Network Security: Detailed info on [Snort-sigs] Emerging Threats Daily Signature Changes

Subject:	[Snort-sigs] Emerging Threats Daily Signature Changes
Date:	Wed, 23 Jan 2008 17:00:08 -0500 (EST)

[***] Results from Oinkmaster started Wed Jan 23 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007775 - BLEEDING-EDGE TROJAN Krunchy/BZub HTTP Checkin/Update 
(bleeding-virus.rules)
 2007776 - BLEEDING-EDGE TROJAN Krunchy/BZub HTTP POST Update 
(bleeding-virus.rules)
 2007777 - ET TROJAN Browser HiJacker/Infostealer Stat file 
(bleeding-virus.rules)
 2007778 - ET TROJAN User-agent DownloadNetFile Win32.small.hsh downloader 
(bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2000345 - ET ATTACK RESPONSE IRC - Nick change on non-std port 
(bleeding-attack_response.rules)
 2000346 - ET ATTACK RESPONSE IRC - Name response on non-std port 
(bleeding-attack_response.rules)
 2000347 - ET ATTACK RESPONSE IRC - Private message on non-std port 
(bleeding-attack_response.rules)
 2000348 - ET ATTACK RESPONSE IRC - Channel JOIN on non-std port 
(bleeding-attack_response.rules)
 2000349 - ET ATTACK RESPONSE IRC - DCC file transfer request on non-std port 
(bleeding-attack_response.rules)
 2000350 - ET ATTACK RESPONSE IRC - DCC chat request on non-std port 
(bleeding-attack_response.rules)
 2000351 - ET ATTACK RESPONSE IRC - channel join on non-std port 
(bleeding-attack_response.rules)
 2000352 - ET ATTACK RESPONSE IRC - dns request on non-std port 
(bleeding-attack_response.rules)
 2000499 - ET ATTACK RESPONSE FTP inaccessible directory access COM1 
(bleeding-attack_response.rules)
 2000500 - ET ATTACK RESPONSE FTP inaccessible directory access COM2 
(bleeding-attack_response.rules)
 2000501 - ET ATTACK RESPONSE FTP inaccessible directory access COM3 
(bleeding-attack_response.rules)
 2000502 - ET ATTACK RESPONSE FTP inaccessible directory access COM4 
(bleeding-attack_response.rules)
 2000503 - ET ATTACK RESPONSE FTP inaccessible directory access LPT1 
(bleeding-attack_response.rules)
 2000504 - ET ATTACK RESPONSE FTP inaccessible directory access LPT2 
(bleeding-attack_response.rules)
 2000505 - ET ATTACK RESPONSE FTP inaccessible directory access LPT3 
(bleeding-attack_response.rules)
 2000506 - ET ATTACK RESPONSE FTP inaccessible directory access LPT4 
(bleeding-attack_response.rules)
 2000507 - ET ATTACK RESPONSE FTP inaccessible directory access AUX 
(bleeding-attack_response.rules)
 2000508 - ET ATTACK RESPONSE FTP inaccessible directory access NULL 
(bleeding-attack_response.rules)
 2001616 - ET ATTACK RESPONSE Zone-H.org defacement notification 
(bleeding-attack_response.rules)
 2001620 - ET ATTACK RESPONSE Likely Botnet Activity 
(bleeding-attack_response.rules)
 2001628 - ET ATTACK RESPONSE Outbound PHP Connection 
(bleeding-attack_response.rules)
 2002034 - ET ATTACK RESPONSE Possible /etc/passwd via HTTP (linux style) 
(bleeding-attack_response.rules)
 2002809 - ET ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd) 
(bleeding-attack_response.rules)
 2002810 - ET ATTACK RESPONSE Hostile FTP Server Banner (Reptile) 
(bleeding-attack_response.rules)
 2002811 - ET ATTACK RESPONSE Hostile FTP Server Banner (Bot Server) 
(bleeding-attack_response.rules)
 2003071 - ET ATTACK RESPONSE Possible /etc/passwd via HTTP (BSD style) 
(bleeding-attack_response.rules)
 2003149 - ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style) 
(bleeding-attack_response.rules)
 2003150 - ET ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style) 
(bleeding-attack_response.rules)
 2003464 - ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd) 
(bleeding-attack_response.rules)
 2003465 - ET ATTACK RESPONSE Unusual FTP Server Banner (freeFTPd) 
(bleeding-attack_response.rules)
 2003535 - ET ATTACK RESPONSE r57 phpshell footer detected 
(bleeding-attack_response.rules)
 2003536 - ET ATTACK RESPONSE r57 phpshell source being uploaded 
(bleeding-attack_response.rules)
 2006417 - ET ATTACK RESPONSE Weak Netbios Lanman Auth Challenge Detected 
(bleeding-attack_response.rules)
 2007651 - ET ATTACK RESPONSE x2300 phpshell detected 
(bleeding-attack_response.rules)
 2007652 - ET ATTACK RESPONSE c99shell phpshell detected 
(bleeding-attack_response.rules)
 2007653 - ET ATTACK RESPONSE RFI Scanner detected 
(bleeding-attack_response.rules)
 2007654 - ET ATTACK RESPONSE C99 Modified phpshell detected 
(bleeding-attack_response.rules)
 2007656 - ET ATTACK RESPONSE ALBANIA id.php detected 
(bleeding-attack_response.rules)
 2007715 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - user 
(bleeding-attack_response.rules)
 2007717 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass 
(bleeding-attack_response.rules)
 2007723 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr 
(bleeding-attack_response.rules)
 2007725 - ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) 
(bleeding-attack_response.rules)
 2007726 - ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) 
(bleeding-attack_response.rules)


