Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Sat, 2 Apr 2005 20:00:05 -0500 (EST) 

[***] Results from Oinkmaster started Sat Apr  2 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2001816 - BLEEDING-EDGE .com DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001817 - BLEEDING-EDGE .net DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001818 - BLEEDING-EDGE .org DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001819 - BLEEDING-EDGE .biz DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001820 - BLEEDING-EDGE .edu DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001821 - BLEEDING-EDGE .gov DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001822 - BLEEDING-EDGE .int DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001823 - BLEEDING-EDGE .mil DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001824 - BLEEDING-EDGE .info DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001825 - BLEEDING-EDGE .name DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001826 - BLEEDING-EDGE .pro DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001827 - BLEEDING-EDGE .us DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001828 - BLEEDING-EDGE .ws DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001829 - BLEEDING-EDGE .museum DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001830 - BLEEDING-EDGE .tv DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001831 - BLEEDING-EDGE .uk DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001832 - BLEEDING-EDGE .de DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001833 - BLEEDING-EDGE .jp DNS cache poison attempt 
(bleeding-attack_response.rules)
 2001834 - DNS lookup attempt to hostile, poisoning DNS server - ISC Diary 
(bleeding.rules)
 2001835 - Sites trying to infect PCs with malware - ISC Diary (bleeding.rules)
 2001836 - Web page trying to infect PCs with malware - ISC Diary 
(bleeding.rules)
 2001837 - BLEEDING-EDGE Suspicious DNS aerver answer\: 218.38.13.108 
(bleeding.rules)
 2001838 - BLEEDING-EDGE Suspicious DNS server answer\: 217.16.26.148 
(bleeding.rules)
 2001839 - BLEEDING-EDGE Suspicious DNS server answer\: 205.162.201.11 
(bleeding.rules)
 2001840 - BLEEDING-EDGE Suspicious DNS server answer\: besthost.co.kr 
(bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (19):
        # Added 04-02-2005 by Frank Knobbe
        # Following rules were originally created by the fine folks at the SANS
        # Internet Storm Center.
        # Credit goes to: Cody Hatch, Kyle Haugsness, Stephane Nasdrovisky,
        # Tony Carothers
        # These rules attempt to alert on DNS response packets for responsible 
top
        # level domain servers containing invalid servers. For example, the 
.com domain
        # is served by a.gtld-servers.net through m.gtld-servers.net. Any DNS 
response
        # packet claiming that a different name server is responsible for the 
.com
        # domain is an attempt to poison the querying DNS servers cache.
        # The challenge is to find a single, all encompassing domain. Efforts 
are under
        # way to write such a rule. These rules below act more as a white list 
of
        # valid responses and will alert on servers not specifically 
white-listed.
        ####
        #### THESE RULES ARE CURRENTLY EXPERIMENTAL!  ENABLE AT YOUR OWN RISK!
        ####
        #### Warning: Side affects may include headaches, dry mouth, bloated 
logs,
        ####          raised blood pressure and abnormal desire for medication.
        ####

     -> Added to bleeding-sid-msg.map (25):
        2001816 || BLEEDING-EDGE .com DNS cache poison attempt
        2001817 || BLEEDING-EDGE .net DNS cache poison attempt
        2001818 || BLEEDING-EDGE .org DNS cache poison attempt
        2001819 || BLEEDING-EDGE .biz DNS cache poison attempt
        2001820 || BLEEDING-EDGE .edu DNS cache poison attempt
        2001821 || BLEEDING-EDGE .gov DNS cache poison attempt
        2001822 || BLEEDING-EDGE .int DNS cache poison attempt
        2001823 || BLEEDING-EDGE .mil DNS cache poison attempt
        2001824 || BLEEDING-EDGE .info DNS cache poison attempt
        2001825 || BLEEDING-EDGE .name DNS cache poison attempt
        2001826 || BLEEDING-EDGE .pro DNS cache poison attempt
        2001827 || BLEEDING-EDGE .us DNS cache poison attempt
        2001828 || BLEEDING-EDGE .ws DNS cache poison attempt
        2001829 || BLEEDING-EDGE .museum DNS cache poison attempt
        2001830 || BLEEDING-EDGE .tv DNS cache poison attempt
        2001831 || BLEEDING-EDGE .uk DNS cache poison attempt
        2001832 || BLEEDING-EDGE .de DNS cache poison attempt
        2001833 || BLEEDING-EDGE .jp DNS cache poison attempt
        2001834 || DNS lookup attempt to hostile, poisoning DNS server - ISC 
Diary || url,isc.sans.org/diary.php?date=2005-03-31 || 
url,isc.sans.org/diary.php?date=2005-03-30
        2001835 || Sites trying to infect PCs with malware - ISC Diary || 
url,isc.sans.org/diary.php?date=2005-03-30
        2001836 || Web page trying to infect PCs with malware - ISC Diary || 
url,isc.sans.org/diary.php?date=2005-03-30
        2001837 || BLEEDING-EDGE Suspicious DNS aerver answer\: 218.38.13.108
        2001838 || BLEEDING-EDGE Suspicious DNS server answer\: 217.16.26.148
        2001839 || BLEEDING-EDGE Suspicious DNS server answer\: 205.162.201.11
        2001840 || BLEEDING-EDGE Suspicious DNS server answer\: besthost.co.kr

     -> Added to bleeding.rules (7):
        # This file contains some signatures in response to current events. 
These do
        # not necessarily match on hostile content, but more often match on 
hostile
        # source or destination addresses or domains.
        # The rules below were written in response to an ISC Diary that listed 
known
        # evil, poisoning name servers .
        # Added by Frank Knobbe
        # Submitted by Stephane Nasdrovisky



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]