Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Wed, 22 Jun 2005 20:00:04 -0500 (EST) 

[***] Results from Oinkmaster started Wed Jun 22 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2000035 - BLEEDING-EDGE Hotmail Inbox Access (bleeding-policy.rules)
 2000036 - BLEEDING-EDGE Hotmail Message Access (bleeding-policy.rules)
 2000037 - BLEEDING-EDGE Hotmail Compose Message Access (bleeding-policy.rules)
 2000038 - BLEEDING-EDGE Hotmail Compose Message Submit (bleeding-policy.rules)
 2000039 - BLEEDING-EDGE Hotmail Compose Message Submit Data 
(bleeding-policy.rules)
 2000309 - BLEEDING-EDGE GotoMyPC Polling Client (bleeding-policy.rules)
 2000328 - BLEEDING-EDGE Multiple Non-SMTP Server Emails (bleeding-policy.rules)
 2000355 - BLEEDING-EDGE POLICY IRC authorization message 
(bleeding-policy.rules)
 2000356 - BLEEDING-EDGE POLICY IRC connection (bleeding-policy.rules)
 2000569 - BLEEDING-EDGE KitCo Kcast Ticker (bleeding-policy.rules)
 2000570 - BLEEDING-EDGE KitCo Kcast Ticker (bleeding-policy.rules)
 2000571 - BLEEDING-EDGE AOL Webmail Message Send (bleeding-policy.rules)
 2000572 - BLEEDING-EDGE AOL Webmail Login (bleeding-policy.rules)
 2001044 - BLEEDING-EDGE Yahoo Briefcase Upload (bleeding-policy.rules)
 2001055 - BLEEDING-EDGE MISC HP Web JetAdmin ExecuteFile admin access 
(bleeding-policy.rules)
 2001235 - BLEEDING-EDGE Weatherbug (bleeding-policy.rules)
 2001239 - BLEEDING-EDGE Cisco Device in Config Mode (bleeding-policy.rules)
 2001240 - BLEEDING-EDGE Cisco Device New Config Built (bleeding-policy.rules)
 2001241 - BLEEDING-EDGE CHAT MSN file transfer request (bleeding-policy.rules)
 2001242 - BLEEDING-EDGE CHAT MSN file transfer accept (bleeding-policy.rules)
 2001243 - BLEEDING-EDGE CHAT MSN file transfer reject (bleeding-policy.rules)
 2001253 - BLEEDING-EDGE CHAT Yahoo IM successful logon (bleeding-policy.rules)
 2001254 - BLEEDING-EDGE CHAT Yahoo IM voicechat (bleeding-policy.rules)
 2001255 - BLEEDING-EDGE CHAT Yahoo IM ping (bleeding-policy.rules)
 2001256 - BLEEDING-EDGE CHAT Yahoo IM conference invitation 
(bleeding-policy.rules)
 2001257 - BLEEDING-EDGE CHAT Yahoo IM conference logon success 
(bleeding-policy.rules)
 2001258 - BLEEDING-EDGE CHAT Yahoo IM conference message 
(bleeding-policy.rules)
 2001259 - BLEEDING-EDGE CHAT Yahoo IM file transfer request 
(bleeding-policy.rules)
 2001261 - BLEEDING-EDGE CHAT Yahoo IM successful chat join 
(bleeding-policy.rules)
 2001262 - BLEEDING-EDGE CHAT Yahoo IM conference offer invitation 
(bleeding-policy.rules)
 2001263 - BLEEDING-EDGE CHAT Yahoo IM conference request 
(bleeding-policy.rules)
 2001267 - BLEEDING-EDGE Weatherbug Capture (bleeding-policy.rules)
 2001294 - BLEEDING-EDGE POLICY Dameware Remote Control Service Install 
(bleeding-policy.rules)
 2001329 - BLEEDING-EDGE RDP connection request (bleeding-policy.rules)
 2001330 - BLEEDING-EDGE RDP connection confirm (bleeding-policy.rules)
 2001331 - BLEEDING-EDGE RDP disconnect request (bleeding-policy.rules)
 2001406 - BLEEDING-EDGE Possible hidden zip extension .cpl 
(bleeding-policy.rules)
 2001407 - BLEEDING-EDGE Possible hidden zip extension .pif 
(bleeding-policy.rules)
 2001408 - BLEEDING-EDGE Possible hidden zip extension .scr 
(bleeding-policy.rules)
 2001424 - BLEEDING-EDGE POLICY Gmail Inbox Access (bleeding-policy.rules)
 2001425 - BLEEDING-EDGE POLICY Gmail File Send (bleeding-policy.rules)
