Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date: Mon, 15 Jan 2007 20:00:04 +0000 (UTC) 

[***] Results from Oinkmaster started Mon Jan 15 20:00:04 2007 [***]

[+++]          Added rules:          [+++]

 2003254 - BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003255 - BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Linux Source) 
(bleeding-malware.rules)
 2003256 - BLEEDING-EDGE MALWARE Socksv4 Port 25 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003257 - BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Linux Source) 
(bleeding-malware.rules)
 2003258 - BLEEDING-EDGE MALWARE Socksv5 DNS Inbound Request (Windows Source) 
(bleeding-malware.rules)
 2003259 - BLEEDING-EDGE MALWARE Socksv5 DNS Inbound Request (Linux Source) 
(bleeding-malware.rules)
 2003260 - BLEEDING-EDGE MALWARE Socksv5 HTTP Proxy Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003261 - BLEEDING-EDGE MALWARE Socksv5 HTTP Proxy Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003262 - BLEEDING-EDGE MALWARE Socksv4 HTTP Proxy Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003263 - BLEEDING-EDGE MALWARE Socksv4 HTTP Proxy Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003264 - BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Windows Source) 
(bleeding-malware.rules)
 2003265 - BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Linux Source) 
(bleeding-malware.rules)
 2003266 - BLEEDING-EDGE MALWARE Socksv5 Port 443 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003267 - BLEEDING-EDGE MALWARE Socksv5 Port 443 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003268 - BLEEDING-EDGE MALWARE Socksv4 Port 443 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003269 - BLEEDING-EDGE MALWARE Socksv4 Port 443 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003270 - BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003271 - BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003272 - BLEEDING-EDGE MALWARE Socksv4 Port 5190 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003273 - BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003274 - BLEEDING-EDGE MALWARE Socksv5 Port 1863 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003275 - BLEEDING-EDGE MALWARE Socksv5 Port 1863 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003276 - BLEEDING-EDGE MALWARE Socksv4 Port 1863 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003277 - BLEEDING-EDGE MALWARE Socksv4 Port 1863 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003278 - BLEEDING-EDGE MALWARE Socksv5 Port 5050 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003279 - BLEEDING-EDGE MALWARE Socksv5 Port 5050 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003280 - BLEEDING-EDGE MALWARE Socksv4 Port 5050 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003281 - BLEEDING-EDGE MALWARE Socksv4 Port 5050 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003282 - BLEEDING-EDGE MALWARE Socksv4 Inbound Connect Request (Windows 
Source) (bleeding-malware.rules)
 2003283 - BLEEDING-EDGE MALWARE Socksv4 Inbound Connect Request (Linux Source) 
(bleeding-malware.rules)
 2003284 - BLEEDING-EDGE MALWARE Socksv5 IPv6 Inbound Connect Request (Windows 
Source) (bleeding-malware.rules)
 2003285 - BLEEDING-EDGE MALWARE Socksv5 IPv6 Inbound Connect Request (Linux 
Source) (bleeding-malware.rules)
 2003286 - BLEEDING-EDGE MALWARE Socksv5 UDP Proxy Inbound Connect Request 
(Windows Source) (bleeding-malware.rules)
 2003287 - BLEEDING-EDGE MALWARE Socksv5 UDP Proxy Inbound Connect Request 
(Linux Source) (bleeding-malware.rules)
 2003288 - BLEEDING-EDGE MALWARE Socksv4 Bind Inbound (Windows Source) 
(bleeding-malware.rules)
 2003289 - BLEEDING-EDGE MALWARE Socksv4 Bind Inbound (Linux Source) 
(bleeding-malware.rules)
 2003290 - BLEEDING-EDGE MALWARE Socksv5 Bind Inbound (Linux Source) 
(bleeding-malware.rules)
 2003291 - BLEEDING-EDGE MALWARE Socksv5 Bind Inbound (Windows Source) 
(bleeding-malware.rules)
 2003292 - BLEEDING-EDGE WORM Allaple ICMP Sweep Ping Outbound 
(bleeding-virus.rules)
 2003293 - BLEEDING-EDGE WORM Allaple ICMP Sweep Reply Inbound 
(bleeding-virus.rules)
 2003294 - BLEEDING-EDGE WORM Allaple ICMP Sweep Ping Inbound 
(bleeding-virus.rules)
 2003295 - BLEEDING-EDGE WORM Allaple ICMP Sweep Reply Outbound 
(bleeding-virus.rules)
 2003296 - BLEEDING-EDGE TROJAN Possible Web-based DDoS-command being issued 
(bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2002992 - BLEEDING-EDGE SCAN Rapid POP3 Connections - Possible Brute Force 
Attack (bleeding-scan.rules)
 2002993 - BLEEDING-EDGE SCAN Rapid POP3S Connections - Possible Brute Force 
Attack (bleeding-scan.rules)
 2002994 - BLEEDING-EDGE SCAN Rapid IMAP Connections - Possible Brute Force 
Attack (bleeding-scan.rules)
 2002995 - BLEEDING-EDGE SCAN Rapid IMAPS Connections - Possible Brute Force 
Attack (bleeding-scan.rules)
 2003099 - BLEEDING-EDGE WEB-MISC Poison Null Byte (bleeding-web.rules)
 2003180 - BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to 
Controller (bleeding-virus.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  
(bleeding-botcc.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 56

     -> Added to bleeding-drop.rules (1):
        #  VERSION 56

     -> Added to bleeding-malware.rules (7):
        #by William Salusky of the ISC (www.incidents.org)
        # Details and updates available here 
http://handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        # If you have any socks proxies being abused in your environment... The 
following four rules are MONEY.
        # The following rules open ended arbitrary Socks4 detection of ANY port 
being proxied.  I run this only on occasion when looking for sketchy new 
activity.  A better rule would do byte tests to exclude common target ports of 
25, 80 etc...
        # Another case of rules that fire according to RFC standards, but I 
haven't really witnessed this type of traffic to confirm.
        # Another case of rules that fire according to RFC standards, but I 
haven't really witnessed this type of traffic to confirm.
        # I keep these mostly commented, while they are correct according to 
RFC for BIND actions, in practice I've found only FP's which I still need to 
dig through and see what's really going on there.

