
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20407] PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20407] PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20394] PROTOCOL-VOIP CANCEL flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20394] PROTOCOL-VOIP CANCEL flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:27900] PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:27900] PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:13664] PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:13664] PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20311] PROTOCOL-VOIP Max-Forwards value over 70
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20311] PROTOCOL-VOIP Max-Forwards value over 70
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12681] PROTOCOL-VOIP SIP URI overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12681] PROTOCOL-VOIP SIP URI overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11993] PROTOCOL-VOIP Call-ID header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11993] PROTOCOL-VOIP Call-ID header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20298] PROTOCOL-VOIP Invalid request spaces at end of request line attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20298] PROTOCOL-VOIP Invalid request spaces at end of request line attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:12173] PROTOCOL-VOIP outbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:12173] PROTOCOL-VOIP outbound 501 Not Implemented message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:42293] PROTOCOL-VOIP Cisco Unified Communications Manager SIP NOTIFY denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20333] PROTOCOL-VOIP To header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20333] PROTOCOL-VOIP To header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19382] PROTOCOL-VOIP Session Name header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19382] PROTOCOL-VOIP Session Name header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32208] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32208] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20363] PROTOCOL-VOIP Call-ID header multiple Call-ID headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20363] PROTOCOL-VOIP Call-ID header multiple Call-ID headers
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source address var and will be disabled: SIP_SERVERS: # [1:20398] PROTOCOL-VOIP Response code 420 Bad Extension response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown source port var and will be disabled: SIP_PORTS: # [1:20398] PROTOCOL-VOIP Response code 420 Bad Extension response flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11997] PROTOCOL-VOIP From header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11997] PROTOCOL-VOIP From header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20302] PROTOCOL-VOIP SIP URI multiple at signs in message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20302] PROTOCOL-VOIP SIP URI multiple at signs in message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20372] PROTOCOL-VOIP Contact header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20372] PROTOCOL-VOIP Contact header unquoted tokens in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20321] PROTOCOL-VOIP From header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20321] PROTOCOL-VOIP From header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19338] PROTOCOL-VOIP invalid SIP-Version field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19338] PROTOCOL-VOIP invalid SIP-Version field
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32212] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32212] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20367] PROTOCOL-VOIP Contact header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20367] PROTOCOL-VOIP Contact header XSS injection attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19373] PROTOCOL-VOIP Origin header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19373] PROTOCOL-VOIP Origin header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:39796] PROTOCOL-VOIP Cisco Unified Communications Manager null pointer dereference attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20386] PROTOCOL-VOIP Connection header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20386] PROTOCOL-VOIP Connection header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: DC_SERVERS: [1:10002228] [PT OPEN] Overpass the hash. Encryption downgrade activity to ARCFOUR-HMAC-MD5
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45584] PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45584] PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11985] PROTOCOL-VOIP Expires header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11985] PROTOCOL-VOIP Expires header overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45579] PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45579] PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:14608] PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:14608] PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20325] PROTOCOL-VOIP From header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20325] PROTOCOL-VOIP From header whitespace in field attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:32216] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:32216] PROTOCOL-VOIP missing media application format parameter denial-of-service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20355] PROTOCOL-VOIP Call-ID header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20355] PROTOCOL-VOIP Call-ID header invalid characters detected
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20390] PROTOCOL-VOIP Attribute header rtpmap field invalid payload type
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20390] PROTOCOL-VOIP Attribute header rtpmap field invalid payload type
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: [3:30283] PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:30283] PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19409] PROTOCOL-VOIP INVITE message URI contains global broadcast address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19409] PROTOCOL-VOIP INVITE message URI contains global broadcast address
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11989] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11989] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20425] PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20425] PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:45583] PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:45583] PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:11976] PROTOCOL-VOIP SIP URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:11976] PROTOCOL-VOIP SIP URI type overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20345] PROTOCOL-VOIP To header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20345] PROTOCOL-VOIP To header missing terminating quote
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:12003] PROTOCOL-VOIP CANCEL flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:12003] PROTOCOL-VOIP CANCEL flood
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20359] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20359] PROTOCOL-VOIP Call-ID header format string attempt
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:19365] PROTOCOL-VOIP Time Stop Header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:19365] PROTOCOL-VOIP Time Stop Header invalid value
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest address var and will be disabled: SIP_SERVERS: # [1:20410] PROTOCOL-VOIP inbound 401 unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: # [1:20410] PROTOCOL-VOIP inbound 401 unauthorized message
|
|
26/7/2018 -- 20:58:42 - <Warning> -- Rule has unknown dest port var and will be disabled: SIP_PORTS: [3:40638] PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt
|
|
26/7/2018 -- 20:58:42 - <Info> -- Disabled 0 rules.
|
|
26/7/2018 -- 20:58:42 - <Info> -- Enabled 0 rules.
|
|
26/7/2018 -- 20:58:42 - <Info> -- Modified 0 rules.
|
|
26/7/2018 -- 20:58:42 - <Info> -- Dropped 0 rules.
|
|
26/7/2018 -- 20:58:43 - <Info> -- Enabled 50 rules for flowbit dependencies.
|
|
26/7/2018 -- 20:58:43 - <Info> -- Backing up current rules.
|
|
26/7/2018 -- 20:58:48 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 60656; enabled: 32889; added: 386; removed 15; modified: 1313
|
|
26/7/2018 -- 20:58:49 - <Info> -- Testing with suricata -T.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"INTERNACIONAL"; depth:13; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32607; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 172
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_HOST_PROHIBITED"; sid:442; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 205
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_FILTERED_DISTRIBUTED_PORTSCAN"; sid: 24; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 446
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_UU_DECODING_FAILED"; sid: 7; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 567
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NO_SYN_ACK_RST"; sid:423; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 615
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_FILTERED_PORTSCAN"; sid: 5; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 851
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45820; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 1317
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_UNBOUNDED POST"; sid: 28; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 1367
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRH"; sid:140; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 1383
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "RPC_LARGE_FRAGSIZE"; sid: 3; gid: 106; rev: 1; metadata: rule-type preproc, service sunrpc, policy security-ips alert ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 1384
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_WINDOW_TOO_LARGE"; sid: 6; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 1569
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_BAD_MAJ_VERSION"; sid: 27; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 1616
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_RESERVED_MULTICAST"; sid:278; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 1813
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_THIS_NET"; sid:409; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 1958
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".jar"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.jar/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26892; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 2025
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FRAG_DIFF_OPNUM"; sid: 38; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 2027
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_UNKNOWN"; sid:108; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 2114
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download"; flow:to_client,established; content:"-2013.zip|0D 0A|"; fast_pattern:only; content:"-2013.zip|0D 0A|"; http_header; content:"-"; within:1; distance:-14; http_header; file_data; content:"-2013.exe"; content:"-"; within:1; distance:-14; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/2eff3ee6ac7f5bf85e4ebcbe51974d0708cef666581ef1385c628233614b22c0/analysis/; classtype:trojan-activity; sid:26470; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 2185
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_BAD_URP"; sid:419; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 2773
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_PORTSCAN"; sid: 1; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 3015
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win32/Autorun.JN variant outbound connection"; flow:to_server,established; dsize:142; urilen:8; content:"/u5.htm"; fast_pattern:only; http_uri; content:"//u5.htm"; http_raw_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.JN; reference:url,www.virustotal.com/en/file/36144738373c665d262bc007fceaeb9613e59ec29ea3d7424dd9f400af2c0f06/analysis/; classtype:trojan-activity; sid:26966; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 3414
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_CONTENT_LEN"; sid: 16; gid: 140; rev: 2; metadata: rule-type preproc ; reference:cve,2014-3360; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 3533
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog user-agent outbound communication attempt"; flow:to_server,established; file_data; content:"User-Agent"; nocase; http_header; content:"Rarog"; within:200; fast_pattern; nocase; http_header; pcre:"/User-Agent\s*:[^\r\n]*Rarog/iH"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46240; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 3800
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_LT_IPHDR"; sid:274; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 4007
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:8;)" from file /var/lib/suricata/rules/suricata.rules at line 4027
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_MULTIPLE_HOST_HDRS"; sid:24; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 4137
