Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date: Thu, 4 Oct 2007 00:00:34 +0000 (UTC) 

[***] Results from Oinkmaster started Thu Oct  4 00:00:33 2007 [***]

[///]     Modified active rules:     [///]

 2003254 - BLEEDING-EDGE MALWARE SOCKSv5 Port 25 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003255 - BLEEDING-EDGE MALWARE SOCKSv5 Port 25 Inbound Request (Linux Source) 
(bleeding-malware.rules)
 2003256 - BLEEDING-EDGE MALWARE SOCKSv4 Port 25 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003257 - BLEEDING-EDGE MALWARE SOCKSv5 Port 25 Inbound Request (Linux Source) 
(bleeding-malware.rules)
 2003258 - BLEEDING-EDGE MALWARE SOCKSv5 DNS Inbound Request (Windows Source) 
(bleeding-malware.rules)
 2003259 - BLEEDING-EDGE MALWARE SOCKSv5 DNS Inbound Request (Linux Source) 
(bleeding-malware.rules)
 2003260 - BLEEDING-EDGE MALWARE SOCKSv5 HTTP Proxy Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003261 - BLEEDING-EDGE MALWARE SOCKSv5 HTTP Proxy Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003262 - BLEEDING-EDGE MALWARE SOCKSv4 HTTP Proxy Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003263 - BLEEDING-EDGE MALWARE SOCKSv4 HTTP Proxy Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003264 - BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Windows Source) 
(bleeding-malware.rules)
 2003265 - BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Linux Source) 
(bleeding-malware.rules)
 2003266 - BLEEDING-EDGE MALWARE SOCKSv5 Port 443 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003267 - BLEEDING-EDGE MALWARE SOCKSv5 Port 443 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003268 - BLEEDING-EDGE MALWARE SOCKSv4 Port 443 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003269 - BLEEDING-EDGE MALWARE SOCKSv4 Port 443 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003270 - BLEEDING-EDGE MALWARE SOCKSv5 Port 5190 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003271 - BLEEDING-EDGE MALWARE SOCKSv5 Port 5190 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003272 - BLEEDING-EDGE MALWARE SOCKSv4 Port 5190 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003273 - BLEEDING-EDGE MALWARE SOCKSv5 Port 5190 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003274 - BLEEDING-EDGE MALWARE SOCKSv5 Port 1863 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003275 - BLEEDING-EDGE MALWARE SOCKSv5 Port 1863 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003276 - BLEEDING-EDGE MALWARE SOCKSv4 Port 1863 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003277 - BLEEDING-EDGE MALWARE SOCKSv4 Port 1863 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003278 - BLEEDING-EDGE MALWARE SOCKSv5 Port 5050 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003279 - BLEEDING-EDGE MALWARE SOCKSv5 Port 5050 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003280 - BLEEDING-EDGE MALWARE SOCKSv4 Port 5050 Inbound Request (Windows 
Source) (bleeding-malware.rules)
 2003281 - BLEEDING-EDGE MALWARE SOCKSv4 Port 5050 Inbound Request (Linux 
Source) (bleeding-malware.rules)
 2003282 - BLEEDING-EDGE MALWARE SOCKSv4 Inbound Connect Request (Windows 
Source) (bleeding-malware.rules)
 2003283 - BLEEDING-EDGE MALWARE SOCKSv4 Inbound Connect Request (Linux Source) 
(bleeding-malware.rules)
 2003284 - BLEEDING-EDGE MALWARE SOCKSv5 IPv6 Inbound Connect Request (Windows 
Source) (bleeding-malware.rules)
 2003285 - BLEEDING-EDGE MALWARE SOCKSv5 IPv6 Inbound Connect Request (Linux 
Source) (bleeding-malware.rules)
 2003286 - BLEEDING-EDGE MALWARE SOCKSv5 UDP Proxy Inbound Connect Request 
(Windows Source) (bleeding-malware.rules)
 2003287 - BLEEDING-EDGE MALWARE SOCKSv5 UDP Proxy Inbound Connect Request 
(Linux Source) (bleeding-malware.rules)
 2003933 - BLEEDING-EDGE TROJAN Banker.Delf User-Agent (Ms) 
(bleeding-virus.rules)
 2006380 - BLEEDING-EDGE POLICY Outgoing Basic Auth Base64 HTTP Password 
detected unencrypted (bleeding-policy.rules)
 2006402 - BLEEDING-EDGE POLICY Incoming Basic Auth Base64 HTTP Password 
detected unencrypted (bleeding-policy.rules)


