[Snort-sigs] Bleedingsnort.com Daily Update

sekure sekure at ...2420...
Fri Dec 2 08:28:07 EST 2005


Is it just me or is the 
http://www.bleedingsnort.com/bleeding.rules.tar.gz file corrupt?

All of a sudden i can't untar it.

On 12/1/05, bleeding at ...2727... <bleeding at ...2727...> wrote:
>
> [***] Results from Oinkmaster started Thu Dec  1 20:00:06 2005 [***]
>
> [+++]          Added rules:          [+++]
>
>  2002704 - BLEEDING-EDGE POLICY HTTP - US Confidential ORCON (bleeding-policy.rules)
>
>
> [///]     Modified active rules:     [///]
>
>  2002682 - BLEEDING-EDGE CURRENT EVENTS Microsoft Internet Explorer Window() Possible Code Execution (bleeding.rules)
>
>
> [+++]      Added non-rule lines:     [+++]
>
>     -> Added to bleeding-sid-msg.map (1):
>        2002704 || BLEEDING-EDGE POLICY HTTP - US Confidential ORCON
>
> [---]     Removed non-rule lines:    [---]
>
>     -> Removed from bleeding-policy.rules (1):
>        #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE POLICY HTTP - US Confidential ORCON"; flow:to_server,established; pcre:"/(CONFIDENTIAL|C)//[\s\w,/-]*(ORIGINATOR\sCONTROLLED|ORCON)[\s\w,/-]*(?=//(25)?X[1-9])/ism"; classtype:policy-violation;)
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list