 2001426 - BLEEDING-EDGE POLICY Gmail Message Send (bleeding-policy.rules)
 2001427 - BLEEDING-EDGE CHAT Yahoo IM Unavailable Status 
(bleeding-policy.rules)
 2001595 - BLEEDING-EDGE Policy Skype VOIP Checking Version (Startup) 
(bleeding-policy.rules)
 2001596 - BLEEDING-EDGE Policy Skype VOIP Reporting Install 
(bleeding-policy.rules)
 2001597 - BLEEDING-EDGE Policy Netop Remote Control Usage 
(bleeding-policy.rules)
 2001682 - BLEEDING-EDGE Policy MSN IM Poll via HTTP (bleeding-policy.rules)
 2001712 - BLEEDING-EDGE MyWebEx Server Traffic (bleeding-policy.rules)
 2001713 - BLEEDING-EDGE MyWebEx Installation (bleeding-policy.rules)
 2001714 - BLEEDING-EDGE MyWebEx Incoming Connection (bleeding-policy.rules)
 2001728 - BLEEDING-EDGE Policy TOR1.0 nodes negotiation (bleeding-policy.rules)
 2001801 - BLEEDING-EDGE POLICY ICQ Status Invisible (bleeding-policy.rules)
 2001802 - BLEEDING-EDGE POLICY ICQ Status Change (bleeding-policy.rules)
 2001803 - BLEEDING-EDGE POLICY ICQ Status Change (bleeding-policy.rules)
 2001804 - BLEEDING-EDGE POLICY ICQ Login (bleeding-policy.rules)
 2001805 - BLEEDING-EDGE POLICY ICQ Message (bleeding-policy.rules)
 2001834 - BLEEDING-EDGE DNS lookup attempt to hostile, poisoning DNS server - 
ISC Diary (bleeding.rules)
 2001835 - BLEEDING-EDGE Sites trying to infect PCs with malware - ISC Diary 
(bleeding.rules)
 2001836 - BLEEDING-EDGE Web page trying to infect PCs with malware - ISC Diary 
(bleeding.rules)
 2001837 - BLEEDING-EDGE Suspicious DNS server answer\: 218.38.13.108 
(bleeding.rules)
 2001838 - BLEEDING-EDGE Suspicious DNS server answer\: 217.16.26.148 
(bleeding.rules)
 2001839 - BLEEDING-EDGE Suspicious DNS server answer\: 205.162.201.11 
(bleeding.rules)
 2001840 - BLEEDING-EDGE Suspicious DNS server answer\: besthost.co.kr 
(bleeding.rules)
 2001842 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 7sir7.com 
(bleeding.rules)
 2001843 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 
123xxl.com (bleeding.rules)
 2001844 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain abx4.com 
(bleeding.rules)
 2001922 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound 
(bleeding-virus.rules)
 2001923 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound 
(bleeding-virus.rules)
 2001924 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound 
(bleeding-virus.rules)
 2001946 - BLEEDING-EDGE iframedollars.biz access (bleeding.rules)
 2001950 - BLEEDING-EDGE POLICY RAR File Outbound (bleeding-policy.rules)
 2001979 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Unusual Port 
(bleeding-policy.rules)
 2001980 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Unusual Port 
(bleeding-policy.rules)
 2001981 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Unusual Port 
(bleeding-policy.rules)
 2001982 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Unusual Port 
(bleeding-policy.rules)
 2001983 - BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Unusual Port 
(bleeding-policy.rules)
 2001984 - BLEEDING-EDGE POLICY SSH session in progress on Unusual Port 
(bleeding-policy.rules)
 2001989 - BLEEDING-EDGE POLICY Prospero Chat Session in Progress 
(bleeding-policy.rules)
 2001991 - BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command Execution 
Attempt (bleeding-exploit.rules)
 2002007 - BLEEDING-EDGE Malware Wildmedia Spyware User Agent Activity 
(bleeding-malware.rules)
 2002022 - BLEEDING-EDGE GotoMyPC poll.gotomypc.com Server Response to Polling 