[///]    Modified inactive rules:    [///]

 2007655 - ET ATTACK RESPONSE lila.jpg phpshell detected 
(bleeding-attack_response.rules)
 2007657 - ET ATTACK RESPONSE Mic22 id.php detected 
(bleeding-attack_response.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (49):
        2000345 || ET ATTACK RESPONSE IRC - Nick change on non-std port
        2000346 || ET ATTACK RESPONSE IRC - Name response on non-std port
        2000347 || ET ATTACK RESPONSE IRC - Private message on non-std port
        2000348 || ET ATTACK RESPONSE IRC - Channel JOIN on non-std port
        2000349 || ET ATTACK RESPONSE IRC - DCC file transfer request on 
non-std port
        2000350 || ET ATTACK RESPONSE IRC - DCC chat request on non-std port
        2000351 || ET ATTACK RESPONSE IRC - channel join on non-std port
        2000352 || ET ATTACK RESPONSE IRC - dns request on non-std port
        2000499 || ET ATTACK RESPONSE FTP inaccessible directory access COM1
        2000500 || ET ATTACK RESPONSE FTP inaccessible directory access COM2
        2000501 || ET ATTACK RESPONSE FTP inaccessible directory access COM3
        2000502 || ET ATTACK RESPONSE FTP inaccessible directory access COM4
        2000503 || ET ATTACK RESPONSE FTP inaccessible directory access LPT1
        2000504 || ET ATTACK RESPONSE FTP inaccessible directory access LPT2
        2000505 || ET ATTACK RESPONSE FTP inaccessible directory access LPT3
        2000506 || ET ATTACK RESPONSE FTP inaccessible directory access LPT4
        2000507 || ET ATTACK RESPONSE FTP inaccessible directory access AUX
        2000508 || ET ATTACK RESPONSE FTP inaccessible directory access NULL
        2001616 || ET ATTACK RESPONSE Zone-H.org defacement notification
        2001620 || ET ATTACK RESPONSE Likely Botnet Activity
        2001628 || ET ATTACK RESPONSE Outbound PHP Connection
        2002034 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (linux 
style)
        2002809 || ET ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd)
        2002810 || ET ATTACK RESPONSE Hostile FTP Server Banner (Reptile)
        2002811 || ET ATTACK RESPONSE Hostile FTP Server Banner (Bot Server)
        2003071 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (BSD style)
        2003149 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux 
style)
        2003150 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style)
        2003464 || ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd) || 
url,www.warftp.org
        2003465 || ET ATTACK RESPONSE Unusual FTP Server Banner (freeFTPd) || 
url,www.freeftp.com
        2003535 || ET ATTACK RESPONSE r57 phpshell footer detected || 
url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || ET ATTACK RESPONSE r57 phpshell source being uploaded || 
url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || ET ATTACK RESPONSE Weak Netbios Lanman Auth Challenge 
Detected
        2007651 || ET ATTACK RESPONSE x2300 phpshell detected || 
url,www.rfxn.com/vdb.php
        2007652 || ET ATTACK RESPONSE c99shell phpshell detected || 
url,www.rfxn.com/vdb.php
        2007653 || ET ATTACK RESPONSE RFI Scanner detected || 
url,www.rfxn.com/vdb.php
        2007654 || ET ATTACK RESPONSE C99 Modified phpshell detected || 
url,www.rfxn.com/vdb.php
        2007655 || ET ATTACK RESPONSE lila.jpg phpshell detected || 
url,www.rfxn.com/vdb.php
        2007656 || ET ATTACK RESPONSE ALBANIA id.php detected || 
url,www.rfxn.com/vdb.php
        2007657 || ET ATTACK RESPONSE Mic22 id.php detected || 
url,www.rfxn.com/vdb.php
        2007715 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - user
        2007717 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass
        2007723 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr
        2007725 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port 
(WinFtpd)
        2007726 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port 
(StnyFtpd)
        2007775 || BLEEDING-EDGE TROJAN Krunchy/BZub HTTP Checkin/Update
        2007776 || BLEEDING-EDGE TROJAN Krunchy/BZub HTTP POST Update
        2007777 || ET TROJAN Browser HiJacker/Infostealer Stat file
        2007778 || ET TROJAN User-agent DownloadNetFile Win32.small.hsh 
downloader