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_MULT_CHAIN_TC"; sid: 22; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 4161
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FRAG_LT_MAX_XMIT_FRAG"; sid: 34; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 4227
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_REASSEMBLY_BUFFER_CLEARED"; sid:4; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 4396
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,1,2,relative,bitmask 0x01
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba tree connect andx memory corruption attempt"; flow:to_server,established; content:"|FF|SMB|75|"; fast_pattern:only; content:"|04 75 00|"; byte_test:1,=,1,2,relative,bitmask 0x01; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-14746; classtype:attempted-user; sid:45255; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 4498
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_UNKNOWN_RESP"; sid: 2; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 4602
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLISRV_MSG_SIZE_EXCEPTION"; sid: 8; gid: 120; rev: 2; metadata: rule-type preproc ; classtype:unknown; reference:cve,2013-2028; )" from file /var/lib/suricata/rules/suricata.rules at line 4632
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_RESPONSE_LENGTH_OVERFLOW"; sid: 6; gid: 125; rev: 1; metadata: rule-type preproc, service ftp, policy security-ips drop ; classtype:attempted-user; reference:cve,2007-3161; reference:cve,2010-1465; reference:url,www.kb.cert.org/vuls/id/276653; )" from file /var/lib/suricata/rules/suricata.rules at line 4769
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_TYPE_OTHER"; sid:431; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 4967
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_TEARDROP"; sid: 2; gid: 123; rev: 1; metadata: rule-type preproc ; reference:cve,1999-0015; reference:bugtraq,124; classtype:attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 5027
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_FILTERED_PORTSCAN"; sid: 13; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 5205
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_ETHLLC"; sid:133; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 5267
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Email Addresses"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:20,email; classtype:sdf; sid:5; gid:138; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 5287
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_MISMATCH_METHOD"; sid: 25; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 5525
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_V1_INVALID_HEADER"; sid:164; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 5558
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_VERSION"; sid:162; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 5680
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_MAX_HEADERS"; sid: 20; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 5743
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Chewbacca outbound connection"; flow:to_server,established; urilen:4; dsize:<200; content:"/ip/"; depth:4; fast_pattern; http_uri; content:"Keep-Alive|3A 20|300|0D 0A|"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatpost.com/chewbacca-latest-malware-to-take-a-liking-to-tor/103220; reference:url,www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware; classtype:trojan-activity; sid:29440; rev:5;)" from file /var/lib/suricata/rules/suricata.rules at line 5881
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DOS_ATTEMPT"; sid:452; gid:116; rev:1; metadata:rule-type decode; reference:url,www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3; reference:cve,2006-0454; reference:bugtraq,16532; classtype:denial-of-service;)" from file /var/lib/suricata/rules/suricata.rules at line 5936
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_B64_DECODING_FAILED"; sid: 4; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 6311
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_QP_DECODING_FAILED"; sid: 5; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 6342
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET"; sid:255; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 6629
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,0x05,6,relative,bitmask 0x14
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba unsigned connections attempt"; flow:to_server, established; content:"|FF|SMB"; depth:4; offset:4; byte_test:1,=,0x05,6,relative,bitmask 0x14; content:"|00 00 00 00 00 00 00 00|"; within:8; distance:10; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-12150; reference:url,samba.org/samba/security/CVE-2017-12150.html; classtype:attempted-user; sid:45074; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 6673
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Helminth variant outbound connection"; flow:to_server,established; content:"UIET9fWR"; fast_pattern:only; content:"User-Agent: Mozilla/5.0"; http_header; content:"|20|Trident/5.0|0D 0A|"; within:14; distance:39; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/632be0a3d8d298f2ded928a4ac27846904ed842ad08b355acab53132d31eaf24/analysis/; classtype:trojan-activity; sid:39176; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 6939
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_HDR_TRUNC"; sid:427; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 7155
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt"; flow:to_server,established; content:"/gate.php"; fast_pattern:only; content:"pc="; nocase; http_client_body; content:"&admin="; distance:0; nocase; http_client_body; content:"&os="; distance:0; nocase; http_client_body; content:"&hid="; distance:0; nocase; http_client_body; content:"&arc="; distance:0; nocase; http_client_body; content:"User-Agent|3A 20|"; http_header; pcre:"/User-Agent\x3a\x20[A-F0-9]{32}\x0d\x0a/H"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38562; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 7306
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_PORTSCAN"; sid: 9; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 7396
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Injector variant outbound connection"; flow:to_server,established; urilen:9; content:"/load.exe HTTP/1.1|0D 0A|User-Agent: Mozilla/"; fast_pattern:only; content:"|3B 20|MSIE|20|"; http_header; content:")|0D 0A|Host: "; distance:0; http_header; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,urlquery.net/search.php?q=%5C%2Fload%5C.exe%24&type=regexp&start=2013-08-24&end=2013-11-22&max=400; reference:url,www.virustotal.com/en/file/032572ea1f34a060ecac98a8e2899dc0f2a41dff199e879050481ddd3818b4d0/analysis/; classtype:trojan-activity; sid:28807; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 7434
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Swisyn variant outbound connection"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|0A|User-Agent|3A 20|tiehttp"; fast_pattern; nocase; http_header; content:"Content-Disposition|3A 20|"; nocase; http_client_body; content:"form-data|3B| name=|22|filename|22|"; distance:0; nocase; http_client_body; content:"|0D 0A 0D 0A|"; within:4; http_client_body; pcre:"/^\d{0,10}_passes_\d{1,10}\.xm/iR"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/latest-report.html?resource=f9775d5fc61ec53a7cab4b432ec2d227; classtype:trojan-activity; sid:21760; rev:5;)" from file /var/lib/suricata/rules/suricata.rules at line 7543
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_UU_DECODING_FAILED"; sid: 13; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 7633
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_AUTH_INVITE_DIFF_SESSION"; sid: 21; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 7712
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_LARGE_CHUNK"; sid: 16; gid: 119; rev: 2; metadata: rule-type preproc, service http ; classtype:attempted-admin; reference:cve,2013-2028; )" from file /var/lib/suricata/rules/suricata.rules at line 7930
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_BAD_MIN_VERSION"; sid: 28; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 8124
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CL_BAD_PDU_TYPE"; sid: 41; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 8182
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_BAD_SEGMENT"; sid: 5; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 8310
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_AND_HOPBYHOP"; sid:282; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 8387
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "ARPSPOOF_ETHERFRAME_ARP_MISMATCH_DST"; sid: 3; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 8518
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_uri" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:49 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC Outbound malicious vbscript attempt"; flow:to_server,established; file_data; content:"/ilha/"; fast_pattern; nocase; http_uri; content:"logs.php"; within:9; distance:2; nocase; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; classtype:attempted-user; sid:46792; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 8525
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CL_DATA_LT_HDR"; sid: 42; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 8597
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_VER_MISMATCH"; sid:251; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 8833
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Bancos fake JPG encrypted config file download"; flow:to_server,established; content:".com.br|0D 0A 0D 0A|"; fast_pattern:only; content:"/imagens/"; depth:9; http_uri; content:".jpg"; distance:0; http_uri; pcre:"/\.jpg\x20HTTP\/1\.[01]\r\nUser\x2dAgent\x3a\x20[a-z]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\.br\r\n\r\n$/"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; classtype:trojan-activity; sid:26722; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 8890
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_DEPR_COMMAND_USED"; sid: 53; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 9003
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_U_ENCODE"; sid: 3; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 9231
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_SOURCE_QUENCH"; sid:439; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 9344
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_FILTERED_PORTSCAN"; sid: 21; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 9582
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_ETHLLC"; sid:141; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 9638
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_SECURECRT"; sid: 3; gid: 128; rev: 1; metadata: rule-type preproc, service ssh, policy security-ips drop ; reference:cve,2001-1466; reference:cve,2002-1059; classtype:attempted-admin;)" from file /var/lib/suricata/rules/suricata.rules at line 9756
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_MULTI_MSGS"; sid: 17; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 9878
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_BAD_TIMESTAMP"; sid: 4; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; reference:cve,2009-1925; )" from file /var/lib/suricata/rules/suricata.rules at line 10016
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&vs="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"v="; nocase; http_client_body; content:"&id="; distance:0; nocase; http_client_body; content:"&uid="; distance:0; nocase; http_client_body; content:"&vs="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36629; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 10088
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "ARPSPOOF_ETHERFRAME_ARP_MISMATCH_SRC"; sid: 2; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 10095
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_ANOMALY_BADSIZE_LG"; sid: 7; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 10186
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 10225
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 4786 (msg:"SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt"; flow:to_server,established; content:"|00 00 00|"; depth:3; content:"|00 00 00 07|"; within:4; distance:5; fast_pattern; content:"|00 00 00 01|"; within:4; distance:4; byte_math:bytes 4,offset 0,oper +,rvalue 8,result sub_len_plus_eight,relative; byte_test:4,!=,sub_len_plus_eight,-8,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2018-0171; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2; classtype:attempted-dos; sid:46468; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 10247
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_DIR_TRAV"; sid: 11; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; reference:cve,2001-0333; reference:cve,2002-1744; reference:cve,2008-5515; )" from file /var/lib/suricata/rules/suricata.rules at line 10516
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_SESSION_HIJACKED_CLIENT"; sid: 9; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:attempted-user; )" from file /var/lib/suricata/rules/suricata.rules at line 10739
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_FILTERED_DISTRIBUTED_PORTSCAN"; sid: 8; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 10924
