Network Security: Detailed info on [Snort-sigs] Bleedingsnort.com Daily Update

Subject:	[Snort-sigs] Bleedingsnort.com Daily Update
Date:	Mon, 23 Aug 2004 20:00:01 -0500

Subject:

[Snort-sigs] Bleedingsnort.com Daily Update

Date:

Mon, 23 Aug 2004 20:00:01 -0500

Todays changes from Bleedingsnort.com:

[***] Results from Oinkmaster started Mon Aug 23 20:00:01 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding.rules (2):
        alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential SSH 
Brute Force Attack"; flow:to_server,established; flags:S; threshold:type limit, 
track by_src, count 5, seconds 60; classtype:attempted-dos; sid:2001219; rev:3;)
        alert tcp $HOME_NET any -> any any (msg:"BLEEDING-EDGE RXBOT / RBOT 
Exploit Report"; content:"|5D 3A 20|Exploiting|20|IP|3A 20|"; nocase; 
classtype:trojan-activity;  reference:url,www.nitroguard.com/rxbot.html; 
reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL;
 sid:2001220; rev: 1;)

[---]         Removed rules:         [---]

     -> Removed from bleeding.rules (1):
        alert tcp $HOME_NET any -> any any (msg:"BLEEDING-EDGE RXBOT / RBOT 
Exploit Report"; content:"|5D 3A 20|Exploiting|20|IP|3A 20|"; nocase; 
classtype:trojan-activity;  reference:url,www.nitroguard.com/rxbot.html; 
reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL;
 sid:2002004; rev: 1;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001219 || BLEEDING-EDGE Potential SSH Brute Force Attack
        2001220 || BLEEDING-EDGE RXBOT / RBOT Exploit Report || 
url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL || 
url,www.nitroguard.com/rxbot.html

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2002004 || BLEEDING-EDGE RXBOT / RBOT Exploit Report || 
url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL || 
url,www.nitroguard.com/rxbot.html

[*] Added files: [*]
    None.



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [Snort-sigs] Bleedingsnort.com Daily Update, (continued) RE: [Snort-sigs] Bleedingsnort.com Daily Update, Graeme Rider Re: [Snort-sigs] Bleedingsnort.com Daily Update, Alex Kirk Re: [Snort-sigs] Bleedingsnort.com Daily Update, Matthew Jonkman [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt <= [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt [Snort-sigs] Bleedingsnort.com Daily Update, matt Re: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez Re: [Snort-sigs] Bleedingsnort.com Daily Update, Matt Jonkman

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Snort-sigs] SSH Scans, Frank Knobbe
Next by Date:	[Snort-sigs] bleedingsnort PNG rule 2001203 FP?, Federico Petronio
Previous by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, matt
Next by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, matt
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [Snort-sigs] SSH Scans, Frank Knobbe

Next by Date:

[Snort-sigs] bleedingsnort PNG rule 2001203 FP?, Federico Petronio

Previous by Thread:

[Snort-sigs] Bleedingsnort.com Daily Update, matt

Next by Thread:

[Snort-sigs] Bleedingsnort.com Daily Update, matt

Indexes:

[Date] [Thread] [Top] [All Lists]