     -> Added to bleeding-sid-msg.map.txt (49):
        2000345 || ET ATTACK RESPONSE IRC - Nick change on non-std port
        2000346 || ET ATTACK RESPONSE IRC - Name response on non-std port
        2000347 || ET ATTACK RESPONSE IRC - Private message on non-std port
        2000348 || ET ATTACK RESPONSE IRC - Channel JOIN on non-std port
        2000349 || ET ATTACK RESPONSE IRC - DCC file transfer request on 
non-std port
        2000350 || ET ATTACK RESPONSE IRC - DCC chat request on non-std port
        2000351 || ET ATTACK RESPONSE IRC - channel join on non-std port
        2000352 || ET ATTACK RESPONSE IRC - dns request on non-std port
        2000499 || ET ATTACK RESPONSE FTP inaccessible directory access COM1
        2000500 || ET ATTACK RESPONSE FTP inaccessible directory access COM2
        2000501 || ET ATTACK RESPONSE FTP inaccessible directory access COM3
        2000502 || ET ATTACK RESPONSE FTP inaccessible directory access COM4
        2000503 || ET ATTACK RESPONSE FTP inaccessible directory access LPT1
        2000504 || ET ATTACK RESPONSE FTP inaccessible directory access LPT2
        2000505 || ET ATTACK RESPONSE FTP inaccessible directory access LPT3
        2000506 || ET ATTACK RESPONSE FTP inaccessible directory access LPT4
        2000507 || ET ATTACK RESPONSE FTP inaccessible directory access AUX
        2000508 || ET ATTACK RESPONSE FTP inaccessible directory access NULL
        2001616 || ET ATTACK RESPONSE Zone-H.org defacement notification
        2001620 || ET ATTACK RESPONSE Likely Botnet Activity
        2001628 || ET ATTACK RESPONSE Outbound PHP Connection
        2002034 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (linux 
style)
        2002809 || ET ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd)
        2002810 || ET ATTACK RESPONSE Hostile FTP Server Banner (Reptile)
        2002811 || ET ATTACK RESPONSE Hostile FTP Server Banner (Bot Server)
        2003071 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (BSD style)
        2003149 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux 
style)
        2003150 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style)
        2003464 || ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd) || 
url,www.warftp.org
        2003465 || ET ATTACK RESPONSE Unusual FTP Server Banner (freeFTPd) || 
url,www.freeftp.com
        2003535 || ET ATTACK RESPONSE r57 phpshell footer detected || 
url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || ET ATTACK RESPONSE r57 phpshell source being uploaded || 
url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || ET ATTACK RESPONSE Weak Netbios Lanman Auth Challenge 
Detected
        2007651 || ET ATTACK RESPONSE x2300 phpshell detected || 
url,www.rfxn.com/vdb.php
        2007652 || ET ATTACK RESPONSE c99shell phpshell detected || 
url,www.rfxn.com/vdb.php
        2007653 || ET ATTACK RESPONSE RFI Scanner detected || 
url,www.rfxn.com/vdb.php
        2007654 || ET ATTACK RESPONSE C99 Modified phpshell detected || 
url,www.rfxn.com/vdb.php
        2007655 || ET ATTACK RESPONSE lila.jpg phpshell detected || 
url,www.rfxn.com/vdb.php
        2007656 || ET ATTACK RESPONSE ALBANIA id.php detected || 
url,www.rfxn.com/vdb.php
        2007657 || ET ATTACK RESPONSE Mic22 id.php detected || 
url,www.rfxn.com/vdb.php
        2007715 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - user
        2007717 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass
        2007723 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr
        2007725 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port 
(WinFtpd)
        2007726 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port 
(StnyFtpd)
        2007775 || BLEEDING-EDGE TROJAN Krunchy/BZub HTTP Checkin/Update
        2007776 || BLEEDING-EDGE TROJAN Krunchy/BZub HTTP POST Update
        2007777 || ET TROJAN Browser HiJacker/Infostealer Stat file
        2007778 || ET TROJAN User-agent DownloadNetFile Win32.small.hsh 
downloader

