Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Sat, 11 Dec 2004 21:00:06 -0500 (EST) 

[***] Results from Oinkmaster started Sat Dec 11 21:00:06 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-malware.rules (1):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS 
(msg:"BLEEDING-EDGE Malware BInet Information Install Report"; 
uricontent:"/bi/servlet/ThinstallPost"; nocase; flow:to_server,established; 
classtype:trojan-activity; 
reference:url,sarc.com/avcenter/venc/data/pf/adware.binet.html; sid:2001576; 
rev:1;)

     -> Added to bleeding.rules (2):
        alert ip 83.102.166.0/24 any -> any any (msg:"BLEEDING-EDGE ISC 
Handlers - UDP Frag Hunt - Narrowing TTL - PLEASE REPORT to incidents.org"; 
byte_test: 2,=,45,2; byte_test: 2,=,64,6; byte_test: 1,>,56,8; content: "|11EF 
0035 0019 50D7 71F7 0100 0001 0000 0000 0000 0000 0200 01|"; 
reference:url,isc.sans.org/diary.php?date=2004-12-10; sid:2001574; rev:1;)
        alert ip 83.102.166.0/24 any -> any any (msg:"BLEEDING-EDGE ISC 
Handlers - UDP Frag Hunt - Bigger Packets"; byte_test: 2,>,45,2; byte_test: 
2,=,64,6; content: "|11EF 0035 0019 50D7 71F7 0100 0001 0000 0000 0000 0000 
0200 01|"; reference:url,isc.sans.org/diary.php?date=2004-12-10; sid:2001575; 
rev:1;)

[///]     Modified active rules:     [///]

     -> Modified active in bleeding-virus.rules (2):
        old: alert tcp $EXTERNAL_NET any -> any 25 (msg:"Zafi.B Worm - incoming 
"; content:"Uk5FTDMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAAAAAA"; 
nocase; classtype:misc-activity; sid:2001572;)
        new: alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"Zafi.B Worm - 
incoming "; 
content:"Uk5FTDMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAAAAAA"; 
nocase; classtype:misc-activity; flow:from_server,established; sid:2001572; 
rev:2;)
        old: alert tcp $HOME_NET any -> any 25 (msg:"Zafi.B Worm outgoing 
detected "; 
content:"Uk5FTDMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAAAAAA"; 
threshold: type limit, track by_src, count 10 , seconds 60 ; nocase; 
classtype:misc-activity; sid:2001573;)
        new: alert tcp $HOME_NET any -> any 25 (msg:"Zafi.B Worm outgoing 
detected "; 
content:"Uk5FTDMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAAAAAA"; 
threshold: type limit, track by_src, count 10 , seconds 60 ; nocase; 
flow:to_server,established; classtype:misc-activity; sid:2001573; rev:2;)

[---]         Removed rules:         [---]

     -> Removed from bleeding-inappropriate.rules (3):
        alert tcp $HOME_NET any -> any !443 (msg:"BLEEDING-EDGE Inappropriate 
Content - Cunt"; content:" cunt "; nocase; flow:established; 
classtype:policy-violation; sid:2001356; rev:2;)
        alert tcp $HOME_NET any -> any !443 (msg:"BLEEDING-EDGE Inappropriate 
Content - Gangbang"; content:" gangbang "; nocase; flow:established; 
classtype:policy-violation; sid:2001355; rev:2;)
        alert tcp $HOME_NET any -> any !443 (msg:"BLEEDING-EDGE Inappropriate 
Content - Nigger"; content:" nigger "; nocase; flow:established; 
classtype:policy-violation; sid:2001358; rev:2;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #Data from Allison Macfarland

     -> Added to bleeding-sid-msg.map (3):
        2001574 || BLEEDING-EDGE ISC Handlers - UDP Frag Hunt - Narrowing TTL - 
PLEASE REPORT to incidents.org || url,isc.sans.org/diary.php?date=2004-12-10
        2001575 || BLEEDING-EDGE ISC Handlers - UDP Frag Hunt - Bigger Packets 
|| url,isc.sans.org/diary.php?date=2004-12-10
        2001576 || BLEEDING-EDGE Malware BInet Information Install Report || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html

     -> Added to bleeding.rules (2):
        #From the ISC Folks, written by Erik Fitchner.
        #If you get a hit on these PLEASE REPORT to incidents.org!!! See 
reference for more info

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-inappropriate.rules (1):
        #Ideas from the lists and anonymous suggestions :)

     -> Removed from bleeding-sid-msg.map (3):
        2001355 || BLEEDING-EDGE Inappropriate Content - Gangbang
        2001356 || BLEEDING-EDGE Inappropriate Content - Cunt
        2001358 || BLEEDING-EDGE Inappropriate Content - Nigger

[*] Added files: [*]
    None.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] Suggestions for new attack response rules, Jason
Next by Date:  [Snort-sigs] Sig 2664 false positive, Jeff Kell
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]