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_BARE_BYTE"; sid: 4; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 11052
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_IPV6_ZERO_CHECKSUM"; sid:406; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 11135
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_MALFORMED_PARAMETER"; sid: 4; gid: 125; rev: 1; metadata: rule-type preproc, service ftp ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 11348
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_UNORDERED_EXTENSIONS"; sid:296; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 11397
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ICMPENUM"; sid:435; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 11549
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_INVALID_SHARE"; sid: 26; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 11594
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_GT_IPHDR"; sid:6; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 11694
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_PORTSWEEP"; sid: 3; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 11746
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_PORTSCAN"; sid: 17; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 11783
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_ANOMALY_BADSIZE_SM"; sid: 6; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 11935
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_UNKNOWN_CMD"; sid: 5; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 12009
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_VIA"; sid: 13; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 12083
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PPM_EVENT_RULE_TREE_DISABLED"; sid: 1; gid: 134; rev: 1; metadata: rule-type preproc ; classtype: not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 12275
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_BITENC_DECODING_FAILED"; sid: 12; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 12284
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_EXCESS_EXT_HDR"; sid:456; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 12505
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "BO_SNORT_BUFFER_ATTACK"; sid: 4; gid: 105; rev: 1; metadata: rule-type preproc, policy balanced-ips drop, policy security-ips drop ; classtype:trojan-activity; reference:cve,2005-3252; )" from file /var/lib/suricata/rules/suricata.rules at line 12532
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_UTF_NORM_FAIL"; sid: 4; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 12643
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45819; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 12655
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_IIS_UNICODE"; sid: 7; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; reference:cve,2009-1535; )" from file /var/lib/suricata/rules/suricata.rules at line 12772
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_4WAY_HANDSHAKE"; sid: 13; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 12922
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_MULTICAST"; sid:410; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 13031
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_PPPOE"; sid:120; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 13055
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_PIPELINE_MAX "; sid: 34; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 13114
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_IS_NOT"; sid:271; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 13163
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_HDR_TRUNC"; sid:426; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 13214
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_DOS_NAPTHA"; sid: 402; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-dos; reference:bugtraq,2022; reference:cve,2000-1039; reference:nessus,275; reference:url,razor.bindview.com/publish/advisories/adv_NAPTHA.html; reference:url,www.cert.org/advisories/CA-2000-21.html; reference:url,www.microsoft.com/technet/security/bulletin/MS00-091.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 13310
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_DECOY_PORTSCAN"; sid: 18; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 13318
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".exe"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.exe/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26891; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 13372
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_PORT_ZERO"; sid:447; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 13721
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_INVALID_HEADER_LEN"; sid:2; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 13869
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_FIN"; sid:420; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 14122
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_COMMAND_OVERFLOW"; sid: 1; gid: 124; rev: 1; metadata: rule-type preproc, service smtp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2001-0260; reference:cve,2005-0560; reference:url,www.microsoft.com/technet/security/bulletin/ms05-021.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 14174
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNS_EVENT_OBSOLETE_TYPES"; sid: 1; gid: 131; rev: 1; metadata: rule-type preproc, service dns ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 14242
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_FROM"; sid: 9; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 14258
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_FILTERED_DECOY_PORTSCAN"; sid: 6; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 14361
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_SHORT_FRAG"; sid: 3; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 14369
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_client_body" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Unix.Trojan.Erebus variant outbound connection"; flow:to_server,established; file_data; urilen:1; content:"h="; depth:2; http_client_body; content:"&v="; within:3; distance:8; http_client_body; content:"&k="; within:3; distance:3; fast_pattern; http_client_body; content:"Expect|3A| 100-continue|0D 0A 0D 0A|"; http_header; content:!"User-Agent"; http_header; metadata:impact_flag red, policy balanced-ips alert, policy security-ips alert, service http; reference:url,virustotal.com/en/file/0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f/analysis/; classtype:trojan-activity; sid:43351; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 14712
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LT_UDPHDR"; sid:95; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 14819
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_CHAIN_TC_TDIS"; sid: 24; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 15010
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_SYN_ON_EST"; sid: 1; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 15092
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_ENCRYPTED"; sid: 7; gid: 125; rev: 1; metadata: rule-type preproc, service ftp ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 15386
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_TOO_BIG_BAD_MTU"; sid:285; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 15388
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSL_INVALID_SERVER_HELLO"; sid: 2; gid: 137; rev: 2; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 15417
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_SHORT_PACKET"; sid:97; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 15649
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_DROPPED_SEGMENT"; sid:3; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 15742
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_NET_PROHIBITED"; sid:443; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 15908
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_ICMP_PORTSWEEP"; sid: 25; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 16147
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_B64_DECODING_FAILED"; sid: 4; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 16270
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_CALL_ID"; sid: 5; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 16452
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_DECOY_PORTSCAN"; sid: 2; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 16551
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_stat_code" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response"; flow:to_client,established; file_data; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:">404 Not Found<"; fast_pattern:only; content:" requested URL / was not found "; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38563; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 16783
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN3_DGRAM_LT_HDR_STR"; sid:464; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 16871
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_UNKNOWN_METHOD"; sid: 31; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 17086
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_TYPE"; sid:279; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 17534
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_PARAMETER_LENGTH_OVERFLOW"; sid: 3; gid: 125; rev: 1; metadata: rule-type preproc, service ftp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2004-0286; reference:url,www.kb.cert.org/vuls/id/276653; reference:cve,1999-0368; reference:bugtraq,113; reference:bugtraq,2242; reference:cve,2006-5815; reference:bugtraq,20992; )" from file /var/lib/suricata/rules/suricata.rules at line 17576
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNS_EVENT_RDATA_OVERFLOW"; sid: 3; gid: 131; rev: 1; metadata: rule-type preproc, service dns, policy security-ips drop ; classtype:attempted-admin; reference:cve,2006-3441; reference:url,www.microsoft.com/technet/security/bulletin/ms06-041.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 17689
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FRAG_DIFF_CALL_ID"; sid: 37; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 17751
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ARP_TRUNCATED"; sid:109; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 17833
|
|
26/7/2018 -- 20:58:50 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_INVALID_CMD"; sid: 2; gid: 125; rev: 1; metadata: rule-type preproc, service ftp ; classtype:bad-unknown; reference:cve,2010-4221; )" from file /var/lib/suricata/rules/suricata.rules at line 17885
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_WINDOW_SLAM"; sid: 19; gid: 129; rev: 2; metadata: rule-type preproc ; classtype:bad-unknown; reference:cve,2013-0075; )" from file /var/lib/suricata/rules/suricata.rules at line 18120
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_CODE"; sid:288; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 18146
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_DOUBLE_DECODE"; sid: 2; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; reference:cve,2009-1122; reference:url,www.microsoft.com/technet/security/bulletin/ms09-020.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 18306
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:139; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: www.ask.com|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28543; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 18313
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_NO_CONTLEN"; sid: 3; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 18547
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_MAX_SESSIONS"; sid: 1; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 18612
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TRUNCATED"; sid:55; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 18629
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA U.S. Phone Numbers"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:20,(\d{3}) ?\d{3}-\d{4}; classtype:sdf; sid:6; gid:138; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 18796
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_EVASIVE_FILE_ATTRS"; sid: 57; gid: 133; rev: 1; metadata: rule-type preproc, service netbios-ssn ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 18807
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_CONSECUTIVE_SMALL_CHUNK_SIZES"; sid: 27; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 19240
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_BCC"; sid: 6; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 19503
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ICMPHDR"; sid:105; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 19986
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "MODBUS_RESERVED_FUNCTION"; sid:3; gid: 144; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 20075
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_LABEL_STACK"; sid:176; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 20137
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/2.0/method/"; depth:12; nocase; http_uri; pcre:"/\/2\.0\/method\/(checkConnection|config|delay|error|get|info|setOnline|update)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46238; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 20188
