[***] Results from Oinkmaster started Thu Jun 29 21:00:10 2006 [***]
[+++] Added rules: [+++]
2002992 - BLEEDING-EDGE SCAN Rapid POP3 Connections - Possible Brute Force
Attack (bleeding-scan.rules)
2002993 - BLEEDING-EDGE SCAN Rapid POP3S Connections - Possible Brute Force
Attack (bleeding-scan.rules)
2002994 - BLEEDING-EDGE SCAN Rapid IMAP Connections - Possible Brute Force
Attack (bleeding-scan.rules)
2002995 - BLEEDING-EDGE SCAN Rapid IMAPS Connections - Possible Brute Force
Attack (bleeding-scan.rules)
2002996 - BLEEDING-EDGE WEB-PHP GeekLog Remote File Include Vulnerability
(bleeding-web.rules)
2002997 - BLEEDING-EDGE WEB PHP Remote File Inclusion (monster list)
(bleeding-web.rules)
2002998 - BLEEDING-EDGE SMTP HELO Non-Displayable Characters MailEnable Denial
of Service (bleeding-dos.rules)
[///] Modified active rules: [///]
2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
[---] Disabled and modified rules: [---]
2001814 - BLEEDING-EDGE Spambot Proxy Control Channel (bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-scan.rules (2):
#Matt Jonkman
# Looking for brute forcing of mail services
-> Added to bleeding-sid-msg.map (8):
2001814 || BLEEDING-EDGE Spambot Proxy Control Channel ||
url,isc.sans.org/diary.php?storyid=722
2002992 || BLEEDING-EDGE SCAN Rapid POP3 Connections - Possible Brute
Force Attack
2002993 || BLEEDING-EDGE SCAN Rapid POP3S Connections - Possible Brute
Force Attack
2002994 || BLEEDING-EDGE SCAN Rapid IMAP Connections - Possible Brute
Force Attack
2002995 || BLEEDING-EDGE SCAN Rapid IMAPS Connections - Possible Brute
Force Attack
2002996 || BLEEDING-EDGE WEB-PHP GeekLog Remote File Include
Vulnerability ||
url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
2002997 || BLEEDING-EDGE WEB PHP Remote File Inclusion (monster list)
|| url,www.sans.org/top20/
2002998 || BLEEDING-EDGE SMTP HELO Non-Displayable Characters
MailEnable Denial of Service || bugtraq,18630 || cve,2006-3277
-> Added to bleeding-web.rules (1):
# Submitted 2006-06-29 by Frank Knobbe
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (1):
2001814 || BLEEDING-EDGE Spambot Proxy Control Channel
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
