[Snort-sigs] Bleedingsnort.com Daily Update

matt at ...2436... matt at ...2436...
Fri Aug 13 14:14:01 EDT 2004


Todays changes from Bleedingsnort.com:

[***] Results from Oinkmaster started Fri Aug 13 15:06:03 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding.rules (1):
        alert tcp $EXTERNAL_NET 2234 -> $HOME_NET any (msg:"BLEEDING-EDGE P2P Soulseek Filesearch Results"; classtype:policy-violation; content:"|09 00 00 00 78|"; sid:2001187; rev:1;)

[///]     Modified active rules:     [///]

     -> Modified active in bleeding.rules (4):
        old: alert tcp $HOME_NET any -> 38.115.131.0/24 2235 (msg:"BLEEDING-EDGE P2P Soulseek traffic"; classtype:policy-violation; sid:2001186; rev:1;)
        new: alert tcp $HOME_NET any -> 38.115.131.0/24 5534 (msg:"BLEEDING-EDGE P2P Soulseek traffic"; classtype:policy-violation; sid:2001186; rev:2;)
        old: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE GenXE generated XSS Exploit"; pcre:"/eval[\s]*\([\s]*["']eval[\s]*\([\s]*String\.fromCharCode[\s]*\(([\s]*[\d]+[\s]*,){20}/i"; reference:url, http.umbrella.name/genxe/RELEASE_0.9.0/index.html; classtype:misc-activity; sid:2001107; rev:1;)
        new: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE GenXE generated XSS Exploit"; pcre:"/eval[\s]*\([\s]*["']eval[\s]*\([\s]*String\.fromCharCode[\s]*\(([\s]*[\d]+[\s]*,){20}/i"; reference:url, www.umbrella.name/genxe/RELEASE_0.9.0/index.html; classtype:misc-activity; sid:2001107; rev:2;)
        old: alert tcp $HOME_NET any -> 38.115.131.0/24 2240 (msg:"BLEEDING-EDGE P2P Soulseek traffic"; classtype:policy-violation; sid:2001185; rev:1;)
        new: alert tcp $HOME_NET any -> 38.115.131.0/24 2234 (msg:"BLEEDING-EDGE P2P Soulseek traffic"; classtype:policy-violation; sid:2001185; rev:2;)
        old: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE GenXE generated XSS Exploit hex"; pcre:"/eval[\s]*\([\s]*["']eval[\s]*\([\s]*String\.fromCharCode[\s]*\(([\s]*0x[\da-fA-F]+[\s]*,){20}/i"; reference:url, http.umbrella.name/genxe/RELEASE_0.9.0/index.html; classtype:misc-activity; sid:2001108; rev:1;)
        new: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE GenXE generated XSS Exploit hex"; pcre:"/eval[\s]*\([\s]*["']eval[\s]*\([\s]*String\.fromCharCode[\s]*\(([\s]*0x[\da-fA-F]+[\s]*,){20}/i"; reference:url, www.umbrella.name/genxe/RELEASE_0.9.0/index.html; classtype:misc-activity; sid:2001108; rev:2;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (3):
        2001107 || BLEEDING-EDGE GenXE generated XSS Exploit || url, www.umbrella.name/genxe/RELEASE_0.9.0/index.html
        2001108 || BLEEDING-EDGE GenXE generated XSS Exploit hex || url, www.umbrella.name/genxe/RELEASE_0.9.0/index.html
        2001187 || BLEEDING-EDGE P2P Soulseek Filesearch Results

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2001107 || BLEEDING-EDGE GenXE generated XSS Exploit || url, http.umbrella.name/genxe/RELEASE_0.9.0/index.html
        2001108 || BLEEDING-EDGE GenXE generated XSS Exploit hex || url, http.umbrella.name/genxe/RELEASE_0.9.0/index.html

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list