     -> Added to bleeding-virus.rules (3):
        # By Jeremy Conway - Possible root kit user agent
        # By Jeremy Conway
        #by matt jonkman, from sandnet hits

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (45):
        2000345 || BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std 
port
        2000346 || BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std 
port
        2000347 || BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on 
non-std port
        2000348 || BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std 
port
        2000349 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer 
request on non-std port
        2000350 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on 
non-std port
        2000351 || BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std 
port
        2000352 || BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std 
port
        2000499 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM1
        2000500 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM2
        2000501 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM3
        2000502 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM4
        2000503 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT1
        2000504 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT2
        2000505 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT3
        2000506 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT4
        2000507 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access AUX
        2000508 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access NULL
        2001616 || BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement 
notification
        2001620 || BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity
        2001628 || BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection
        2002034 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP 
(linux style)
        2002809 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner 
(StnyFtpd)
        2002810 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner 
(Reptile)
        2002811 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (Bot 
Server)
        2003071 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP 
(BSD style)
        2003149 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP 
(linux style)
        2003150 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP 
(BSD style)
        2003464 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner 
(warFTPd) || url,www.warftp.org
        2003465 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner 
(freeFTPd) || url,www.freeftp.com
        2003535 || BLEEDING-EDGE ATTACK RESPONSE r57 phpshell footer detected 
|| url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || BLEEDING-EDGE ATTACK RESPONSE r57 phpshell source being 
uploaded || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || BLEEDING-EDGE ATTACK RESPONSE Weak Netbios Lanman Auth 
Challenge Detected
        2007651 || BLEEDING-EDGE ATTACK RESPONSE x2300 phpshell detected || 
url,www.rfxn.com/vdb.php
        2007652 || BLEEDING-EDGE ATTACK RESPONSE c99shell phpshell detected || 
url,www.rfxn.com/vdb.php
        2007653 || BLEEDING-EDGE ATTACK RESPONSE RFI Scanner detected || 
url,www.rfxn.com/vdb.php
        2007654 || BLEEDING-EDGE ATTACK RESPONSE C99 Modified phpshell detected 
|| url,www.rfxn.com/vdb.php
        2007655 || BLEEDING-EDGE ATTACK RESPONSE lila.jpg phpshell detected || 
url,www.rfxn.com/vdb.php
        2007656 || BLEEDING-EDGE ATTACK RESPONSE ALBANIA id.php detected || 
url,www.rfxn.com/vdb.php
        2007657 || BLEEDING-EDGE ATTACK RESPONSE Mic22 id.php detected || 
url,www.rfxn.com/vdb.php
        2007715 || BLEEDING-EDGE ATTACK_RESPONSE Off-Port FTP Without Banners - 
user
        2007717 || BLEEDING-EDGE ATTACK_RESPONSE Off-Port FTP Without Banners - 
pass
        2007723 || BLEEDING-EDGE ATTACK_RESPONSE Off-Port FTP Without Banners - 
retr
        2007725 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner on 
High Port (WinFtpd)
        2007726 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner on 
High Port (StnyFtpd)

