Network Security: Detailed info on [Snort-sigs] Bleedingsnort.com Daily Update

Subject:	[Snort-sigs] Bleedingsnort.com Daily Update
Date:	Sun, 26 Feb 2006 20:00:09 -0500 (EST)


[***] Results from Oinkmaster started Sun Feb 26 20:00:09 2006 [***]

[+++]          Added rules:          [+++]

 2002822 - BLEEDING-EDGE POLICY Wget User Agent (bleeding-policy.rules)
 2002823 - BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Wget 
(bleeding-policy.rules)
 2002824 - BLEEDING-EDGE POLICY CURL User Agent (bleeding-policy.rules)
 2002825 - BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Curl 
(bleeding-policy.rules)
 2002826 - BLEEDING-EDGE POLICY fetch User Agent (bleeding-policy.rules)
 2002827 - BLEEDING-EDGE POLICY POSSIBLE Crawl using Fetch 
(bleeding-policy.rules)
 2002828 - BLEEDING-EDGE POLICY googlebot User Agent (bleeding-policy.rules)
 2002829 - BLEEDING-EDGE POLICY Googlebot Crawl (bleeding-policy.rules)
 2002830 - BLEEDING-EDGE POLICY msnbot User Agent (bleeding-policy.rules)
 2002831 - BLEEDING-EDGE POLICY Msnbot Crawl (bleeding-policy.rules)
 2002832 - BLEEDING-EDGE POLICY Yahoo Crawler User Agent (bleeding-policy.rules)
 2002833 - BLEEDING-EDGE POLICY Yahoo Crawler Crawl (bleeding-policy.rules)
 2002835 - BLEEDING-EDGE SCAN FTP Brute Force Attempts (bleeding-scan.rules)


[///]     Modified active rules:     [///]

 2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code Attempt 
(bleeding-exploit.rules)
 2002799 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt 
(bleeding-exploit.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #By Shirkdog, tweaks by Dale Handy

     -> Added to bleeding-policy.rules (3):
        #by Jacob Kitchel of infotex
        #These are of particular use in detecting recon for phishing, etc.
        #These aren't security issues necessarily, but you may be interested in 
seeing how often these crawlers hit you

     -> Added to bleeding-scan.rules (1):
        #Matt jonkman. Adapted from snort.org 491

     -> Added to bleeding-sid-msg.map (15):
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code 
Attempt || url,www.frsirt.com/english/advisories/2005/0119 || cve,2004-0848
        2002799 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code 
Attempt || url,www.frsirt.com/english/advisories/2005/0119 || cve,2004-0848
        2002822 || BLEEDING-EDGE POLICY Wget User Agent || 
url,www.gnu.org/software/wget
        2002823 || BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Wget || 
url,www.gnu.org/software/wget/
        2002824 || BLEEDING-EDGE POLICY CURL User Agent || url,curl.haxx.se
        2002825 || BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Curl || 
url,curl.haxx.se
        2002826 || BLEEDING-EDGE POLICY fetch User Agent || 
url,gobsd.com/code/freebsd/lib/libfetch
        2002827 || BLEEDING-EDGE POLICY POSSIBLE Crawl using Fetch || 
url,gobsd.com/code/freebsd/lib/libfetch
        2002828 || BLEEDING-EDGE POLICY googlebot User Agent || 
url,www.google.com/webmasters/bot.html
        2002829 || BLEEDING-EDGE POLICY Googlebot Crawl || 
url,www.google.com/webmasters/bot.html
        2002830 || BLEEDING-EDGE POLICY msnbot User Agent || 
url,search.msn.com/msnbot.htm
        2002831 || BLEEDING-EDGE POLICY Msnbot Crawl || 
url,search.msn.com/msnbot.htm
        2002832 || BLEEDING-EDGE POLICY Yahoo Crawler User Agent || 
url,mms-mmcrawler-support@yahoo-inc.com
        2002833 || BLEEDING-EDGE POLICY Yahoo Crawler Crawl || 
url,mms-mmcrawler-support@yahoo-inc.com
        2002835 || BLEEDING-EDGE SCAN FTP Brute Force Attempts

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-exploit.rules (1):
        #By Shirkdog

     -> Removed from bleeding-sid-msg.map (2):
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code 
Attempt || url,www.frsirt.com/english/advisories/2005/0119
        2002799 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code 
Attempt || url,www.frsirt.com/english/advisories/2005/0119



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Bleedingsnort.com Daily Update, (continued) [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding <= [Snort-sigs] Bleedingsnort.com Daily Update, bleeding

Previous by Date:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:	[Date] [Thread] [Top] [All Lists]