Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Thu, 28 Jul 2005 20:00:05 -0500 (EST) 

[***] Results from Oinkmaster started Thu Jul 28 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2002157 - BLEEDING-EDGE POLICY Skype User-Agent detected 
(bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2000025 - BLEEDING-EDGE Malware Gator Cookie (bleeding-malware.rules)
 2000335 - BLEEDING-EDGE P2P Overnet Server Announce (bleeding-p2p.rules)
 2000338 - BLEEDING-EDGE P2P iroffer IRC Bot help message (bleeding-p2p.rules)
 2000339 - BLEEDING-EDGE P2P iroffer IRC Bot offered files advertisement 
(bleeding-p2p.rules)
 2000595 - BLEEDING-EDGE Malware Gator Checkin (bleeding-malware.rules)
 2000596 - BLEEDING-EDGE Malware Gator/Claria Data Submission 
(bleeding-malware.rules)
 2000597 - BLEEDING-EDGE Malware Gator New Code Download 
(bleeding-malware.rules)
 2001090 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to 
execute Javascript code (bleeding-web.rules)
 2001091 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to 
execute VBScript code (bleeding-web.rules)
 2001092 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to 
access SHELL\: (bleeding-web.rules)
 2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code 
(bleeding-exploit.rules)
 2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code 
(bleeding-exploit.rules)
 2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\: 
(bleeding-exploit.rules)
 2001185 - BLEEDING-EDGE P2P Soulseek traffic (bleeding-p2p.rules)
 2001186 - BLEEDING-EDGE P2P Soulseek traffic (bleeding-p2p.rules)
 2001187 - BLEEDING-EDGE P2P Soulseek Filesearch Results (bleeding-p2p.rules)
 2001188 - BLEEDING-EDGE P2P Soulseek (bleeding-p2p.rules)
 2001296 - BLEEDING-EDGE P2P eDonkey File Status (bleeding-p2p.rules)
 2001297 - BLEEDING-EDGE P2P eDonkey File Status Request (bleeding-p2p.rules)
 2001298 - BLEEDING-EDGE P2P eDonkey Server Status Request (bleeding-p2p.rules)
 2001299 - BLEEDING-EDGE P2P eDonkey Server Status (bleeding-p2p.rules)
 2001305 - BLEEDING-EDGE P2P eDonkey Search (bleeding-p2p.rules)
 2001306 - BLEEDING-EDGE Malware Gator/Clarian Agent (bleeding-malware.rules)
 2001345 - BLEEDING-EDGE MALWARE Bonziportal Traffic (bleeding-malware.rules)
 2001493 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity 
(bleeding-malware.rules)
 2001521 - BLEEDING-EDGE MALWARE Spywaremover Activity (bleeding-malware.rules)
 2001546 - BLEEDING-EDGE WEB-MISC LINK Method (bleeding-web.rules)
 2001635 - BLEEDING-EDGE DOS HTTP GET with newline appended (bleeding-dos.rules)
 2001636 - BLEEDING-EDGE DOS squ1rt Apache DoS (bleeding-dos.rules)
 2001664 - BLEEDING-EDGE P2P Gnutella Connect (bleeding-p2p.rules)
 2001705 - BLEEDING-EDGE Malware Flingstone Spyware Install 
(bleeding-malware.rules)
 2001710 - BLEEDING-EDGE Malware Flingstone Spyware Install 
(bleeding-malware.rules)
 2001796 - BLEEDING-EDGE P2P kazaa over UDP (bleeding-p2p.rules)
 2001808 - BLEEDING-EDGE P2P LimeWire P2P Traffic (bleeding-p2p.rules)
 2001809 - BLEEDING-EDGE P2P Limewire P2P UDP Traffic (bleeding-p2p.rules)
 2001812 - BLEEDING-EDGE KazaaClient P2P Traffic (bleeding-p2p.rules)
 2001841 - BLEEDING-EDGE P2P UDP traffic -- Likely Limewire (bleeding-p2p.rules)
 2002033 - BLEEDING-EDGE TROJAN BOT - potential response (bleeding-virus.rules)
 2002089 - BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer 
(bleeding-malware.rules)
 2002095 - BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer 
(bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2001300 - BLEEDING-EDGE P2P eDonkey Hello Request (bleeding-p2p.rules)


[---]         Disabled rules:        [---]

 2002124 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- PNG with 
embedded ICC document (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        # This is disabled by default because it hits on any PNG. It is a good 
sig, but you must understand more than average to use it

