Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Update
Date: Thu, 26 Oct 2006 21:00:08 -0400 (EDT) 

[***] Results from Oinkmaster started Thu Oct 26 21:00:07 2006 [***]

[+++]          Added rules:          [+++]

 2003148 - BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution Attempt 
/nds (linewrap) (bleeding-exploit.rules)
 2003149 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (linux 
style) (bleeding-attack_response.rules)
 2003150 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD 
style) (bleeding-attack_response.rules)
 2003151 - BLEEDING-EDGE Malware Fun Web Products SmileyCentral IEsp2 Install 
(bleeding-malware.rules)
 2003152 - BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability 
- show_archives (bleeding-web.rules)
 2410021 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 22)  
(bleeding-botcc.rules)
 2411021 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 22) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)


[///]     Modified active rules:     [///]

 2002668 - BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability 
- show_news (bleeding-web.rules)
 2003126 - BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on port 25 
(bleeding-policy.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2410005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2410006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2410007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2410008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  
(bleeding-botcc.rules)
 2410009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  
(bleeding-botcc.rules)
 2410010 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  
(bleeding-botcc.rules)
 2410011 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  
(bleeding-botcc.rules)
 2410012 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  
(bleeding-botcc.rules)
 2410013 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  
(bleeding-botcc.rules)
 2410014 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  
(bleeding-botcc.rules)
 2410015 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  
(bleeding-botcc.rules)
 2410016 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  
(bleeding-botcc.rules)
 2410017 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  
(bleeding-botcc.rules)
 2410018 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 19)  
(bleeding-botcc.rules)
 2410019 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 20)  
(bleeding-botcc.rules)
 2410020 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 21)  
(bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411010 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411011 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411012 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411013 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411014 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411015 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411016 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411017 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411018 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 19) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411019 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 20) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2411020 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 21) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (1) (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (2) (bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001750 - BLEEDING-EDGE VIRUS Sober.K Worm - outgoing (bleeding-virus.rules)
 2001902 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (2) 
(bleeding-virus.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (2) 
(bleeding-virus.rules)
 2002055 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (1) 
(bleeding-virus.rules)
 2002057 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (3) 
(bleeding-virus.rules)
 2002059 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (1) 
(bleeding-virus.rules)
 2002391 - BLEEDING-EDGE VIRUS CME-151 Sober.R SMTP Outbound 
(bleeding-virus.rules)
 2002686 - BLEEDING-EDGE VIRUS Sober.AA (.Z,.AG,.X,.Y,.W) worm SMTP Outbound 
(bleeding-virus.rules)


[---]         Removed rules:         [---]

 2001545 - BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection 
detected! (bleeding-attack_response.rules)
 2001717 - BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute 
Force Attack (bleeding-attack_response.rules)
 3003147 - BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution Attempt 
/nds (linewrap) (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (8):
        2002668 || BLEEDING-EDGE WEB CutePHP CuteNews directory traversal 
vulnerability - show_news || bugtraq,15295
        2003148 || BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution 
Attempt /nds (linewrap)
        2003149 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP 
(linux style)
        2003150 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP 
(BSD style)
        2003151 || BLEEDING-EDGE Malware Fun Web Products SmileyCentral IEsp2 
Install || url,www.myfuncards.com
        2003152 || BLEEDING-EDGE WEB CutePHP CuteNews directory traversal 
vulnerability - show_archives || bugtraq,15295
        2410021 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 22)  
|| url,www.shadowserver.org
        2411021 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 22) - 
BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (4):
        # Access to backdoor created by some SSL exploit
        #No longer very useful. Disablnig, delete in the future
        #By Matt Jonkman
        # Still doesn't work, but we hope to figure out a way in the future...

     -> Removed from bleeding-sid-msg.map (4):
        2001545 || BLEEDING-EDGE ATTACK RESPONSE Potential root shell 
connection detected!
        2001717 || BLEEDING-EDGE ATTACK RESPONSE Successful user connection 
AFTER Brute Force Attack
        2002668 || BLEEDING-EDGE WEB CutePHP CuteNews directory traversal 
vulnerability || bugtraq,15295
        3003147 || BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution 
Attempt /nds (linewrap)


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] False Positives, Maxwell Lutticken
Next by Date:  [Snort-sigs] High FP for sid 8428 (SSL get_shared_ciphers() overflow), Jon Hart
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]