Client OK (bleeding-policy.rules)
 2002049 - Mytob.GC - outbound (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2000041 - BLEEDING-EDGE Yahoo Mail Inbox View (bleeding-policy.rules)
 2000042 - BLEEDING-EDGE Yahoo Mail Message View (bleeding-policy.rules)
 2000043 - BLEEDING-EDGE Yahoo Mail Message Compose Open (bleeding-policy.rules)
 2000044 - BLEEDING-EDGE Yahoo Mail Message Send (bleeding-policy.rules)
 2000045 - BLEEDING-EDGE Yahoo Mail Message Send Info Capture 
(bleeding-policy.rules)
 2000341 - BLEEDING-EDGE Yahoo Mail General Page View (bleeding-policy.rules)
 2000354 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage 
(bleeding-policy.rules)
 2000418 - BLEEDING-EDGE Executable and linking format (ELF) file download 
(bleeding-policy.rules)
 2000419 - BLEEDING-EDGE PE EXE or DLL Windows file download 
(bleeding-policy.rules)
 2000420 - BLEEDING-EDGE REG files version 4 download (bleeding-policy.rules)
 2000421 - BLEEDING-EDGE REG files version 5 download (bleeding-policy.rules)
 2000422 - BLEEDING-EDGE REG files version 5 Unicode download 
(bleeding-policy.rules)
 2000423 - BLEEDING-EDGE NE EXE OS2 file download (bleeding-policy.rules)
 2000424 - BLEEDING-EDGE LX EXE OS2 file download (bleeding-policy.rules)
 2000425 - BLEEDING-EDGE NE EXE Windows 3.x file download 
(bleeding-policy.rules)
 2000426 - BLEEDING-EDGE EXE compressed PKWARE Windows file download 
(bleeding-policy.rules)
 2000427 - BLEEDING-EDGE PE EXE Install Windows file download 
(bleeding-policy.rules)
 2000428 - BLEEDING-EDGE ZIP file download (bleeding-policy.rules)
 2000429 - BLEEDING-EDGE Download Windows Help File CHM 2 
(bleeding-policy.rules)
 2000489 - BLEEDING-EDGE Download Windows Help File CHM (bleeding-policy.rules)
 2000547 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000548 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000549 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000550 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000560 - BLEEDING-EDGE HTTP CONNECT Tunnel Attempt (bleeding-policy.rules)
 2001114 - BLEEDING-EDGE Policy Mozilla XPI install files download 
(bleeding-policy.rules)
 2001115 - BLEEDING-EDGE MSI (microsoft installer file) download 
(bleeding-policy.rules)
 2001116 - BLEEDING-EDGE DNS - Standard query response, Format error 
(bleeding-policy.rules)
 2001117 - BLEEDING-EDGE DNS - Standard query response, Name Error 
(bleeding-policy.rules)
 2001118 - BLEEDING-EDGE DNS - Standard query response, Not Implemented 
(bleeding-policy.rules)
 2001119 - BLEEDING-EDGE DNS - Standard query response, Refused 
(bleeding-policy.rules)
 2001260 - BLEEDING-EDGE CHAT Yahoo IM message (bleeding-policy.rules)
 2001264 - BLEEDING-EDGE CHAT Yahoo IM conference watch (bleeding-policy.rules)
 2001328 - BLEEDING-EDGE SSN Detected in Clear Text (bleeding-policy.rules)
 2001375 - BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit spaced) 
(bleeding-policy.rules)
 2001376 - BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit dashed) 
(bleeding-policy.rules)
 2001377 - BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit) 
(bleeding-policy.rules)
 2001378 - BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit) 
(bleeding-policy.rules)
 2001379 - BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit spaced) 
(bleeding-policy.rules)
 2001380 - BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit dashed) 