     -> Added to bleeding-policy.rules (1):
        #By Robert Grabowsky

     -> Added to bleeding-sid-msg.map (32):
        2000025 || BLEEDING-EDGE Malware Gator Cookie || 
url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2000335 || BLEEDING-EDGE P2P Overnet Server Announce || 
url,www.overnet.com
        2000338 || BLEEDING-EDGE P2P iroffer IRC Bot help message || 
url,iroffer.org
        2000339 || BLEEDING-EDGE P2P iroffer IRC Bot offered files 
advertisement || url,iroffer.org
        2000595 || BLEEDING-EDGE Malware Gator Checkin || 
url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2000596 || BLEEDING-EDGE Malware Gator/Claria Data Submission || 
url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2000597 || BLEEDING-EDGE Malware Gator New Code Download || 
url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2001185 || BLEEDING-EDGE P2P Soulseek traffic || url,www.slsknet.org
        2001186 || BLEEDING-EDGE P2P Soulseek traffic || url,www.slsknet.org
        2001187 || BLEEDING-EDGE P2P Soulseek Filesearch Results || 
url,www.slsknet.org
        2001188 || BLEEDING-EDGE P2P Soulseek || url,www.slsknet.org
        2001296 || BLEEDING-EDGE P2P eDonkey File Status || url,www.edonkey.com
        2001297 || BLEEDING-EDGE P2P eDonkey File Status Request || 
url,www.edonkey.com
        2001298 || BLEEDING-EDGE P2P eDonkey Server Status Request || 
url,www.edonkey.com
        2001299 || BLEEDING-EDGE P2P eDonkey Server Status || 
url,www.edonkey.com
        2001300 || BLEEDING-EDGE P2P eDonkey Hello Request || 
url,www.edonkey.com
        2001305 || BLEEDING-EDGE P2P eDonkey Search || url,www.edonkey.com
        2001306 || BLEEDING-EDGE Malware Gator/Clarian Agent || 
url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2001345 || BLEEDING-EDGE MALWARE Bonziportal Traffic || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=59256
        2001521 || BLEEDING-EDGE MALWARE Spywaremover Activity || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903
        2001546 || BLEEDING-EDGE WEB-MISC LINK Method || 
url,www.w3.org/Protocols/HTTP/Methods/Link.html
        2001635 || BLEEDING-EDGE DOS HTTP GET with newline appended || 
cve,2004-0942
        2001636 || BLEEDING-EDGE DOS squ1rt Apache DoS || cve,2004-0942
        2001664 || BLEEDING-EDGE P2P Gnutella Connect || url,www.gnutella.com
        2001705 || BLEEDING-EDGE Malware Flingstone Spyware Install || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
        2001710 || BLEEDING-EDGE Malware Flingstone Spyware Install || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
        2001796 || BLEEDING-EDGE P2P kazaa over UDP || 
url,www.kazaa.com/us/index.htm
        2001812 || BLEEDING-EDGE KazaaClient P2P Traffic || 
url,www.kazaa.com/us/index.htm
        2001841 || BLEEDING-EDGE P2P UDP traffic -- Likely Limewire || 
url,www.limewire.com
        2002089 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
        2002095 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
        2002157 || BLEEDING-EDGE POLICY Skype User-Agent detected

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (31):
        2000025 || BLEEDING-EDGE Malware Gator Cookie
        2000335 || BLEEDING-EDGE P2P Overnet Server Announce
        2000338 || BLEEDING-EDGE P2P iroffer IRC Bot help message
        2000339 || BLEEDING-EDGE P2P iroffer IRC Bot offered files advertisement
        2000595 || BLEEDING-EDGE Malware Gator Checkin
        2000596 || BLEEDING-EDGE Malware Gator/Claria Data Submission
        2000597 || BLEEDING-EDGE Malware Gator New Code Download
        2001185 || BLEEDING-EDGE P2P Soulseek traffic
        2001186 || BLEEDING-EDGE P2P Soulseek traffic
        2001187 || BLEEDING-EDGE P2P Soulseek Filesearch Results
        2001188 || BLEEDING-EDGE P2P Soulseek
        2001296 || BLEEDING-EDGE P2P eDonkey File Status
        2001297 || BLEEDING-EDGE P2P eDonkey File Status Request
        2001298 || BLEEDING-EDGE P2P eDonkey Server Status Request
        2001299 || BLEEDING-EDGE P2P eDonkey Server Status
        2001300 || BLEEDING-EDGE P2P eDonkey Hello Request
        2001305 || BLEEDING-EDGE P2P eDonkey Search
        2001306 || BLEEDING-EDGE Malware Gator/Clarian Agent
        2001345 || BLEEDING-EDGE MALWARE Bonziportal Traffic || 
url,www.bonzibuddy.com
        2001521 || BLEEDING-EDGE MALWARE Spywaremover Activity || 
www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903
        2001546 || BLEEDING-EDGE WEB-MISC LINK Method
        2001635 || BLEEDING-EDGE DOS HTTP GET with newline appended
        2001636 || BLEEDING-EDGE DOS squ1rt Apache DoS
        2001664 || BLEEDING-EDGE P2P Gnutella Connect
        2001705 || BLEEDING-EDGE Malware Flingstone Spyware Install
        2001710 || BLEEDING-EDGE Malware Flingstone Spyware Install
        2001796 || BLEEDING-EDGE P2P kazaa over UDP
        2001812 || BLEEDING-EDGE KazaaClient P2P Traffic
        2001841 || BLEEDING-EDGE P2P UDP traffic -- Likely Limewire
        2002089 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer
        2002095 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] add established on sid 2048 ?, rmkml
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]