[***] Results from Oinkmaster started Sun Oct 24 20:00:02 2004 [***]
[+++] Added rules: [+++]
-> Added to bleeding-policy.rules (10):
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (15 digit dashed)";
pcre:"/(3[4|7]\d{2}|2014|2149|2131|1800)-\d{4}-\d{4}-\d{3} /";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001380; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (15 digit)"; pcre:"/(3[4|7]\d{2}|2014|2149|2131|1800)\d{11}
/"; reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001378; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (14 digit dashed)";
pcre:"/(30[0|1|2|3|4|5]\d{1}|36\d{2}|38\d{2})-\d{4}-\d{4}-\d{2} /";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001383; rev:2;)
#alert tcp any any -> any any (msg:"BLEEDING-EDGE SSN Detected in Clear
Text"; pcre:"/\b(00[1-9]|010-733|750-772) \d{2} \d{4}\b/"; sid:2001384; rev:3;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (16 digit)";
pcre:"/(6011|5[1|2|3|4|5]\d{2}|4\d{3}|3\d{3})\d{12} /";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001377; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (16 digit spaced)";
pcre:"/(6011|5[1|2|3|4|5]\d{2}|4\d{3}|3\d{3}) \d{4} \d{4} \d{4}/";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001375; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (16 digit dashed)";
pcre:"/(6011|5[1|2|3|4|5]\d{2}|4\d{3}|3\d{3})-\d{4}-\d{4}-\d{4}/";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001376; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (14 digit spaced)";
pcre:"/(30[0|1|2|3|4|5]\d{1}|36\d{2}|38\d{2}) \d{4} \d{4} \d{2} /";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001382; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (14 digit)";
pcre:"/(30[0|1|2|3|4|5]\d{1}|36\d{2}|38\d{2})\d{10} /";
reference:url,www.beachnet.com/~hstiles/cardtype.html; sid:2001381; rev:2;)
#alert ip any any -> any any (msg:"BLEEDING-EDGE Credit Card Number
Detected in Clear (15 digit spaced)"; pcre:"/(3[4|7]\d{2}|2014|2149|2131|1800)
\d{4} \d{4} \d{3} /"; reference:url,www.beachnet.com/~hstiles/cardtype.html;
sid:2001379; rev:2;)
[///] Modified inactive rules: [///]
-> Modified inactive in bleeding-policy.rules (1):
old: #alert tcp any any -> any any (msg:"BLEEDING-EDGE SSN Detected in
Clear Text"; pcre:"/\b\d{3}-\d{2}-\d{4}\b/"; sid:2001328; rev:2;)
new: #alert tcp any any -> any any (msg:"BLEEDING-EDGE SSN Detected in
Clear Text"; pcre:"/\b(00[1-9]|010-733|750-772)-\d{2}-\d{4}\b/"; sid:2001328;
rev:3;)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-policy.rules (2):
#Thees rules are disabled by default. They should generally be run on
the outside of your network, not internally. Enable it where useful.
#Submitted by Patrick Harper. pcre by Matt Jonkman
-> Added to bleeding-sid-msg.map (89):
2000041 || BLEEDING-EDGE Yahoo Mail Inbox View
2000042 || BLEEDING-EDGE Yahoo Mail Message View
2000341 || BLEEDING-EDGE Yahoo Mail Login
2000374 || BLEEDING-EDGE MS-SQL SQL Injection trying to guess the
column name || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000375 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000376 || BLEEDING-EDGE MS-SQL SQL Injection running SQL statements NO
line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html
|| url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000418 || BLEEDING-EDGE Executable and linking format (ELF) file
download ||
url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm
2000419 || BLEEDING-EDGE PE EXE or DLL Windows file download ||
url,hyatus.dune2.info/Miscellanous/exe_header.html
2000420 || BLEEDING-EDGE REG files version 4 download ||
url,www.ss64.com/nt/regedit.html
2000421 || BLEEDING-EDGE REG files version 5 download ||
url,www.ss64.com/nt/regedit.html
2000422 || BLEEDING-EDGE REG files version 5 Unicode download ||
url,www.ss64.com/nt/regedit.html
2000425 || BLEEDING-EDGE NE EXE Windows 3.x file download ||
url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm
2000426 || BLEEDING-EDGE EXE compressed PKWARE Windows file download ||
url,www.program-transformation.org/Transform/PcExeFormat
2000427 || BLEEDING-EDGE PE EXE Install Windows file download ||
url,www.program-transformation.org/Transform/PcExeFormat
2000428 || BLEEDING-EDGE ZIP file download ||
url,zziplib.sourceforge.net/zzip-parse.print.html
2000490 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 2 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000491 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 3 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000492 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 4 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000493 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 5 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000517 || BLEEDING-EDGE IE Object Data vulnerability ||
url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm
2000521 || BLEEDING-EDGE WEB-IIS ASP source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000522 || BLEEDING-EDGE WEB-IIS ASA source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000523 || BLEEDING-EDGE WEB-IIS STM source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000524 || BLEEDING-EDGE WEB-IIS SHTM source exposed with Alternate
Data Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000525 || BLEEDING-EDGE WEB-IIS SHTML source exposed with Alternate
