[***] Results from Oinkmaster started Sat Jun 4 20:00:04 2005 [***]
[+++] Added rules: [+++]
2001972 - BLEEDING-EDGE Behavioral Unusual Term Server Traffic, Potential Scan
or Infection (bleeding-scan.rules)
2001973 - BLEEDING-EDGE POLICY SSH Server Banner Detected
(bleeding-policy.rules)
2001974 - BLEEDING-EDGE POLICY SSH Client Banner Detected
(bleeding-policy.rules)
2001975 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected
(bleeding-policy.rules)
2001976 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected
(bleeding-policy.rules)
2001977 - BLEEDING-EDGE POLICY SSHv2 Client New Keys detected
(bleeding-policy.rules)
2001978 - BLEEDING-EDGE POLICY SSH session in progress (bleeding-policy.rules)
2001979 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Off Port
(bleeding-policy.rules)
2001980 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Off Port
(bleeding-policy.rules)
2001981 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Off Port
(bleeding-policy.rules)
2001982 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Off Port
(bleeding-policy.rules)
2001983 - BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Off Port
(bleeding-policy.rules)
2001984 - BLEEDING-EDGE POLICY SSH session in progress on Off Port
(bleeding-policy.rules)
[---] Disabled and modified rules: [---]
2000354 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage
(bleeding-policy.rules)
[---] Disabled rules: [---]
2001957 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage
(bleeding-policy.rules)
2001958 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage
(bleeding-policy.rules)
2001968 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (OpenSSH)
(bleeding-policy.rules)
2001969 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (SecureCRT)
(bleeding-policy.rules)
2001970 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (OpenSSH)
(bleeding-policy.rules)
2001971 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage
(SecureCRT) (bleeding-policy.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-policy.rules (5):
#New way to do ssh. First to detect legit ssh sessions on normal ports.
Enable these ONLY if you need to know about
# normal ssh sessions
#Written by Erik Fichtner, adapted some
var SSH_PORTS 22
#And now to detect Non-standard port usage
-> Added to bleeding-scan.rules (1):
# Works for other proto's, may as well extend the idea
-> Added to bleeding-sid-msg.map (13):
2001972 || BLEEDING-EDGE Behavioral Unusual Term Server Traffic,
Potential Scan or Infection
2001973 || BLEEDING-EDGE POLICY SSH Server Banner Detected
2001974 || BLEEDING-EDGE POLICY SSH Client Banner Detected
2001975 || BLEEDING-EDGE POLICY SSHv2 Server KEX Detected
2001976 || BLEEDING-EDGE POLICY SSHv2 Client KEX Detected
2001977 || BLEEDING-EDGE POLICY SSHv2 Client New Keys detected
2001978 || BLEEDING-EDGE POLICY SSH session in progress
2001979 || BLEEDING-EDGE POLICY SSH Server Banner Detected on Off Port
2001980 || BLEEDING-EDGE POLICY SSH Client Banner Detected on Off Port
2001981 || BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Off Port
2001982 || BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Off Port
2001983 || BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Off
Port
2001984 || BLEEDING-EDGE POLICY SSH session in progress on Off Port
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
