[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Apr 21 18:01:34 EDT 2005


[***] Results from Oinkmaster started Thu Apr 21 20:00:09 2005 [***]

[///]     Modified active rules:     [///]

 2001515 - BLEEDING-EDGE Malware SurfAssistant.com Spyware Activity (bleeding-malware.rules)
 2001846 - BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt (bleeding-dos.rules)
 2001848 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack (bleeding-exploit.rules)
 2001849 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack (bleeding-exploit.rules)
 2001873 - BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021) (bleeding-exploit.rules)
 2001874 - BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021) (bleeding-exploit.rules)
 2001875 - BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted (bleeding-exploit.rules)
 2001876 - BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk, but didn't die (MS05-021) (bleeding-exploit.rules)


[---]         Disabled rules:        [---]

 2001076 - BLEEDING-EDGE WEB-MISC cross site scripting attempt TYPE + JAVASCRIPT (bleeding-web.rules)
 2001116 - BLEEDING-EDGE DNS - Standard query response, Format error (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (7):
        2001846 || BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || cve,can-2004-0790
        2001848 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
        2001849 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
        2001873 || BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
        2001874 || BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
        2001875 || BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
        2001876 || BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk, but didn't die (MS05-021) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (7):
        2001846 || BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt || cve,can-2004-0790
        2001848 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
        2001849 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
        2001873 || BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)
        2001874 || BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021)
        2001875 || BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted
        2001876 || BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk, but didn't die (MS05-021)





More information about the Snort-sigs mailing list