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_MULTIPLE_ENCAPSULATION"; sid:293; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 20507
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ETH_HDR_TRUNC"; sid:424; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 20655
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_DECOY_PORTSCAN"; sid: 10; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 20895
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_OTHER"; sid:134; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 20954
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Credit Card Numbers"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:2,credit_card; classtype:sdf; sid:2; gid:138; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 20969
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_UNKOWN_METHOD"; sid: 26; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 21200
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_OVERSIZE_DIR"; sid: 15; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:bad-unknown; reference:cve,2007-0774; reference:bugtraq,22791; reference:cve,2010-3281; reference:bugtraq,43338; reference:cve,2011-5007; )" from file /var/lib/suricata/rules/suricata.rules at line 21270
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_HEADER"; sid:163; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 21363
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.WEC variant outbound connection"; flow:to_server,established; dsize:69; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0|0D 0A|Host: checkip.dyndns.org|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/164c792247b2822ab1dce8271a9498d3c9172ff21d36feccf83265ded1be8d0b/analysis/; classtype:trojan-activity; sid:29882; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 21547
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ISATAP_SPOOF"; sid:453; gid:116; rev:1; metadata:rule-type decode; reference:cve,2010-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS10-029.mspx; classtype:misc-attack; )" from file /var/lib/suricata/rules/suricata.rules at line 21615
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_NBSS_TYPE"; sid: 2; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 21676
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "RPC_INCOMPLETE_SEGMENT"; sid: 4; gid: 106; rev: 1; metadata: rule-type preproc, service sunrpc, policy security-ips alert ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 21844
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:287; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 21879
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_RESERVED"; sid:289; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 22687
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected"; flow:to_client,established; file_data; content:"content=|22|just something i made up for fun, check out my website at"; fast_pattern:only; content:"X-YouTube-Other-Cookies:"; nocase; http_header; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2012-0158; reference:url,www.virustotal.com/file/3bc13adad9b7b60354d83bc27a507864a2639b43ec835c45d8b7c565e81f1a8f/analysis/; classtype:trojan-activity; sid:27544; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 22716
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_HOST"; sid:436; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 22831
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_FORMAT"; sid: 7; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 22973
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_FILTERED_DECOY_PORTSCAN"; sid: 22; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 23063
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Agent.BHHK variant outbound connection"; flow:to_server,established; dsize:136; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 6.0)|0D 0A|Host: windowsupdate.microsoft.com|0D 0A|Connection: Close|0D 0A 0D 0A|"; fast_pattern:only; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/cab1fffe7a34b5bb7dab2cacd406cf15628d835ab63502d28df78c2faeaad366/analysis/1421677054/; classtype:trojan-activity; sid:33227; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 23117
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN"; sid:130; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23123
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_AUTH_ATTACK"; sid: 14; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23291
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_STATUS_CODE"; sid: 22; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23368
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected"; flow:to_server,established; file_data; content:"POST"; http_method; content:"|00 09 00 00|"; depth:5; offset:1; fast_pattern; content:!"|00|"; depth:1; byte_test:1,<=,2,0; flowbits:set,file.wmf; flowbits:noalert; metadata:service http; reference:url,en.wikipedia.org/wiki/.wmf; classtype:misc-activity; sid:43364; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 23407
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_SIMPLE_REQUEST"; sid: 32; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23418
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SDF_COMBO_ALERT"; sid: 1; gid: 139; rev: 1; metadata: rule-type preproc ; classtype:sdf; )" from file /var/lib/suricata/rules/suricata.rules at line 23514
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_RESERVEDLABEL"; sid:175; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 23522
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "GTP_EVENT_BAD_MSG_LEN"; sid: 1; gid: 143; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23769
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BCC_LT_DSIZE"; sid: 16; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 23775
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_UNASSIGNED_PROTO"; sid:449; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /var/lib/suricata/rules/suricata.rules at line 23776
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_BAD_ACK"; sid: 17; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23790
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "BO_SERVER_TRAFFIC_DETECT"; sid: 3; gid: 105; rev: 1; metadata: rule-type preproc, policy balanced-ips drop, policy security-ips drop ; classtype:trojan-activity; reference:cve,1999-0660;)" from file /var/lib/suricata/rules/suricata.rules at line 23806
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_DISTRIBUTED_PORTSCAN"; sid: 20; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 23977
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_NON_RFC_CHAR"; sid: 14; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 23986
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TWO_ROUTE_HEADERS"; sid:283; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 24035
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_REQUEST_URI"; sid: 2; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; reference:cve,2007-1306; )" from file /var/lib/suricata/rules/suricata.rules at line 24182
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_TELNET_SUBNEG_BEGIN_NO_END"; sid: 3; gid: 126; rev: 1; metadata: rule-type preproc, service telnet ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 24264
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt"; flow:to_server,established; content:"/sigstore.db?"; fast_pattern:only; content:"k="; http_uri; content:"?q="; distance:0; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update; classtype:trojan-activity; sid:45400; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 24564
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_DEPR_DIALECT_NEGOTIATED"; sid: 52; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 24659
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_CONSECUTIVE_SMALL_CHUNK_SIZES"; sid: 7; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 24673
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_UTF7"; sid: 5; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 25076
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_LARGE_OFFSET"; sid:47; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 25089
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_WSCALE_INVALID"; sid:59; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 25164
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_MISMATCH_CONTENT_LEN"; sid: 18; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 25552
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL0"; sid:171; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 25713
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_RESERVED"; sid:412; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 25869
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_ZERO"; sid:461; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 25983
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_UU_DECODING_FAILED"; sid: 7; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 26028
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_EXPERIMENT"; sid:58; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 26089
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_SELF_DIR_TRAV"; sid: 10; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 26199
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Koobface variant outbound connection"; flow:to_server,established; content:"GET"; http_method; content:"/cap/?a=get&i="; nocase; http_uri; pcre:"/\d+&/miR"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatexpert.com/report.aspx?md5=efbc47d5e8f3ed68a13968cda586d68d; classtype:trojan-activity; sid:16484; rev:9;)" from file /var/lib/suricata/rules/suricata.rules at line 26354
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_DATA_AFTER_RESET"; sid: 8; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 26415
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_UNESCAPED_SPACE_IN_URI"; sid:33; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 26610
|
|
26/7/2018 -- 20:58:51 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_LEN_OFFSET"; sid:407; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 26810
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__MEMCAP"; sid: 1; gid: 133; rev: 1; metadata: rule-type preproc ; classtype: attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 27057
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_MULTIPLE_ENCAPSULATION"; sid:297; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 27074
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_OPTION_SET"; sid:444; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 27221
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_DATA_AFTER_RST_RCVD"; sid: 18; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 27236
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_DGRAM_LT_GREHDR"; sid:160; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 27628
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_ILLEGAL_CMD"; sid: 6; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 27689
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_JS_OBFUSCATION_EXCD"; sid: 9; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 28147
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_NON_RFC_4443_CODE"; sid:457; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 28185
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_BOTH_TRUEIP_XFF_HDRS"; sid: 30; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 28257
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_UTF_8"; sid: 6; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; reference:cve,2008-2938; reference:cve,2009-1535; reference:url,www.microsoft.com/technet/security/bulletin/ms09-020.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 28392
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_SMALL_SEGMENT"; sid: 12; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 28610
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_INVALID_DSIZE"; sid: 17; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 28656
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_RESPOVERFLOW"; sid: 1; gid: 128; rev: 1; metadata: rule-type preproc, service ssh, policy security-ips drop ; reference:cve,2002-0639; reference:cve,2002-0640; classtype:attempted-admin;)" from file /var/lib/suricata/rules/suricata.rules at line 28751
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_SYN_TO_MULTICAST"; sid: 403; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 29006
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_BROADSCAN_SMURF_SCANNER"; sid:440; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 29413
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "RPC_ZERO_LENGTH_FRAGMENT"; sid: 5; gid: 106; rev: 1; metadata: rule-type preproc, service sunrpc, policy security-ips alert ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 29427
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_LT_IPHDR"; sid:3; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 29566
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_ICMP_PORTSWEEP_FILTERED"; sid: 26; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 29649
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS"; sid:170; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 29651
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_LOOPBACK"; sid:150; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 29704
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or flow:from_client with http.