(bleeding-policy.rules)
 2001381 - BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit) 
(bleeding-policy.rules)
 2001382 - BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit spaced) 
(bleeding-policy.rules)
 2001383 - BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit dashed) 
(bleeding-policy.rules)
 2001384 - BLEEDING-EDGE SSN Detected in Clear Text (bleeding-policy.rules)
 2001402 - BLEEDING-EDGE ZIPPED DOC in transit (bleeding-policy.rules)
 2001403 - BLEEDING-EDGE ZIPPED XLS in transit (bleeding-policy.rules)
 2001404 - BLEEDING-EDGE ZIPPED EXE in transit (bleeding-policy.rules)
 2001405 - BLEEDING-EDGE ZIPPED PPT in transit (bleeding-policy.rules)
 2001449 - BLEEDING-EDGE Policy Proxy Connection detected 
(bleeding-policy.rules)
 2001637 - BLEEDING-EDGE Policy SSH Successful user connection 
(bleeding-policy.rules)
 2001806 - BLEEDING-EDGE POLICY Administrator Login Detected 
(bleeding-policy.rules)
 2001845 - BLEEDING-EDGE [ISC] Possible MS Outlook email From forgery attempt 
(bleeding.rules)
 2001898 - BLEEDING-EDGE POLICY eBay Bid Placed (bleeding-policy.rules)
 2001907 - BLEEDING-EDGE POLICY eBay Placing Item for sale 
(bleeding-policy.rules)
 2001908 - BLEEDING-EDGE POLICY eBay View Item (bleeding-policy.rules)
 2001909 - BLEEDING-EDGE POLICY eBay Watch This Item (bleeding-policy.rules)
 2001951 - BLEEDING-EDGE POLICY RAR File Inbound (bleeding-policy.rules)
 2001957 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage 
(bleeding-policy.rules)
 2001958 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage 
(bleeding-policy.rules)
 2001968 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (OpenSSH) 
(bleeding-policy.rules)
 2001969 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (SecureCRT) 
(bleeding-policy.rules)
 2001970 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (OpenSSH) 
(bleeding-policy.rules)
 2001971 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage 
(SecureCRT) (bleeding-policy.rules)
 2001973 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Expected Port 
(bleeding-policy.rules)
 2001974 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Expected Port 
(bleeding-policy.rules)
 2001975 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Expected Port 
(bleeding-policy.rules)
 2001976 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Expected Port 
(bleeding-policy.rules)
 2001977 - BLEEDING-EDGE POLICY SSHv2 Client New Keys detected on Expected Port 
(bleeding-policy.rules)
 2001978 - BLEEDING-EDGE POLICY SSH session in progress on Expected Port 
(bleeding-policy.rules)


[---]         Removed rules:         [---]

 2002006 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #Submitted by Patrick Harper. pcre by Matt Jonkman

     -> Added to bleeding-sid-msg.map (1):
        2001991 || BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command 
Execution Attempt || bugtraq,13930

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-policy.rules (1):
        #Submitted by Patrick Harper.  pcre by Matt Jonkman

     -> Removed from bleeding-sid-msg.map (2):
        2001991 || BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command 
Execution Attempt
        2002006 || BLEEDING-EDGE Malware Better Internet Spyware User Agent 
Activity



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] multiple change on sid (snort233b14), rmkml
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]