[***] Results from Oinkmaster started Thu Apr 21 20:00:09 2005 [***]
[///] Modified active rules: [///]
2001515 - BLEEDING-EDGE Malware SurfAssistant.com Spyware Activity
(bleeding-malware.rules)
2001846 - BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt
(bleeding-dos.rules)
2001848 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
(bleeding-exploit.rules)
2001849 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
(bleeding-exploit.rules)
2001873 - BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe
MS05-021) (bleeding-exploit.rules)
2001874 - BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after chunked data,
probably crashed it (MS05-021) (bleeding-exploit.rules)
2001875 - BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted
(bleeding-exploit.rules)
2001876 - BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk, but
didn't die (MS05-021) (bleeding-exploit.rules)
[---] Disabled rules: [---]
2001076 - BLEEDING-EDGE WEB-MISC cross site scripting attempt TYPE +
JAVASCRIPT (bleeding-web.rules)
2001116 - BLEEDING-EDGE DNS - Standard query response, Format error
(bleeding-policy.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (7):
2001846 || BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing
attempt || url,isc.sans.org/diary.php?date=2005-04-12 ||
url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx ||
cve,can-2004-0790
2001848 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State -
Possible Attack ||
url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ||
url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001849 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State -
Possible Attack ||
url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ||
url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001873 || BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk
(maybe MS05-021) ||
url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ||
url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001874 || BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after
chunked data, probably crashed it (MS05-021) ||
url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ||
url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001875 || BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted ||
url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ||
url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001876 || BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk,
but didn't die (MS05-021) ||
url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ||
url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (7):
2001846 || BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing
attempt || cve,can-2004-0790
2001848 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State -
Possible Attack
2001849 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State -
Possible Attack
2001873 || BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk
(maybe MS05-021)
2001874 || BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after
chunked data, probably crashed it (MS05-021)
2001875 || BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted
2001876 || BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk,
but didn't die (MS05-021)
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