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC ANDR.Trojan.FakeApp outbound connection"; flow:established, to_server; content:"/cp/server.php"; fast_pattern:only; http_uri; content:"Content-Type: multipart/form-data|3B| boundary=Aab03x"; http_header; content:"User-Agent: Dalvik"; http_header; file_data; content:"AaB03x"; content:"name=|22|phone"; distance:0; content:"name=|22|type"; distance:0; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,securityaffairs.co/wordpress/22465/cyber-crime/banking-trojan-hit-islamic-mobile.html; reference:url,www.virustotal.com/file/66911EE32FC4777BB9272F9BE9EB8970B39440768B612FBAB4AC01D8E23F9AA1/analysis/; classtype:trojan-activity; sid:29978; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 29745
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_UNKNOWN_CMD"; sid: 1; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 29765
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_RST"; sid:421; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 29812
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_DATA_HDR_OVERFLOW"; sid: 2; gid: 124; rev: 1; metadata: rule-type preproc, service smtp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2002-1337; reference:cve,2010-4344; )" from file /var/lib/suricata/rules/suricata.rules at line 29873
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_JS_EXCESS_WS"; sid: 10; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 29875
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_TO"; sid: 10; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 29954
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_LONG_HOSTNAME"; sid:25; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 29983
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_PORTSWEEP_FILTERED"; sid: 7; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 30061
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FLEN_LT_HDR"; sid: 30; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 30370
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_DSENT_GT_TDCNT"; sid: 15; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 30503
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45822; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 30526
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_BAD_PDU_TYPE"; sid: 29; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 30847
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_TELNET_AYT_OVERFLOW"; sid: 1; gid: 126; rev: 1; metadata: rule-type preproc, service telnet, policy security-ips drop ; classtype:attempted-admin; reference:cve,2001-0554; )" from file /var/lib/suricata/rules/suricata.rules at line 30854
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_MR_LEN"; sid:142; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 30914
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_IPOPTIONS"; sid: 1; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 31016
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_ZERO"; sid:276; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 31050
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSL_INVALID_CLIENT_HELLO"; sid: 1; gid: 137; rev: 2; metadata: rule-type preproc ; classtype:bad-unknown; reference:url,technet.microsoft.com/en-us/security/bulletin/ms04-011; reference:cve,2004-0120; reference:bugtraq,10115; )" from file /var/lib/suricata/rules/suricata.rules at line 31118
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_MULTICAST"; sid:415; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 31183
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LONG_PACKET"; sid:98; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 31329
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_DROPPED_FRAME"; sid:2; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 31425
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "RPC_FRAG_TRAFFIC"; sid: 1; gid: 106; rev: 1; metadata: rule-type preproc, service sunrpc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 31607
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "TAG_LOG_PKT"; sid: 1; gid: 2; rev: 1; metadata: rule-type preproc ; classtype:not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 31626
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_B64_DECODING_FAILED"; sid: 10; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 31932
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_QP_DECODING_FAILED"; sid: 5; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 31951
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_CSEQ_NUM"; sid: 6; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 32125
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_TCP_DISTRIBUTED_PORTSCAN"; sid: 4; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 32197
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flim exploit kit landing page"; flow:to_client,established; file_data; dsize:<400; content:"<html><body><script>"; content:"var"; within:3; distance:1; content:"document.createElement"; content:"iframe"; within:6; distance:2; content:".setAttribute("; distance:0; content:"document.body.appendChild("; distance:0; fast_pattern; pcre:"/var\s+(?P<variable>\w+)\=document\.createElement.*?\x3b(?P=variable)\.setAttribute.*?document\.body\.appendChild\x28(?P=variable)\x29/i"; metadata:policy balanced-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:26961; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 32206
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_TDCNT_LT_DSIZE"; sid: 14; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 32222
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_BROADCAST"; sid:414; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 32443
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_ANOMALY_ZERO"; sid: 5; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 32553
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_ZERO_TSYNS"; sid: 33; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 32580
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_CHAIN_OPEN_CLOSE"; sid: 25; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 33016
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_RESERVED"; sid:411; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 33363
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_ALTER_CHANGE_BYTE_ORDER"; sid: 36; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 33429
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPOL_TRUNCATED"; sid:110; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 33512
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_RESERVED_FUNCTION"; sid:6; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 33607
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_MAX_REQS_EXCEEDED"; sid: 50; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 33629
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_NB_LT_DSIZE"; sid: 13; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 33936
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:146; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: checkip.dyndns.org|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28542; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 34012
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_ZERO_HOP_LIMIT"; sid:429; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 34178
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_PORTSWEEP_FILTERED"; sid: 15; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 34417
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_WCT"; sid: 5; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 34485
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_EXCEEDS_SPACES"; sid:26; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos;reference:cve,2004-0942; )" from file /var/lib/suricata/rules/suricata.rules at line 34925
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "INTERNAL_EVENT_SESSION_ADD"; sid: 2; gid: 135; rev: 1; metadata: rule-type preproc ; classtype:tcp-connection; )" from file /var/lib/suricata/rules/suricata.rules at line 35009
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_CONTACT"; sid: 14; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 35079
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_server,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39309; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 35084
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_IPV6_BSD_ICMP_FRAG"; sid: 9; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2007-1365; )" from file /var/lib/suricata/rules/suricata.rules at line 35436
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_BITENC_DECODING_FAILED"; sid: 6; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 35495
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_ZERO_CTX_ITEMS"; sid: 32; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 35592
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP"; sid:252; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 35795
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_client,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39308; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 35884
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_WRONGDIR"; sid: 5; gid: 128; rev: 1; metadata: rule-type preproc, service ssh ; classtype:non-standard-protocol;)" from file /var/lib/suricata/rules/suricata.rules at line 35897
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_TYPE"; sid: 3; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 36087
|
|
26/7/2018 -- 20:58:52 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ESP_HEADER_TRUNC"; sid:294; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 36195
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt"; flow:to_server,established; dsize:214; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 6.0|3B| Windows NT 5.1|3B| SV1|3B| .NET4.0C|3B| .NET4.0E|3B| .NET CLR 2.0.50727|3B| .NET CLR 3.0.4506.2152|3B| .NET CLR 3.5.30729)|0D 0A|Host: ip-addr.es|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/; classtype:trojan-activity; sid:33449; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 36311
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_HDR_TRUNC"; sid:425; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 36335
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_UNKNOWN_CMD"; sid: 1; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 36343
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_PGM_NAK_OVERFLOW"; sid:454; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-052.mspx; reference:cve,2006-3442; reference:bugtraq,19922; classtype:attempted-admin; )" from file /var/lib/suricata/rules/suricata.rules at line 36568
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_PORTSWEEP"; sid: 11; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 36583
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'sd_pattern'.