[///]    Modified inactive rules:    [///]

 2003288 - BLEEDING-EDGE MALWARE SOCKSv4 Bind Inbound (Windows Source) 
(bleeding-malware.rules)
 2003289 - BLEEDING-EDGE MALWARE SOCKSv4 Bind Inbound (Linux Source) 
(bleeding-malware.rules)
 2003290 - BLEEDING-EDGE MALWARE SOCKSv5 Bind Inbound (Linux Source) 
(bleeding-malware.rules)
 2003291 - BLEEDING-EDGE MALWARE SOCKSv5 Bind Inbound (Windows Source) 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (2):
        # Details and updates available here 
http://handlers.sans.org/wsalusky/rants/
        #Cleanup and updates by John Pritchard

     -> Added to bleeding-sid-msg.map (58):
        2003254 || BLEEDING-EDGE MALWARE SOCKSv5 Port 25 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003255 || BLEEDING-EDGE MALWARE SOCKSv5 Port 25 Inbound Request (Linux 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003256 || BLEEDING-EDGE MALWARE SOCKSv4 Port 25 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003257 || BLEEDING-EDGE MALWARE SOCKSv5 Port 25 Inbound Request (Linux 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003258 || BLEEDING-EDGE MALWARE SOCKSv5 DNS Inbound Request (Windows 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003259 || BLEEDING-EDGE MALWARE SOCKSv5 DNS Inbound Request (Linux 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003260 || BLEEDING-EDGE MALWARE SOCKSv5 HTTP Proxy Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003261 || BLEEDING-EDGE MALWARE SOCKSv5 HTTP Proxy Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003262 || BLEEDING-EDGE MALWARE SOCKSv4 HTTP Proxy Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003263 || BLEEDING-EDGE MALWARE SOCKSv4 HTTP Proxy Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003264 || BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Windows 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003265 || BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Linux 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003266 || BLEEDING-EDGE MALWARE SOCKSv5 Port 443 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003267 || BLEEDING-EDGE MALWARE SOCKSv5 Port 443 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003268 || BLEEDING-EDGE MALWARE SOCKSv4 Port 443 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003269 || BLEEDING-EDGE MALWARE SOCKSv4 Port 443 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003270 || BLEEDING-EDGE MALWARE SOCKSv5 Port 5190 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003271 || BLEEDING-EDGE MALWARE SOCKSv5 Port 5190 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003272 || BLEEDING-EDGE MALWARE SOCKSv4 Port 5190 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003273 || BLEEDING-EDGE MALWARE SOCKSv5 Port 5190 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003274 || BLEEDING-EDGE MALWARE SOCKSv5 Port 1863 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003275 || BLEEDING-EDGE MALWARE SOCKSv5 Port 1863 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003276 || BLEEDING-EDGE MALWARE SOCKSv4 Port 1863 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003277 || BLEEDING-EDGE MALWARE SOCKSv4 Port 1863 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003278 || BLEEDING-EDGE MALWARE SOCKSv5 Port 5050 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003279 || BLEEDING-EDGE MALWARE SOCKSv5 Port 5050 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003280 || BLEEDING-EDGE MALWARE SOCKSv4 Port 5050 Inbound Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003281 || BLEEDING-EDGE MALWARE SOCKSv4 Port 5050 Inbound Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003282 || BLEEDING-EDGE MALWARE SOCKSv4 Inbound Connect Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003283 || BLEEDING-EDGE MALWARE SOCKSv4 Inbound Connect Request (Linux 
Source) || url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt 
|| url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003284 || BLEEDING-EDGE MALWARE SOCKSv5 IPv6 Inbound Connect Request 
(Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003285 || BLEEDING-EDGE MALWARE SOCKSv5 IPv6 Inbound Connect Request 
(Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003286 || BLEEDING-EDGE MALWARE SOCKSv5 UDP Proxy Inbound Connect 
Request (Windows Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003287 || BLEEDING-EDGE MALWARE SOCKSv5 UDP Proxy Inbound Connect 
Request (Linux Source) || url,www.ietf.org/rfc/rfc3089.txt || 
url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc1929.txt || 
url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003288 || BLEEDING-EDGE MALWARE SOCKSv4 Bind Inbound (Windows Source) 
|| url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt || 
url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003289 || BLEEDING-EDGE MALWARE SOCKSv4 Bind Inbound (Linux Source) || 
url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt || 
url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003290 || BLEEDING-EDGE MALWARE SOCKSv5 Bind Inbound (Linux Source) || 
url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt || 
url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2003291 || BLEEDING-EDGE MALWARE SOCKSv5 Bind Inbound (Windows Source) 
|| url,www.ietf.org/rfc/rfc3089.txt || url,www.ietf.org/rfc/rfc1961.txt || 
url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1928.txt || 
url,ss5.sourceforge.net/socks4A.protocol.txt || 
url,ss5.sourceforge.net/socks4.protocol.txt || url,en.wikipedia.org/wiki/SOCKS 
|| url,handlers.sans.org/wsalusky/rants/
        2500507 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (508) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500508 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (509) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500509 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (510) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500510 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (511) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (512) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500512 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (513) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500513 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (514) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500514 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (515) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500515 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (516) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500516 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (517) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510507 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (508) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510508 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (509) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510509 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (510) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (511) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (512) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510512 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (513) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510513 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (514) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510514 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (515) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510515 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (516) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510516 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (517) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (1):
        # Details and updates available here 
http://handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules

