[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sun Apr 3 18:15:21 EDT 2005


[***] Results from Oinkmaster started Sun Apr  3 20:00:02 2005 [***]

[///]     Modified active rules:     [///]

 2001834 - BLEEDING-EDGE DNS lookup attempt to hostile, poisoning DNS server - ISC Diary (bleeding.rules)
 2001835 - BLEEDING-EDGE Sites trying to infect PCs with malware - ISC Diary (bleeding.rules)
 2001836 - BLEEDING-EDGE Web page trying to infect PCs with malware - ISC Diary (bleeding.rules)


[///]    Modified inactive rules:    [///]

 2001816 - BLEEDING-EDGE ATTACK-RESPONSE .com DNS cache poison attempt (bleeding-attack_response.rules)
 2001817 - BLEEDING-EDGE ATTACK-RESPONSE .net DNS cache poison attempt (bleeding-attack_response.rules)
 2001818 - BLEEDING-EDGE ATTACK-RESPONSE .org DNS cache poison attempt (bleeding-attack_response.rules)
 2001819 - BLEEDING-EDGE ATTACK-RESPONSE .biz DNS cache poison attempt (bleeding-attack_response.rules)
 2001820 - BLEEDING-EDGE ATTACK-RESPONSE .edu DNS cache poison attempt (bleeding-attack_response.rules)
 2001821 - BLEEDING-EDGE ATTACK-RESPONSE .gov DNS cache poison attempt (bleeding-attack_response.rules)
 2001822 - BLEEDING-EDGE ATTACK-RESPONSE .int DNS cache poison attempt (bleeding-attack_response.rules)
 2001823 - BLEEDING-EDGE ATTACK-RESPONSE .mil DNS cache poison attempt (bleeding-attack_response.rules)
 2001824 - BLEEDING-EDGE ATTACK-RESPONSE .info DNS cache poison attempt (bleeding-attack_response.rules)
 2001825 - BLEEDING-EDGE ATTACK-RESPONSE .name DNS cache poison attempt (bleeding-attack_response.rules)
 2001826 - BLEEDING-EDGE ATTACK-RESPONSE .pro DNS cache poison attempt (bleeding-attack_response.rules)
 2001827 - BLEEDING-EDGE ATTACK-RESPONSE .us DNS cache poison attempt (bleeding-attack_response.rules)
 2001828 - BLEEDING-EDGE ATTACK-RESPONSE .ws DNS cache poison attempt (bleeding-attack_response.rules)
 2001829 - BLEEDING-EDGE ATTACK-RESPONSE .museum DNS cache poison attempt (bleeding-attack_response.rules)
 2001830 - BLEEDING-EDGE ATTACK-RESPONSE .tv DNS cache poison attempt (bleeding-attack_response.rules)
 2001831 - BLEEDING-EDGE ATTACK-RESPONSE .uk DNS cache poison attempt (bleeding-attack_response.rules)
 2001832 - BLEEDING-EDGE ATTACK-RESPONSE .de DNS cache poison attempt (bleeding-attack_response.rules)
 2001833 - BLEEDING-EDGE ATTACK-RESPONSE .jp DNS cache poison attempt (bleeding-attack_response.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        #### Warning: Side effects may include headaches, dry mouth, bloated logs,