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:2,us_social; classtype:sdf; sid:3; gid:138; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 36658
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_CRC32"; sid: 2; gid: 128; rev: 1; metadata: rule-type preproc, service ssh, policy security-ips drop ; reference:cve,2002-1024; reference:cve,2002-1547; reference:cve,2006-2971; reference:cve,2007-1051; reference:cve,2007-4654; classtype:attempted-admin;)" from file /var/lib/suricata/rules/suricata.rules at line 36757
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_MAX_DIALOGS_IN_A_SESSION"; sid: 27; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 36887
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL1"; sid:172; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 37050
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CHUNK_SIZE_MISMATCH"; sid: 22; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 37104
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_PAYLOAD_SIZE"; sid: 6; gid: 128; rev: 1; metadata: rule-type preproc, service ssh ; classtype:bad-unknown;)" from file /var/lib/suricata/rules/suricata.rules at line 37327
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_EXCESSIVE_TREE_CONNECTS"; sid: 18; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 37429
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_IIS_DELIMITER"; sid: 13; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 37512
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_LT_64"; sid:253; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 37514
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_MULTICAST_SCOPE"; sid:280; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 37562
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"BRASIL"; depth:6; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32608; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 37927
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 38039
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_INVALID_SETUP_COUNT"; sid: 55; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 38190
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_PARAMETER_STR_FORMAT"; sid: 5; gid: 125; rev: 1; metadata: rule-type preproc, service ftp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2000-0573; )" from file /var/lib/suricata/rules/suricata.rules at line 38345
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_REACHABLE"; sid:290; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 38398
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNS_EVENT_EXPERIMENTAL_TYPES"; sid: 2; gid: 131; rev: 1; metadata: rule-type preproc, service dns ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 38406
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_NET"; sid:437; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 38544
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TTCP"; sid:56; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 38691
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_PORTSWEEP_FILTERED"; sid: 23; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 38779
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_ETHLLC"; sid:131; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 38834
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "ARPSPOOF_UNICAST_ARP_REQUEST"; sid: 1; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 39001
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_VERSION"; sid: 7; gid: 128; rev: 1; metadata: rule-type preproc, service ssh ; classtype:non-standard-protocol;)" from file /var/lib/suricata/rules/suricata.rules at line 39058
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_CONTENT_TYPE"; sid: 23; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; reference:bugtraq,25300; )" from file /var/lib/suricata/rules/suricata.rules at line 39075
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_NB_LT_SMBHDR"; sid: 10; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 39101
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Expiro outbound connection"; flow:to_server,established; dsize:<200; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/"; http_header; content:"ompatible|3B| MSIE 31|3B| "; within:20; distance:6; fast_pattern; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/f5c716890a2a76785d53e8f9a5db2268501a30df807df4c4323967672efe452c/analysis/; classtype:trojan-activity; sid:31813; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 39152
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_WEBROOT_DIR"; sid: 18; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; reference:cve,2001-0333; reference:cve,2002-1744; reference:cve,2008-5515; reference:cve,2015-0666; )" from file /var/lib/suricata/rules/suricata.rules at line 39299
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_BAD_PROTO"; sid:450; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /var/lib/suricata/rules/suricata.rules at line 39488
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_BAD_FIN"; sid: 16; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 39505
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "BO_CLIENT_TRAFFIC_DETECT"; sid: 2; gid: 105; rev: 1; metadata: rule-type preproc, policy balanced-ips drop, policy security-ips drop ; classtype:trojan-activity; reference:cve,1999-0660; )" from file /var/lib/suricata/rules/suricata.rules at line 39519
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_IIS_BACKSLASH"; sid: 9; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 39710
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 39766
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_DATA_WITHOUT_FLAGS"; sid: 11; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 39923
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CL_BAD_MAJ_VERSION"; sid: 40; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 39971
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED_EXT"; sid:272; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 40076
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_DCNT_ZERO"; sid: 48; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 40158
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_INVALID_TRUEIP"; sid:23; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 40287
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_TTL"; sid: 404; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; reference:url,support.microsoft.com/kb/q138268; reference:url,tools.ietf.org/html/rfc1122; )" from file /var/lib/suricata/rules/suricata.rules at line 40312
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|127.0.0.1"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|127.0.0.1"; distance:0; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39543; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 40374
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_REQS_SAME_MID"; sid: 51; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 40376
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR"; sid:106; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 40671
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SHAFT_SYNFLOOD"; sid:433; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2000-0138; )" from file /var/lib/suricata/rules/suricata.rules at line 40727
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_BADLEN"; sid:4; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 40870
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_UDP_PORTSWEEP"; sid: 19; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 40957
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRHMR"; sid:143; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 41016
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_QP_DECODING_FAILED"; sid: 11; gid: 124; rev: 1; metadata: rule-type preproc, service smtp ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 41178
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_INVALID_CSEQ_NAME"; sid: 19; gid: 140; rev: 2; metadata: rule-type preproc ; classtype:bad-unknown; reference:cve,2006-3524; )" from file /var/lib/suricata/rules/suricata.rules at line 41255
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_MULTIPLE_NEGOTIATIONS"; sid: 56; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 41360
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_ANOMALY_OVERSIZE"; sid: 4; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 41625
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN_HDR_VERSION_MISMATCH_STR"; sid:462; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 41678
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_TDCNT_ZERO"; sid: 9; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 41734
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_NB_LT_COM"; sid: 11; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 42064
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DSTOPTS_WITH_ROUTING"; sid:292; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 42349
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_XMAS"; sid: 400; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /var/lib/suricata/rules/suricata.rules at line 42491
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PPM_EVENT_RULE_TREE_ENABLED"; sid: 2; gid: 134; rev: 1; metadata: rule-type preproc ; classtype: not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 42498
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_OFF"; sid: 8; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 42535
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_BAD_LEN_STR"; sid:298; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 42753
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_LARGE_PACKET"; sid:445; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 42902
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_UNKNOWN_RESP"; sid: 2; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 43270
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_HEADER_NAME_OVERFLOW"; sid: 7; gid: 124; rev: 1; metadata: rule-type preproc, service smtp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2004-0105; )" from file /var/lib/suricata/rules/suricata.rules at line 43381
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_CONTACT"; sid: 15; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 43462
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_DGRAM_LT_TCPHDR"; sid:45; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 43477
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Panskeg outbound connection"; flow:to_server,established; file_data; dsize:10; content:"|79 40 1F F2 03 3C 20 00 00 00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,virustotal.com/en/file/81c6fa11d46bf173932b067c32a852f048ba51873210c3e24ac367c95e799e42/analysis/; classtype:trojan-activity; sid:36610; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 44081
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_ASCII"; sid: 1; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; reference:cve,2009-1535; reference:url,www.microsoft.com/technet/security/bulletin/ms09-020.mspx; reference:url,docs.idsresearch.org/http_ids_evasions.pdf; )" from file /var/lib/suricata/rules/suricata.rules at line 44095
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_EXCESSIVE_READS"; sid: 19; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 44289
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_DATA_ON_CLOSED"; sid: 3; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 44303
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_EVASIVE_TELNET_CMD"; sid: 9; gid: 125; rev: 1; metadata: rule-type preproc, service ftp ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 44589
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_MIXED_ENCODINGS "; sid: 11; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 44767
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_ADMIN_PROHIBITED"; sid:441; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 45107