     -> Removed from bleeding-sid-msg.map.txt (45):
        2000345 || BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std 
port
        2000346 || BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std 
port
        2000347 || BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on 
non-std port
        2000348 || BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std 
port
        2000349 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer 
request on non-std port
        2000350 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on 
non-std port
        2000351 || BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std 
port
        2000352 || BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std 
port
        2000499 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM1
        2000500 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM2
        2000501 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM3
        2000502 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access COM4
        2000503 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT1
        2000504 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT2
        2000505 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT3
        2000506 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access LPT4
        2000507 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access AUX
        2000508 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory 
access NULL
        2001616 || BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement 
notification
        2001620 || BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity
        2001628 || BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection
        2002034 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP 
(linux style)
        2002809 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner 
(StnyFtpd)
        2002810 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner 
(Reptile)
        2002811 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (Bot 
Server)
        2003071 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP 
(BSD style)
        2003149 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP 
(linux style)
        2003150 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP 
(BSD style)
        2003464 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner 
(warFTPd) || url,www.warftp.org
        2003465 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner 
(freeFTPd) || url,www.freeftp.com
        2003535 || BLEEDING-EDGE ATTACK RESPONSE r57 phpshell footer detected 
|| url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || BLEEDING-EDGE ATTACK RESPONSE r57 phpshell source being 
uploaded || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || BLEEDING-EDGE ATTACK RESPONSE Weak Netbios Lanman Auth 
Challenge Detected
        2007651 || BLEEDING-EDGE ATTACK RESPONSE x2300 phpshell detected || 
url,www.rfxn.com/vdb.php
        2007652 || BLEEDING-EDGE ATTACK RESPONSE c99shell phpshell detected || 
url,www.rfxn.com/vdb.php
        2007653 || BLEEDING-EDGE ATTACK RESPONSE RFI Scanner detected || 
url,www.rfxn.com/vdb.php
        2007654 || BLEEDING-EDGE ATTACK RESPONSE C99 Modified phpshell detected 
|| url,www.rfxn.com/vdb.php
        2007655 || BLEEDING-EDGE ATTACK RESPONSE lila.jpg phpshell detected || 
url,www.rfxn.com/vdb.php
        2007656 || BLEEDING-EDGE ATTACK RESPONSE ALBANIA id.php detected || 
url,www.rfxn.com/vdb.php
        2007657 || BLEEDING-EDGE ATTACK RESPONSE Mic22 id.php detected || 
url,www.rfxn.com/vdb.php
        2007715 || BLEEDING-EDGE ATTACK_RESPONSE Off-Port FTP Without Banners - 
user
        2007717 || BLEEDING-EDGE ATTACK_RESPONSE Off-Port FTP Without Banners - 
pass
        2007723 || BLEEDING-EDGE ATTACK_RESPONSE Off-Port FTP Without Banners - 
retr
        2007725 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner on 
High Port (WinFtpd)
        2007726 || BLEEDING-EDGE ATTACK RESPONSE Unusual FTP Server Banner on 
High Port (StnyFtpd)


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Emerging Threats Daily Signature Changes, (continued) [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging <= [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Date:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Date:	[Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Previous by Thread:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Indexes:	[Date] [Thread] [Top] [All Lists]