     -> Added to bleeding-sid-msg.map (21):
        2001816 || BLEEDING-EDGE ATTACK-RESPONSE .com DNS cache poison attempt
        2001817 || BLEEDING-EDGE ATTACK-RESPONSE .net DNS cache poison attempt
        2001818 || BLEEDING-EDGE ATTACK-RESPONSE .org DNS cache poison attempt
        2001819 || BLEEDING-EDGE ATTACK-RESPONSE .biz DNS cache poison attempt
        2001820 || BLEEDING-EDGE ATTACK-RESPONSE .edu DNS cache poison attempt
        2001821 || BLEEDING-EDGE ATTACK-RESPONSE .gov DNS cache poison attempt
        2001822 || BLEEDING-EDGE ATTACK-RESPONSE .int DNS cache poison attempt
        2001823 || BLEEDING-EDGE ATTACK-RESPONSE .mil DNS cache poison attempt
        2001824 || BLEEDING-EDGE ATTACK-RESPONSE .info DNS cache poison attempt
        2001825 || BLEEDING-EDGE ATTACK-RESPONSE .name DNS cache poison attempt
        2001826 || BLEEDING-EDGE ATTACK-RESPONSE .pro DNS cache poison attempt
        2001827 || BLEEDING-EDGE ATTACK-RESPONSE .us DNS cache poison attempt
        2001828 || BLEEDING-EDGE ATTACK-RESPONSE .ws DNS cache poison attempt
        2001829 || BLEEDING-EDGE ATTACK-RESPONSE .museum DNS cache poison attempt
        2001830 || BLEEDING-EDGE ATTACK-RESPONSE .tv DNS cache poison attempt
        2001831 || BLEEDING-EDGE ATTACK-RESPONSE .uk DNS cache poison attempt
        2001832 || BLEEDING-EDGE ATTACK-RESPONSE .de DNS cache poison attempt
        2001833 || BLEEDING-EDGE ATTACK-RESPONSE .jp DNS cache poison attempt
        2001834 || BLEEDING-EDGE DNS lookup attempt to hostile, poisoning DNS server - ISC Diary || url,isc.sans.org/diary.php?date=2005-03-31 || url,isc.sans.org/diary.php?date=2005-03-30
        2001835 || BLEEDING-EDGE Sites trying to infect PCs with malware - ISC Diary || url,isc.sans.org/diary.php?date=2005-03-30
        2001836 || BLEEDING-EDGE Web page trying to infect PCs with malware - ISC Diary || url,isc.sans.org/diary.php?date=2005-03-30

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        #### Warning: Side affects may include headaches, dry mouth, bloated logs,

     -> Removed from bleeding-sid-msg.map (21):
        2001816 || BLEEDING-EDGE .com DNS cache poison attempt
        2001817 || BLEEDING-EDGE .net DNS cache poison attempt
        2001818 || BLEEDING-EDGE .org DNS cache poison attempt
        2001819 || BLEEDING-EDGE .biz DNS cache poison attempt
        2001820 || BLEEDING-EDGE .edu DNS cache poison attempt
        2001821 || BLEEDING-EDGE .gov DNS cache poison attempt
        2001822 || BLEEDING-EDGE .int DNS cache poison attempt
        2001823 || BLEEDING-EDGE .mil DNS cache poison attempt
        2001824 || BLEEDING-EDGE .info DNS cache poison attempt
        2001825 || BLEEDING-EDGE .name DNS cache poison attempt
        2001826 || BLEEDING-EDGE .pro DNS cache poison attempt
        2001827 || BLEEDING-EDGE .us DNS cache poison attempt
        2001828 || BLEEDING-EDGE .ws DNS cache poison attempt
        2001829 || BLEEDING-EDGE .museum DNS cache poison attempt
        2001830 || BLEEDING-EDGE .tv DNS cache poison attempt
        2001831 || BLEEDING-EDGE .uk DNS cache poison attempt
        2001832 || BLEEDING-EDGE .de DNS cache poison attempt
        2001833 || BLEEDING-EDGE .jp DNS cache poison attempt
        2001834 || DNS lookup attempt to hostile, poisoning DNS server - ISC Diary || url,isc.sans.org/diary.php?date=2005-03-31 || url,isc.sans.org/diary.php?date=2005-03-30
        2001835 || Sites trying to infect PCs with malware - ISC Diary || url,isc.sans.org/diary.php?date=2005-03-30
        2001836 || Web page trying to infect PCs with malware - ISC Diary || url,isc.sans.org/diary.php?date=2005-03-30





More information about the Snort-sigs mailing list