[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Apr 1 17:29:58 EST 2005


[***] Results from Oinkmaster started Fri Apr  1 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2001814 - BLEEDING-EDGE Spambot Proxy Control Channel (bleeding-malware.rules)
 2001815 - BLEEDING-EDGE Spambot Suspicious 220 Banner on Local Port (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001795 - BLEEDING-EDGE DOS Excessive SMTP MAIL-FROM DDoS (bleeding-dos.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (8):
        # Submitted by William Salusky
        # The following rule has proven useful in detecting unidentified spammer nodes.
        # You should tweak the rule header according to your network architecture.
        # Thresholding is optional, but without it in my network this sig would
        # overwhelm my sensors.
        # The following rule assists in the identification of spam when SMTP 220
        # responses are seen egressing your network from unusual src ports.
        # You may want to consider tagging a number of following packets.

     -> Added to bleeding-sid-msg.map (2):
        2001814 || BLEEDING-EDGE Spambot Proxy Control Channel
        2001815 || BLEEDING-EDGE Spambot Suspicious 220 Banner on Local Port





More information about the Snort-sigs mailing list