Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date: Sat, 10 Nov 2007 20:00:13 +0000 (UTC) 

[***] Results from Oinkmaster started Sat Nov 10 20:00:13 2007 [***]

[+++]          Added rules:          [+++]

 2007672 - BLEEDING-EDGE TROJAN B0tN3t IRCbotnet (bleeding-virus.rules)
 2007673 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (1) 
(bleeding.rules)
 2007674 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (2) 
(bleeding.rules)
 2007675 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (3) 
(bleeding.rules)
 2007676 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (4) 
(bleeding.rules)
 2007677 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (5) 
(bleeding.rules)
 2007678 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (1) 
(bleeding.rules)
 2007679 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (2) 
(bleeding.rules)
 2007680 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (3) 
(bleeding.rules)
 2007681 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (4) 
(bleeding.rules)
 2007682 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (5) 
(bleeding.rules)
 2007683 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 1 
(bleeding.rules)
 2007684 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 2 
(bleeding.rules)
 2007685 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 3 
(bleeding.rules)
 2007686 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND 
(bleeding.rules)
 2007687 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND 
(bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (132):
        2007672 || BLEEDING-EDGE TROJAN B0tN3t IRCbotnet || 
url,en.wikipedia.org/wiki/Botnet
        2007673 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(1) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007674 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(2) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007675 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(3) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007676 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(4) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007677 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(5) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007678 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(1) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007679 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(2) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007680 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(3) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007681 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(4) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007682 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(5) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007683 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 1 || 
url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007684 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 2 || 
url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007685 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 3 || 
url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007686 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity 
OUTBOUND || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007687 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity 
INBOUND || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2500469 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (470) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500470 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (471) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500471 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (472) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500472 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (473) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500473 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (474) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500474 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (475) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500475 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (476) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500476 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (477) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500477 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (478) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500478 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (479) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500479 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (480) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500480 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (481) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500481 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (482) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500482 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (483) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500483 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (484) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500484 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (485) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500485 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (486) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500486 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (487) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500487 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (488) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500488 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (489) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500489 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (490) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500490 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (491) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500491 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (492) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500492 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (493) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500493 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (494) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500494 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (495) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500495 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (496) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500496 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (497) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500497 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (498) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500498 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (499) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500499 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (500) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500500 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (501) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500501 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (502) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500502 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (503) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500503 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (504) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500504 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (505) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500505 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (506) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500506 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (507) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500507 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (508) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500508 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (509) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500509 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (510) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500510 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (511) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (512) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500512 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (513) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500513 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (514) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500514 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (515) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500515 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (516) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500516 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (517) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500517 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (518) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500518 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (519) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500519 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (520) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500520 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (521) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500521 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (522) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500522 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (523) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500523 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (524) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500524 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (525) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500525 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (526) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500526 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (527) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510469 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (470) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510470 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (471) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510471 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (472) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510472 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (473) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510473 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (474) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510474 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (475) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510475 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (476) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510476 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (477) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510477 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (478) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510478 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (479) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510479 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (480) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510480 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (481) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510481 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (482) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510482 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (483) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510483 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (484) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510484 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (485) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510485 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (486) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510486 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (487) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510487 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (488) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510488 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (489) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510489 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (490) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510490 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (491) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510491 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (492) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510492 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (493) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510493 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (494) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510494 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (495) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510495 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (496) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510496 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (497) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510497 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (498) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510498 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (499) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510499 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (500) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510500 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (501) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510501 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (502) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510502 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (503) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510503 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (504) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510504 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (505) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510505 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (506) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510506 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (507) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510507 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (508) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510508 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (509) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510509 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (510) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (511) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (512) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510512 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (513) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510513 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (514) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510514 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (515) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510515 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (516) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510516 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (517) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510517 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (518) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510518 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (519) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510519 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (520) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510520 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (521) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510521 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (522) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510522 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (523) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510523 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (524) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510524 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (525) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510525 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (526) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510526 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (527) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (7):
        # [8:03am dominic] telnet 59.124.158.12 65500
        # Trying 59.124.158.12...
        # Connected to 59-124-158-12.HINET-IP.hinet.net (59.124.158.12).
        # Escape character is '^]'.
        # :irc.Indonesia.B0tN3t.org NOTICE AUTH :*** Looking up your hostname...
        # :irc.Indonesia.B0tN3t.org NOTICE AUTH :*** Found your hostname
        # Reg Quinton <reggers@ist.uwaterloo.ca>; 9-Nov-2007

     -> Added to bleeding.rules (6):
        #By Don Jackson of SecureWorks
        # Crafted for the lowest common denominator; should work in most 1.x 
and later engines, PCRE used for C&C traffic.
        # Mostly for spotting it's use on your network.  Only one DDoS rule. Be 
careful of the number/rate of alerts; these do not use thresholding.
        # DNS left in hex to avoid advertising the domains to the bad guys via 
google
        #these first few are for specific domains, to be removed in the not too 
distant future
        #these are more permanent, C&C related


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]