[Snort-sigs] Bleedingsnort.com Daily Update

matt at ...2436... matt at ...2436...
Mon Aug 23 18:03:27 EDT 2004


Todays changes from Bleedingsnort.com:

[***] Results from Oinkmaster started Mon Aug 23 20:00:01 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding.rules (2):
        alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential SSH Brute Force Attack"; flow:to_server,established; flags:S; threshold:type limit, track by_src, count 5, seconds 60; classtype:attempted-dos; sid:2001219; rev:3;)
        alert tcp $HOME_NET any -> any any (msg:"BLEEDING-EDGE RXBOT / RBOT Exploit Report"; content:"|5D 3A 20|Exploiting|20|IP|3A 20|"; nocase; classtype:trojan-activity;  reference:url,www.nitroguard.com/rxbot.html; reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL; sid:2001220; rev: 1;)

[---]         Removed rules:         [---]

     -> Removed from bleeding.rules (1):
        alert tcp $HOME_NET any -> any any (msg:"BLEEDING-EDGE RXBOT / RBOT Exploit Report"; content:"|5D 3A 20|Exploiting|20|IP|3A 20|"; nocase; classtype:trojan-activity;  reference:url,www.nitroguard.com/rxbot.html; reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL; sid:2002004; rev: 1;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001219 || BLEEDING-EDGE Potential SSH Brute Force Attack
        2001220 || BLEEDING-EDGE RXBOT / RBOT Exploit Report || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL || url,www.nitroguard.com/rxbot.html

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2002004 || BLEEDING-EDGE RXBOT / RBOT Exploit Report || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.GL || url,www.nitroguard.com/rxbot.html

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list