[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Jan 10 18:01:15 EST 2005


[***] Results from Oinkmaster started Mon Jan 10 21:00:03 2005 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-p2p.rules (1):
        alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"BLEEDING-EDGE P2P Gnutella Connect"; flow:established,to_server; content:"GNUTELLA CONNECT/"; nocase; offset:0; depth:17; classtype:policy-violation; sid:2001664; rev:1;)

[---]         Removed rules:         [---]

     -> Removed from bleeding-virus.rules (1):
        alert tcp $HOME_NET any -> $EXTERNAL_NET 135 (msg:"BLEEDING-EDGE VIRUS Nachi/Phatbot Worm"; flow:to_server,established; content:"|05|"; distance:0; within:1; byte_test:1,&,16,3,relative; content:"|5c 00 5c 00|"; byte_test:4,>,256,-8,little,relative; reference:cve,CAN-2003-0352; reference:bugtraq,8205; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.asp; classtype:attempted-admin; sid:2001301; rev:3;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-p2p.rules (1):
        #From Cooljay

     -> Added to bleeding-sid-msg.map (1):
        2001664 || BLEEDING-EDGE P2P Gnutella Connect

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2001301 || BLEEDING-EDGE VIRUS Nachi/Phatbot Worm || url,www.microsoft.com/technet/security/bulletin/MS03-026.asp || bugtraq,8205 || cve,CAN-2003-0352

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list