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "RPC_MULTIPLE_RECORD"; sid: 2; gid: 106; rev: 1; metadata: rule-type preproc, service sunrpc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 45122
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_GT_IPHDR"; sid:275; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 45261
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_OPEN_PORT"; sid: 27; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 45350
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_SAME_SRCDST"; sid:151; gid:116; rev:1; metadata:rule-type decode; reference:cve,1999-0016; reference:cve,2005-0688; reference:bugtraq,2666; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 45413
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_BITENC_DECODING_FAILED"; sid: 6; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 45477
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_RESPONSE_OVERFLOW"; sid: 3; gid: 124; rev: 1; metadata: rule-type preproc, service smtp, policy security-ips drop ; classtype:attempted-user; reference:cve,2002-1090; )" from file /var/lib/suricata/rules/suricata.rules at line 45584
|
|
26/7/2018 -- 20:58:53 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_INVALID_STATCODE"; sid: 2; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 45591
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_TO"; sid: 11; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 45661
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45821; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 46243
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_MULTIPLE_TRUEIP_IN_SESSION"; sid: 29; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 46300
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_EXCESSIVE_TCP_OVERLAPS"; sid: 7; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 46522
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_SRC_MULTICAST"; sid:277; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 46758
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_THIS_NET"; sid:408; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 46905
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:460; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 46941
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FRAG_DIFF_CTX_ID"; sid: 39; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 46965
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_BAD_CRC"; sid:1; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 47125
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "MODBUS_BAD_PROTO_ID"; sid:2; gid: 144; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 47126
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_LONG_HEADER"; sid: 19; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:bad-unknown; reference:cve,2009-4873; )" from file /var/lib/suricata/rules/suricata.rules at line 47198
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/4.0/method/"; depth:12; nocase; http_uri; pcre:"/\/4\.0\/method\/(check|cores|installSuccess|modules|threads|blacklist)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46239; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 47240
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "MODBUS_BAD_LENGTH"; sid:1; gid: 144; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 47377
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_TYPE_OTHER"; sid:418; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 47692
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Critroni outbound connection"; flow:to_server,established; dsize:174; urilen:1; content:"/"; http_uri; content:"Host|3A| ip.telize.com|0D 0A|Accept|3A| */*|0D 0A|User-Agent|3A| Mozilla/5.0 |28|Windows NT 6.1|3B| WOW64|29| AppleWebKit/537.36 |28|KHTML, like Gecko|29| Chrome/31.0.1650.63 Safari/537.36"; fast_pattern:only; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b3c92d7a9dead6011f3c99829c745c384dd776d88f57bbd60bc4f9d66641819b/analysis/; classtype:trojan-activity; sid:31718; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 47767
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_CSEQ_NAME"; sid: 7; gid: 140; rev: 2; metadata: rule-type preproc ; classtype:bad-unknown; reference:cve,2006-3524; )" from file /var/lib/suricata/rules/suricata.rules at line 47825
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR"; sid:165; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 48415
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "INTERNAL_EVENT_SYN_RECEIVED"; sid: 1; gid: 135; rev: 1; metadata: rule-type preproc ; classtype:tcp-connection; )" from file /var/lib/suricata/rules/suricata.rules at line 48554
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_PORT_ZERO"; sid:446; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 48831
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_RESERVED_FRAG_BIT"; sid:448; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 48871
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED"; sid:273; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 48950
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"MALWARE-CNC Win.Trojan.Androm variant outbound connection"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3B|MSIE 7.0|3B|Windows NT 6.0)"; fast_pattern:only; http_header; content:"/"; depth:1; offset:9; http_uri; content:"/"; within:1; distance:8; http_uri; content:"Host:"; http_header; content:":8080"; within:30; http_header; content:"POST"; http_method; dsize:<480; pcre:"/^\/[a-f0-9]{8}\/[a-f0-9]{8}\/$/iU"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/file/27c298c77e16bbc3f056653034c2d918418f877bb0193a9ca533b5527d830a94/analysis/; classtype:trojan-activity; sid:32770; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 48987
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FRAG_GT_MAX_XMIT_FRAG"; sid: 35; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 49163
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPKEY_TRUNCATED"; sid:111; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 49247
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DNP3_RESERVED_ADDRESS"; sid:5; gid:145; rev: 1; metadata: rule-type preproc; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 49334
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DF_OFFSET"; sid:430; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 49907
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_BAD_URI"; sid: 3; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 50048
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_DISTRIBUTED_PORTSCAN"; sid: 12; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 50155
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_MIN_TTL"; sid: 11; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 50184
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_OTHER"; sid:132; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 50217
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_MIN_TTL"; sid:428; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 50382
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL3"; sid:174; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 50446
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_INVALID_VERSION"; sid: 24; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 50459
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_BAD_CODE"; sid:286; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 50460
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_ANOMALY_OVLP"; sid: 8; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 50536
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_MULTIPLE_ENCAPSULATION"; sid:161; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 50623
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_MULTIPLE_CONTLEN"; sid: 21; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 50684
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_IPV6_BAD_FRAG_PKT"; sid: 10; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-admin; reference:cve,2007-1365; )" from file /var/lib/suricata/rules/suricata.rules at line 50770
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_DST_MULTICAST"; sid:432; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 50857
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SSH_EVENT_PROTOMISMATCH"; sid: 4; gid: 128; rev: 1; metadata: rule-type preproc, service ssh ; classtype:non-standard-protocol;)" from file /var/lib/suricata/rules/suricata.rules at line 50897
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_BAD_ID"; sid: 4; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 50956
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_TELNET_ENCRYPTED"; sid: 2; gid: 126; rev: 1; metadata: rule-type preproc, service telnet ; classtype:protocol-command-decode;)" from file /var/lib/suricata/rules/suricata.rules at line 51387
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_EXCESSIVE_OVERLAP"; sid: 12; gid: 123; rev: 1; metadata: rule-type preproc ; classtype:attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 51391
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ADDRHDR"; sid:107; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 51463
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_TELNET_CMD"; sid: 1; gid: 125; rev: 1; metadata: rule-type preproc, service ftp ; classtype:protocol-command-decode; reference:cve,2010-3867; reference:cve,2010-3972; reference:cve,2010-4221; reference:url,www.microsoft.com/technet/security/bulletin/MS11-004.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 51511
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_GT_576"; sid:254; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 51604
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_BAD_RST"; sid: 15; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 51745
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_FILTERED_DECOY_PORTSCAN"; sid: 14; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon;)" from file /var/lib/suricata/rules/suricata.rules at line 51906
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 51959
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_LEN"; sid:295; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 51968
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAP_TRUNCATED"; sid:112; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 52220
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_AUTH_INVITE_REPLAY_ATTACK"; sid: 20; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 52655
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "GTP_EVENT_OUT_OF_ORDER_IE"; sid: 3; gid: 143; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 52683
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL2"; sid:173; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 52806
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_PROXY_USE"; sid: 17; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 52867
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IGMP_OPTIONS_DOS"; sid:455; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-007.mspx; reference:cve,2006-0021; reference:bugtraq,16645; classtype:attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 53070
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_ANOM_SERVER_ALERT"; sid: 1; gid: 120; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 53185
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_MUST_ACK"; sid:422; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 53193
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET 1024:65535 (msg:"MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection"; flow:to_server,established; dsize:267<>276; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| U|3B| MSIE 9.0|3B| Windows NT 9.0|3B| en-US)|0D 0A|"; fast_pattern:only; http_header; urilen:159; pcre:"/\x2f[A-F0-9]{158}/U"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/file/c49f7dbc036ad0a86df02cbbde00cb3b3fbd651d82f6c9c5a98170644374f64f/analysis/; classtype:trojan-activity; sid:25675; rev:7;)" from file /var/lib/suricata/rules/suricata.rules at line 53207
