[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Jul 8 18:03:04 EDT 2005


[***] Results from Oinkmaster started Fri Jul  8 20:00:05 2005 [***]

[///]     Modified active rules:     [///]

 2001197 - BLEEDING-EDGE PHPNuke SQL injection attemp (bleeding-web.rules)
 2001202 - BLEEDING-EDGE PHPNuke general SQL injection attempt (bleeding-web.rules)
 2001218 - BLEEDING-EDGE PHPNuke general XSS attemp (bleeding-web.rules)
 2001241 - BLEEDING-EDGE CHAT MSN file transfer request (bleeding-policy.rules)
 2001242 - BLEEDING-EDGE CHAT MSN file transfer accept (bleeding-policy.rules)
 2001243 - BLEEDING-EDGE CHAT MSN file transfer reject (bleeding-policy.rules)
 2001253 - BLEEDING-EDGE CHAT Yahoo IM successful logon (bleeding-policy.rules)
 2001254 - BLEEDING-EDGE CHAT Yahoo IM voicechat (bleeding-policy.rules)
 2001255 - BLEEDING-EDGE CHAT Yahoo IM ping (bleeding-policy.rules)
 2001256 - BLEEDING-EDGE CHAT Yahoo IM conference invitation (bleeding-policy.rules)
 2001257 - BLEEDING-EDGE CHAT Yahoo IM conference logon success (bleeding-policy.rules)
 2001258 - BLEEDING-EDGE CHAT Yahoo IM conference message (bleeding-policy.rules)
 2001259 - BLEEDING-EDGE CHAT Yahoo IM file transfer request (bleeding-policy.rules)
 2001261 - BLEEDING-EDGE CHAT Yahoo IM successful chat join (bleeding-policy.rules)
 2001262 - BLEEDING-EDGE CHAT Yahoo IM conference offer invitation (bleeding-policy.rules)
 2001263 - BLEEDING-EDGE CHAT Yahoo IM conference request (bleeding-policy.rules)
 2001329 - BLEEDING-EDGE RDP connection request (bleeding-policy.rules)
 2001330 - BLEEDING-EDGE RDP connection confirm (bleeding-policy.rules)
 2001331 - BLEEDING-EDGE RDP disconnect request (bleeding-policy.rules)
 2001427 - BLEEDING-EDGE CHAT Yahoo IM Unavailable Status (bleeding-policy.rules)
 2001762 - BLEEDING-EDGE WEB phpbb Session Cookie (bleeding-web.rules)
 2001836 - BLEEDING-EDGE Web page trying to infect PCs with malware - ISC Diary (bleeding.rules)
 2002026 - BLEEDING-EDGE TROJAN IRC PRIVMSG command (bleeding-virus.rules)
 2002029 - BLEEDING-EDGE TROJAN BOT - channel topic scan/exploit command (bleeding-virus.rules)
 2002031 - BLEEDING-EDGE TROJAN BOT - potential update/download (bleeding-virus.rules)
 2002032 - BLEEDING-EDGE TROJAN BOT - potential DDoS command (bleeding-virus.rules)
 2002033 - BLEEDING-EDGE TROJAN BOT - potential response (bleeding-virus.rules)
 2002070 - BLEEDING-EDGE WEB phpBB Remote Code Execution Attempt (bleeding-web.rules)


[///]    Modified inactive rules:    [///]

 2001260 - BLEEDING-EDGE CHAT Yahoo IM message (bleeding-policy.rules)
 2001264 - BLEEDING-EDGE CHAT Yahoo IM conference watch (bleeding-policy.rules)
 2002084 - BLEEDING-EDGE POLICY Possible Terrorism Related Content (bleeding-policy.rules)
 2002085 - BLEEDING-EDGE POLICY Possible Terrorism Related Email (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2001457 - BLEEDING-EDGE Exploit phpBB Highlighting Code Execution Attempt (bleeding-web.rules)
 2001557 - BLEEDING-EDGE Exploit phpBB Highlighting SQL Injection (bleeding-web.rules)
 2001604 - BLEEDING-EDGE Exploit phpBB Highlighting Code Execution - Santy.A Worm (bleeding-web.rules)
 2001605 - BLEEDING-EDGE Exploit phpBB Highlight Exploit Attempt (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001762 || BLEEDING-EDGE WEB phpbb Session Cookie || url,www.waraxe.us/ftopict-555.html
        2002070 || BLEEDING-EDGE WEB phpBB Remote Code Execution Attempt || url,www.securiteam.com/unixfocus/6Z00R2ABPY.html || bugtraq,14086 || url,secunia.com/advisories/15845/

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2001457 || BLEEDING-EDGE Exploit phpBB Highlighting Code Execution Attempt || url,www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
        2001557 || BLEEDING-EDGE Exploit phpBB Highlighting SQL Injection || url,www.securiteam.com/unixfocus/6Z00R2ABPY.html
        2001604 || BLEEDING-EDGE Exploit phpBB Highlighting Code Execution - Santy.A Worm || url,www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
        2001605 || BLEEDING-EDGE Exploit phpBB Highlight Exploit Attempt || url,www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
        2001762 || BLEEDING-EDGE WEB phpbb Session Cookie
        2002070 || BLEEDING-EDGE WEB phpBB Remote Code Execution Attempt || bugtraq,14086 || url,secunia.com/advisories/15845/

     -> Removed from bleeding-web.rules (2):
        #Submitted by Shirkdog
        #From Dshield





More information about the Snort-sigs mailing list