Data Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000526 || BLEEDING-EDGE WEB-IIS IDC source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000527 || BLEEDING-EDGE WEB-IIS HTW source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000528 || BLEEDING-EDGE WEB-IIS IDQ source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000529 || BLEEDING-EDGE WEB-IIS IDA source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000530 || BLEEDING-EDGE WEB-IIS PL source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000531 || BLEEDING-EDGE WEB-IIS PHP source exposed with Alternate Data
Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000532 || BLEEDING-EDGE WEB-IIS ASPX source exposed with Alternate
Data Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000533 || BLEEDING-EDGE WEB-IIS ASAX source exposed with Alternate
Data Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000534 || BLEEDING-EDGE WEB-IIS CONFIG source exposed with Alternate
Data Stream ||
url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1
2000535 || BLEEDING-EDGE SCAN NMAP -sT or TCP incoming connection ||
arachnids,162
2000539 || BLEEDING-EDGE SCAN NMAP -sA || arachnids,162
2000541 || BLEEDING-EDGE SCAN NMAP -sA || arachnids,162
2000542 || BLEEDING-EDGE SCAN NMAP -sU || arachnids,162
2000547 || BLEEDING-EDGE HTTP CONNECT Tunnel
2000548 || BLEEDING-EDGE HTTP CONNECT Tunnel
2000549 || BLEEDING-EDGE HTTP CONNECT Tunnel
2000550 || BLEEDING-EDGE HTTP CONNECT Tunnel
2000560 || BLEEDING-EDGE HTTP CONNECT Tunnel Attempt
2000576 || BLEEDING-EDGE Malware Adtrak.net Tracking Bot Reporting ||
url,www.adtrak.net
2000928 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar
Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html ||
url,www.isearchtech.com
2001014 || BLEEDING-EDGE Malware Gator Ad Retrieval
2001098 || BLEEDING-EDGE Attempt to execute Javascript code
2001100 || BLEEDING-EDGE Attempt to access SHELL\:
2001110 || BLEEDING-EDGE Malware SRC=cid - dangerous SPAM or PHISHING
|| url,http.www.rickconner.net/spamweb/spam_phishing.html
2001111 || BLEEDING-EDGE Obfuscated URL - typical PHISHING ||
url,http.www.rickconner.net/spamweb/tricks.html
2001112 || BLEEDING-EDGE Redirecting URL - typical PHISHING ||
url,http.www.rickconner.net/spamweb/tricks.html
2001115 || BLEEDING-EDGE MSI (microsoft installer file) download
2001117 || BLEEDING-EDGE DNS - Standard query response, Name Error
2001118 || BLEEDING-EDGE DNS - Standard query response, Not Implemented
2001119 || BLEEDING-EDGE DNS - Standard query response, Refused
2001175 || BLEEDING-EDGE Internet Explorer Bitmap Integer Overflow ||
url,www.securitytracker.com/alerts/2004/Feb/1009067.html
2001176 || BLEEDING-EDGE Internet Explorer XSS in Unparsable XML Files
|| url,www.hnc3k.com/ievulnerabil.htm
2001178 || BLEEDING-EDGE Internet Explorer Malicious htm Unicode DOS ||
url,www.hnc3k.com/ievulnerabil.htm
2001179 || BLEEDING-EDGE Internet Explorer Malicious htm Unhandled
exception DOS || url,www.hnc3k.com/ievulnerabil.htm
2001180 || BLEEDING-EDGE Internet Explorer Object Type Property
Overflow || url,www.hnc3k.com/ievulnerabil.htm
2001193 || BLEEDING-EDGE libPNG - zero Width ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001194 || BLEEDING-EDGE libPNG - zero Height ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001203 || BLEEDING-EDGE libPNG - Remotely exploitable stack-based
buffer overrun in png_handle_tRNS ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001214 || BLEEDING-EDGE Serv-U MDTM Command Buffer Overflow
Vulnerability || url,www.securiteam.com/windowsntfocus/5HP010ACAS.html
2001244 || BLEEDING-EDGE CHAT MSN user search
2001246 || BLEEDING-EDGE CHAT IRC nick change
2001247 || BLEEDING-EDGE CHAT IRC DCC file transfer request
2001248 || BLEEDING-EDGE CHAT IRC DCC chat request
2001249 || BLEEDING-EDGE CHAT IRC channel join
2001250 || BLEEDING-EDGE CHAT IRC message
2001251 || BLEEDING-EDGE CHAT IRC dns request
2001252 || BLEEDING-EDGE CHAT IRC dns response
2001260 || BLEEDING-EDGE CHAT Yahoo IM message
2001264 || BLEEDING-EDGE CHAT Yahoo IM conference watch
2001265 || BLEEDING-EDGE CHAT MSN message
2001300 || BLEEDING-EDGE P2P eDonkey Hello Request
2001328 || BLEEDING-EDGE SSN Detected in Clear Text
2001332 || BLEEDING-EDGE GDI Exploit - Worm 1 Successful Execution ||
url,www.easynews.com/virus.txt
2001360 || BLEEDING-EDGE Possible Microsoft asycpict.dll 1.0 Remote
JPEG DoS Attack Vulnerability Attempt ||
url,archives.neohapsis.com/archives/bugtraq/2004-10/0126.html
2001375 || BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001376 || BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001377 || BLEEDING-EDGE Credit Card Number Detected in Clear (16
digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001378 || BLEEDING-EDGE Credit Card Number Detected in Clear (15
digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001379 || BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001380 || BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001381 || BLEEDING-EDGE Credit Card Number Detected in Clear (14
digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001382 || BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001383 || BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001384 || BLEEDING-EDGE SSN Detected in Clear Text
[---] Removed non-rule lines: [---]
-> Removed from bleeding-policy.rules (1):
#Submitted by Patrick Harper
[*] Added files: [*]
None.
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