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_APACHE_WS"; sid: 12; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 53278
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_MULT_CHAIN_SS"; sid: 21; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 53279
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_NEXT_HEADER"; sid:281; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 53328
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CL_BAD_SEQ_NUM"; sid: 43; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 53548
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FRAG3_TINY_FRAGMENT"; sid: 13; gid: 123; rev: 2; metadata: rule-type preproc ; reference:cve,2005-0209; classtype:attempted-dos; )" from file /var/lib/suricata/rules/suricata.rules at line 53644
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_TRUNCATED"; sid:250; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 53786
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_UNUSUAL_COMMAND_USED"; sid: 54; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 53967
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TUNNELED_IPV4_TRUNCATED"; sid:291; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2008-2136; reference:bugtraq,29235; )" from file /var/lib/suricata/rules/suricata.rules at line 54165
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_TRACEROUTE_IPOPTS"; sid:438; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 54305
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "GTP_EVENT_BAD_IE_LEN"; sid: 2; gid: 143; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 54410
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_OBSOLETE"; sid:57; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 54449
|
|
26/7/2018 -- 20:58:54 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_XLINK2STATE_OVERFLOW"; sid: 8; gid: 124; rev: 1; metadata: rule-type preproc, service smtp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2005-0560; reference:url,www.microsoft.com/technet/security/bulletin/ms05-021.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 54768
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_EXCESSIVE_CHAINING"; sid: 20; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 55014
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&syspath="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"&macid="; nocase; http_client_body; content:"&os1="; distance:0; nocase; http_client_body; content:"&os2="; distance:0; nocase; http_client_body; content:"&syspath="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36630; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 55058
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_CALL_ID"; sid: 4; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 55155
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PATH_MTU_DOS"; sid:451; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,13124; reference:cve,2004-1060; classtype:attempted-dos;)" from file /var/lib/suricata/rules/suricata.rules at line 55270
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "BO_TRAFFIC_DETECT"; sid: 1; gid: 105; rev: 1; metadata: rule-type preproc, policy balanced-ips drop, policy security-ips drop ; classtype:trojan-activity; reference:cve,1999-0660; )" from file /var/lib/suricata/rules/suricata.rules at line 55300
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_CLIENT_MULTI_SLASH"; sid: 8; gid: 119; rev: 1; metadata: rule-type preproc, service http ; classtype:not-suspicious; )" from file /var/lib/suricata/rules/suricata.rules at line 55492
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "INTERNAL_EVENT_SESSION_DEL"; sid: 3; gid: 135; rev: 1; metadata: rule-type preproc ; classtype:tcp-connection; )" from file /var/lib/suricata/rules/suricata.rules at line 55568
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_SESSION_HIJACKED_SERVER"; sid: 10; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:attempted-user; )" from file /var/lib/suricata/rules/suricata.rules at line 55704
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_CHAIN_SS_LOGOFF"; sid: 23; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 55759
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_NB_LT_BCC"; sid: 12; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 55819
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|localhost"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|localhost"; distance:0; nocase; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39540; rev:3;)" from file /var/lib/suricata/rules/suricata.rules at line 56029
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_FRAGBITS"; sid: 405; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 56100
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Bancos variant outbound connection"; flow:to_server,established; content:"Content-Length: 166"; content:".php HTTP/1.1|0D 0A|Accept: */*|0D 0A|Content-Type: application/x-www-form-urlencoded|0D 0A|User-Agent: Mozilla/5.0 (Windows NT 6.1|3B| Trident/7.0|3B| rv:11.0) like Gecko|0D 0A|Host: "; fast_pattern:only; content:"v="; depth:2; http_client_body; content:"&c="; within:7; http_client_body; pcre:"/\x3d\x3d$/P"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis; classtype:trojan-activity; sid:29895; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 56184
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "IMAP_MEMCAP_EXCEEDED"; sid: 3; gid: 141; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 56185
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PING_NMAP"; sid:434; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 56516
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_server,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45443; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 56532
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_TRUNCATED"; sid:5; gid:116; rev:1; metadata:rule-type decode; reference:cve,2005-0048; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:protocol-command-decode;)" from file /var/lib/suricata/rules/suricata.rules at line 56659
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_BROADCAST"; sid:416; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 56670
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "PSNG_IP_FILTERED_DISTRIBUTED_PORTSCAN"; sid: 16; gid: 122; rev: 1; metadata: rule-type preproc ; classtype:attempted-recon; )" from file /var/lib/suricata/rules/suricata.rules at line 56751
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SMTP_SPECIFIC_CMD_OVERFLOW"; sid: 4; gid: 124; rev: 1; metadata: rule-type preproc, service smtp, policy security-ips drop ; classtype:attempted-admin; reference:cve,2005-0560; reference:url,www.microsoft.com/technet/security/bulletin/ms05-021.mspx; )" from file /var/lib/suricata/rules/suricata.rules at line 56983
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_VIA"; sid: 12; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; reference:bugtraq,25446; )" from file /var/lib/suricata/rules/suricata.rules at line 57057
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_FRAG_PKT"; sid:458; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 57331
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN2_DGRAM_LT_HDR_STR"; sid:463; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 57481
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_NO_TIMESTAMP"; sid: 14; gid: 129; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 57906
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_MIN_TTL"; sid:270; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 58139
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NMAP_XMAS"; sid: 401; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /var/lib/suricata/rules/suricata.rules at line 58290
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET [25] (msg:"MALWARE-CNC Win.Trojan.Trochulis variant outbound connection"; flow:to_server,established; file_data; content:"|BF BF AF AF 7E 00 00 00|"; fast_pattern:only; dsize:8; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,www.virustotal.com/en/file/da6905d96cc860b443deb5f27271a2cfb2ce17f067a59ca7f0fd12c1d70c4372/analysis/; classtype:trojan-activity; sid:37370; rev:1;)" from file /var/lib/suricata/rules/suricata.rules at line 58373
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__SMB_DCNT_MISMATCH"; sid: 49; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 58606
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_client,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45444; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 58760
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "HI_SERVER_DECOMPR_FAILED"; sid: 6; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 58777
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_NOT_IPV4_DGRAM"; sid:1; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode;)" from file /var/lib/suricata/rules/suricata.rules at line 58867
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "FTPP_FTP_BOUNCE"; sid: 8; gid: 125; rev: 1; metadata: rule-type preproc, service ftp ; classtype:bad-unknown; reference:cve,1999-0017; reference:url,www.kb.cert.org/vuls/id/276653; )" from file /var/lib/suricata/rules/suricata.rules at line 58915
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_BADLEN"; sid:54; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,14811; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 59019
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "POP_MEMCAP_EXCEEDED"; sid: 3; gid: 142; rev: 1; metadata: rule-type preproc, service pop ; classtype:unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 59069
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "SIP_EVENT_EMPTY_FROM"; sid: 8; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 59243
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_INVALID_OFFSET"; sid:46; gid:116; rev:1; metadata:rule-type decode; reference:cve,2004-0816; classtype:bad-unknown; )" from file /var/lib/suricata/rules/suricata.rules at line 59257
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_LENGTH_FRAG"; sid:459; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 59658
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "STREAM5_DATA_ON_SYN"; sid: 2; gid: 129; rev: 1; metadata: rule-type preproc ; reference: cve,2009-1157; reference: bugtraq, 34429; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 60074
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg: "DCE2_EVENT__CO_FLEN_LT_SIZE"; sid: 31; gid: 133; rev: 1; metadata: rule-type preproc, service dcerpc ; classtype: bad-unknown; reference:url,msdn.microsoft.com/en-us/library/cc201989.aspx; )" from file /var/lib/suricata/rules/suricata.rules at line 60123
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rehtesyk outbound connection"; flow:to_server,established; content:"User-Agent: Firefox|0D 0A|"; fast_pattern:only; content:"first="; depth:6; http_client_body; content:"&data="; within:7; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b1347df8f8940039cb68bd4e2568e8c68b1f1a0067ac9a0fb1a5f1aef2df61ea/analysis/; classtype:trojan-activity; sid:32311; rev:2;)" from file /var/lib/suricata/rules/suricata.rules at line 60289
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_BROADCAST"; sid:413; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /var/lib/suricata/rules/suricata.rules at line 60475
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_INVALID_LENGTH"; sid:96; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /var/lib/suricata/rules/suricata.rules at line 60620
|
|
26/7/2018 -- 20:58:55 - <Error> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.
|
|
26/7/2018 -- 20:58:55 - <Error> -- Suricata test failed, aborting.
|
|
26/7/2018 -- 20:58:55 - <Error> -- Restoring previous rules.
|