     -> Added to bleeding-sid-msg.map (44):
        2003180 || BLEEDING-EDGE TROJAN Possible Warezov/Stration Data Post to 
Controller || url,www.sophos.com/security/analyses/w32strationbo.html
        2003254 || BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003255 || BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003256 || BLEEDING-EDGE MALWARE Socksv4 Port 25 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003257 || BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003258 || BLEEDING-EDGE MALWARE Socksv5 DNS Inbound Request (Windows 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003259 || BLEEDING-EDGE MALWARE Socksv5 DNS Inbound Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003260 || BLEEDING-EDGE MALWARE Socksv5 HTTP Proxy Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003261 || BLEEDING-EDGE MALWARE Socksv5 HTTP Proxy Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003262 || BLEEDING-EDGE MALWARE Socksv4 HTTP Proxy Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003263 || BLEEDING-EDGE MALWARE Socksv4 HTTP Proxy Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003264 || BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Windows 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003265 || BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003266 || BLEEDING-EDGE MALWARE Socksv5 Port 443 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003267 || BLEEDING-EDGE MALWARE Socksv5 Port 443 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003268 || BLEEDING-EDGE MALWARE Socksv4 Port 443 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003269 || BLEEDING-EDGE MALWARE Socksv4 Port 443 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003270 || BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003271 || BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003272 || BLEEDING-EDGE MALWARE Socksv4 Port 5190 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003273 || BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003274 || BLEEDING-EDGE MALWARE Socksv5 Port 1863 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003275 || BLEEDING-EDGE MALWARE Socksv5 Port 1863 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003276 || BLEEDING-EDGE MALWARE Socksv4 Port 1863 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003277 || BLEEDING-EDGE MALWARE Socksv4 Port 1863 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003278 || BLEEDING-EDGE MALWARE Socksv5 Port 5050 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003279 || BLEEDING-EDGE MALWARE Socksv5 Port 5050 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003280 || BLEEDING-EDGE MALWARE Socksv4 Port 5050 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003281 || BLEEDING-EDGE MALWARE Socksv4 Port 5050 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003282 || BLEEDING-EDGE MALWARE Socksv4 Inbound Connect Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003283 || BLEEDING-EDGE MALWARE Socksv4 Inbound Connect Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003284 || BLEEDING-EDGE MALWARE Socksv5 IPv6 Inbound Connect Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003285 || BLEEDING-EDGE MALWARE Socksv5 IPv6 Inbound Connect Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003286 || BLEEDING-EDGE MALWARE Socksv5 UDP Proxy Inbound Connect 
Request (Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003287 || BLEEDING-EDGE MALWARE Socksv5 UDP Proxy Inbound Connect 
Request (Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003288 || BLEEDING-EDGE MALWARE Socksv4 Bind Inbound (Windows Source) 
|| url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003289 || BLEEDING-EDGE MALWARE Socksv4 Bind Inbound (Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003290 || BLEEDING-EDGE MALWARE Socksv5 Bind Inbound (Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003291 || BLEEDING-EDGE MALWARE Socksv5 Bind Inbound (Windows Source) 
|| url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003292 || BLEEDING-EDGE WORM Allaple ICMP Sweep Ping Outbound || 
url,www.sophos.com/virusinfo/analyses/w32allapleb.html
        2003293 || BLEEDING-EDGE WORM Allaple ICMP Sweep Reply Inbound || 
url,www.sophos.com/virusinfo/analyses/w32allapleb.html
        2003294 || BLEEDING-EDGE WORM Allaple ICMP Sweep Ping Inbound || 
url,www.sophos.com/virusinfo/analyses/w32allapleb.html
        2003295 || BLEEDING-EDGE WORM Allaple ICMP Sweep Reply Outbound || 
url,www.sophos.com/virusinfo/analyses/w32allapleb.html
        2003296 || BLEEDING-EDGE TROJAN Possible Web-based DDoS-command being 
issued

     -> Added to bleeding-virus.rules (2):
        #from anonymous
        #by Matt Jonkman

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Removed from bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 53

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 53

     -> Removed from bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Removed from bleeding-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Removed from bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Removed from bleeding-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Removed from bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Removed from bleeding-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Removed from bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Removed from bleeding-sid-msg.map (7):
        2003180 || BLEEDING-EDGE TROJAN Warezov/Stration Data Post to 
Controller || url,www.sophos.com/security/analyses/w32strationbo.html
        2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
|| url,www.shadowserver.org
        2404007 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
|| url,www.shadowserver.org
        2404008 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  
|| url,www.shadowserver.org
        2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - 
BLOCKING SOURCE || url,www.shadowserver.org
        2405007 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - 
BLOCKING SOURCE || url,www.shadowserver.org
        2405008 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - 
BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from bleeding-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Removed from bleeding-web.rules (1):
        # $Id: bleeding-web.rules $


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Date:  [Snort-sigs] Error With Flowbit dce.bind.netware_cs, Bamm Visscher
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]