[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sat Jun 4 18:01:18 EDT 2005


[***] Results from Oinkmaster started Sat Jun  4 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2001972 - BLEEDING-EDGE Behavioral Unusual Term Server Traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001973 - BLEEDING-EDGE POLICY SSH Server Banner Detected (bleeding-policy.rules)
 2001974 - BLEEDING-EDGE POLICY SSH Client Banner Detected (bleeding-policy.rules)
 2001975 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected (bleeding-policy.rules)
 2001976 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected (bleeding-policy.rules)
 2001977 - BLEEDING-EDGE POLICY SSHv2 Client New Keys detected (bleeding-policy.rules)
 2001978 - BLEEDING-EDGE POLICY SSH session in progress (bleeding-policy.rules)
 2001979 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Off Port (bleeding-policy.rules)
 2001980 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Off Port (bleeding-policy.rules)
 2001981 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Off Port (bleeding-policy.rules)
 2001982 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Off Port (bleeding-policy.rules)
 2001983 - BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Off Port (bleeding-policy.rules)
 2001984 - BLEEDING-EDGE POLICY SSH session in progress on Off Port (bleeding-policy.rules)


[---]  Disabled and modified rules:  [---]

 2000354 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage (bleeding-policy.rules)


[---]         Disabled rules:        [---]

 2001957 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage (bleeding-policy.rules)
 2001958 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage (bleeding-policy.rules)
 2001968 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (OpenSSH) (bleeding-policy.rules)
 2001969 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (SecureCRT) (bleeding-policy.rules)
 2001970 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (OpenSSH) (bleeding-policy.rules)
 2001971 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (SecureCRT) (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (5):
        #New way to do ssh. First to detect legit ssh sessions on normal ports. Enable these ONLY if you need to know about
        # normal ssh sessions
        #Written by Erik Fichtner, adapted some
        var SSH_PORTS 22
        #And now to detect Non-standard port usage

     -> Added to bleeding-scan.rules (1):
        # Works for other proto's, may as well extend the idea

     -> Added to bleeding-sid-msg.map (13):
        2001972 || BLEEDING-EDGE Behavioral Unusual Term Server Traffic, Potential Scan or Infection
        2001973 || BLEEDING-EDGE POLICY SSH Server Banner Detected
        2001974 || BLEEDING-EDGE POLICY SSH Client Banner Detected
        2001975 || BLEEDING-EDGE POLICY SSHv2 Server KEX Detected
        2001976 || BLEEDING-EDGE POLICY SSHv2 Client KEX Detected
        2001977 || BLEEDING-EDGE POLICY SSHv2 Client New Keys detected
        2001978 || BLEEDING-EDGE POLICY SSH session in progress
        2001979 || BLEEDING-EDGE POLICY SSH Server Banner Detected on Off Port
        2001980 || BLEEDING-EDGE POLICY SSH Client Banner Detected on Off Port
        2001981 || BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Off Port
        2001982 || BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Off Port
        2001983 || BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Off Port
        2001984 || BLEEDING-EDGE POLICY SSH session in progress on Off Port





More information about the Snort-sigs mailing list