     -> Removed from bleeding-sid-msg.map (38):
        2003254 || BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003255 || BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003256 || BLEEDING-EDGE MALWARE Socksv4 Port 25 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003257 || BLEEDING-EDGE MALWARE Socksv5 Port 25 Inbound Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003258 || BLEEDING-EDGE MALWARE Socksv5 DNS Inbound Request (Windows 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003259 || BLEEDING-EDGE MALWARE Socksv5 DNS Inbound Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003260 || BLEEDING-EDGE MALWARE Socksv5 HTTP Proxy Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003261 || BLEEDING-EDGE MALWARE Socksv5 HTTP Proxy Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003262 || BLEEDING-EDGE MALWARE Socksv4 HTTP Proxy Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003263 || BLEEDING-EDGE MALWARE Socksv4 HTTP Proxy Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003264 || BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Windows 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003265 || BLEEDING-EDGE MALWARE HTTP Connect Request Inbound (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003266 || BLEEDING-EDGE MALWARE Socksv5 Port 443 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003267 || BLEEDING-EDGE MALWARE Socksv5 Port 443 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003268 || BLEEDING-EDGE MALWARE Socksv4 Port 443 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003269 || BLEEDING-EDGE MALWARE Socksv4 Port 443 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003270 || BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003271 || BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003272 || BLEEDING-EDGE MALWARE Socksv4 Port 5190 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003273 || BLEEDING-EDGE MALWARE Socksv5 Port 5190 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003274 || BLEEDING-EDGE MALWARE Socksv5 Port 1863 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003275 || BLEEDING-EDGE MALWARE Socksv5 Port 1863 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003276 || BLEEDING-EDGE MALWARE Socksv4 Port 1863 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003277 || BLEEDING-EDGE MALWARE Socksv4 Port 1863 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003278 || BLEEDING-EDGE MALWARE Socksv5 Port 5050 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003279 || BLEEDING-EDGE MALWARE Socksv5 Port 5050 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003280 || BLEEDING-EDGE MALWARE Socksv4 Port 5050 Inbound Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003281 || BLEEDING-EDGE MALWARE Socksv4 Port 5050 Inbound Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003282 || BLEEDING-EDGE MALWARE Socksv4 Inbound Connect Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003283 || BLEEDING-EDGE MALWARE Socksv4 Inbound Connect Request (Linux 
Source) || url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003284 || BLEEDING-EDGE MALWARE Socksv5 IPv6 Inbound Connect Request 
(Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003285 || BLEEDING-EDGE MALWARE Socksv5 IPv6 Inbound Connect Request 
(Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003286 || BLEEDING-EDGE MALWARE Socksv5 UDP Proxy Inbound Connect 
Request (Windows Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003287 || BLEEDING-EDGE MALWARE Socksv5 UDP Proxy Inbound Connect 
Request (Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003288 || BLEEDING-EDGE MALWARE Socksv4 Bind Inbound (Windows Source) 
|| url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003289 || BLEEDING-EDGE MALWARE Socksv4 Bind Inbound (Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003290 || BLEEDING-EDGE MALWARE Socksv5 Bind Inbound (Linux Source) || 
url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules
        2003291 || BLEEDING-EDGE MALWARE Socksv5 Bind Inbound (Windows Source) 
|| url,handlers.sans.org/wsalusky/ws/index.php/Snort-SOCKS-proto-rules


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]