Network Security: Detailed info on [Snort-sigs] Snort Community Rules Update

Subject:	[Snort-sigs] Snort Community Rules Update
Date:	Tue, 04 Apr 2006 09:19:01 -0400

This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000240-100000278. These rules detect common botnet traffic over IRC.

Sourcefire would like to thank David Bianco for submitting these rules. As a reminder, anyone who wishes to submit rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000240 || COMMUNITY BOT IRC Traffic Detected By Nick Change
100000241 || COMMUNITY BOT Internal IRC server detected
100000242 || COMMUNITY BOT Agobot/PhatBot bot.about command
100000243 || COMMUNITY BOT Agobot/PhatBot bot.die command
100000244 || COMMUNITY BOT Agobot/PhatBot bot.dns command
100000245 || COMMUNITY BOT Agobot/PhatBot bot.execute command
100000246 || COMMUNITY BOT Agobot/PhatBot bot.id command
100000247 || COMMUNITY BOT Agobot/PhatBot bot.nick command
100000248 || COMMUNITY BOT Agobot/PhatBot bot.open command
100000249 || COMMUNITY BOT Agobot/PhatBot bot.remove command
100000250 || COMMUNITY BOT Agobot/PhatBot bot.removeallbut command
100000251 || COMMUNITY BOT Agobot/PhatBot bot.rndnick command
100000252 || COMMUNITY BOT Agobot/PhatBot bot.status command
100000253 || COMMUNITY BOT Agobot/PhatBot bot.sysinfo command
100000254 || COMMUNITY BOT Agobot/PhatBot bot.longuptime command
100000255 || COMMUNITY BOT Agobot/PhatBot bot.highspeed command
100000256 || COMMUNITY BOT Agobot/PhatBot bot.quit command
100000257 || COMMUNITY BOT Agobot/PhatBot bot.flushdns command
100000258 || COMMUNITY BOT Agobot/PhatBot bot.secure command
100000259 || COMMUNITY BOT Agobot/PhatBot bot.unsecure command
100000260 || COMMUNITY BOT Agobot/PhatBot bot.command command
100000261 || COMMUNITY BOT SDBot killthread command
100000262 || COMMUNITY BOT SDBot cdkey command
100000263 || COMMUNITY BOT SDBot getcdkey command
100000264 || COMMUNITY BOT SDBot rndnick command
100000265 || COMMUNITY BOT SDBot c_rndnick command
100000266 || COMMUNITY BOT SDBot c_nick command
100000267 || COMMUNITY BOT SpyBot stopspy  command
100000268 || COMMUNITY BOT SpyBot redirectspy  command
100000269 || COMMUNITY BOT SpyBot loadclones command
100000270 || COMMUNITY BOT SpyBot killclones command
100000271 || COMMUNITY BOT SpyBot rawclones  command
100000272 || COMMUNITY BOT GTBot ver command
100000273 || COMMUNITY BOT GTBot info command
100000274 || COMMUNITY BOT GTBot scan command
100000275 || COMMUNITY BOT GTBot portscan command
100000276 || COMMUNITY BOT GTBot stopscan command
100000277 || COMMUNITY BOT GTBot packet command
100000278 || COMMUNITY BOT GTBot bnc command


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Snort Community Rules Update, Sourcefire VRT <= [Snort-sigs] Snort Community Rules Update, Sourcefire VRT [Snort-sigs] Snort Community Rules Update, Sourcefire VRT [Snort-sigs] Snort Community Rules Update, Sourcefire VRT RE: [Snort-sigs] Snort Community Rules Update, Michael Scheidell

Next by Date:	[Snort-sigs] false positive on sid:542, Monica Cloutier
Next by Thread:	[Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Indexes:	[Date] [Thread] [Top] [All Lists]