[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Jun 22 18:21:15 EDT 2005


[***] Results from Oinkmaster started Wed Jun 22 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2000035 - BLEEDING-EDGE Hotmail Inbox Access (bleeding-policy.rules)
 2000036 - BLEEDING-EDGE Hotmail Message Access (bleeding-policy.rules)
 2000037 - BLEEDING-EDGE Hotmail Compose Message Access (bleeding-policy.rules)
 2000038 - BLEEDING-EDGE Hotmail Compose Message Submit (bleeding-policy.rules)
 2000039 - BLEEDING-EDGE Hotmail Compose Message Submit Data (bleeding-policy.rules)
 2000309 - BLEEDING-EDGE GotoMyPC Polling Client (bleeding-policy.rules)
 2000328 - BLEEDING-EDGE Multiple Non-SMTP Server Emails (bleeding-policy.rules)
 2000355 - BLEEDING-EDGE POLICY IRC authorization message (bleeding-policy.rules)
 2000356 - BLEEDING-EDGE POLICY IRC connection (bleeding-policy.rules)
 2000569 - BLEEDING-EDGE KitCo Kcast Ticker (bleeding-policy.rules)
 2000570 - BLEEDING-EDGE KitCo Kcast Ticker (bleeding-policy.rules)
 2000571 - BLEEDING-EDGE AOL Webmail Message Send (bleeding-policy.rules)
 2000572 - BLEEDING-EDGE AOL Webmail Login (bleeding-policy.rules)
 2001044 - BLEEDING-EDGE Yahoo Briefcase Upload (bleeding-policy.rules)
 2001055 - BLEEDING-EDGE MISC HP Web JetAdmin ExecuteFile admin access (bleeding-policy.rules)
 2001235 - BLEEDING-EDGE Weatherbug (bleeding-policy.rules)
 2001239 - BLEEDING-EDGE Cisco Device in Config Mode (bleeding-policy.rules)
 2001240 - BLEEDING-EDGE Cisco Device New Config Built (bleeding-policy.rules)
 2001241 - BLEEDING-EDGE CHAT MSN file transfer request (bleeding-policy.rules)
 2001242 - BLEEDING-EDGE CHAT MSN file transfer accept (bleeding-policy.rules)
 2001243 - BLEEDING-EDGE CHAT MSN file transfer reject (bleeding-policy.rules)
 2001253 - BLEEDING-EDGE CHAT Yahoo IM successful logon (bleeding-policy.rules)
 2001254 - BLEEDING-EDGE CHAT Yahoo IM voicechat (bleeding-policy.rules)
 2001255 - BLEEDING-EDGE CHAT Yahoo IM ping (bleeding-policy.rules)
 2001256 - BLEEDING-EDGE CHAT Yahoo IM conference invitation (bleeding-policy.rules)
 2001257 - BLEEDING-EDGE CHAT Yahoo IM conference logon success (bleeding-policy.rules)
 2001258 - BLEEDING-EDGE CHAT Yahoo IM conference message (bleeding-policy.rules)
 2001259 - BLEEDING-EDGE CHAT Yahoo IM file transfer request (bleeding-policy.rules)
 2001261 - BLEEDING-EDGE CHAT Yahoo IM successful chat join (bleeding-policy.rules)
 2001262 - BLEEDING-EDGE CHAT Yahoo IM conference offer invitation (bleeding-policy.rules)
 2001263 - BLEEDING-EDGE CHAT Yahoo IM conference request (bleeding-policy.rules)
 2001267 - BLEEDING-EDGE Weatherbug Capture (bleeding-policy.rules)
 2001294 - BLEEDING-EDGE POLICY Dameware Remote Control Service Install (bleeding-policy.rules)
 2001329 - BLEEDING-EDGE RDP connection request (bleeding-policy.rules)
 2001330 - BLEEDING-EDGE RDP connection confirm (bleeding-policy.rules)
 2001331 - BLEEDING-EDGE RDP disconnect request (bleeding-policy.rules)
 2001406 - BLEEDING-EDGE Possible hidden zip extension .cpl (bleeding-policy.rules)
 2001407 - BLEEDING-EDGE Possible hidden zip extension .pif (bleeding-policy.rules)
 2001408 - BLEEDING-EDGE Possible hidden zip extension .scr (bleeding-policy.rules)
 2001424 - BLEEDING-EDGE POLICY Gmail Inbox Access (bleeding-policy.rules)
 2001425 - BLEEDING-EDGE POLICY Gmail File Send (bleeding-policy.rules)
 2001426 - BLEEDING-EDGE POLICY Gmail Message Send (bleeding-policy.rules)
 2001427 - BLEEDING-EDGE CHAT Yahoo IM Unavailable Status (bleeding-policy.rules)
 2001595 - BLEEDING-EDGE Policy Skype VOIP Checking Version (Startup) (bleeding-policy.rules)
 2001596 - BLEEDING-EDGE Policy Skype VOIP Reporting Install (bleeding-policy.rules)
 2001597 - BLEEDING-EDGE Policy Netop Remote Control Usage (bleeding-policy.rules)
 2001682 - BLEEDING-EDGE Policy MSN IM Poll via HTTP (bleeding-policy.rules)
 2001712 - BLEEDING-EDGE MyWebEx Server Traffic (bleeding-policy.rules)
 2001713 - BLEEDING-EDGE MyWebEx Installation (bleeding-policy.rules)
 2001714 - BLEEDING-EDGE MyWebEx Incoming Connection (bleeding-policy.rules)
 2001728 - BLEEDING-EDGE Policy TOR1.0 nodes negotiation (bleeding-policy.rules)
 2001801 - BLEEDING-EDGE POLICY ICQ Status Invisible (bleeding-policy.rules)
 2001802 - BLEEDING-EDGE POLICY ICQ Status Change (bleeding-policy.rules)
 2001803 - BLEEDING-EDGE POLICY ICQ Status Change (bleeding-policy.rules)
 2001804 - BLEEDING-EDGE POLICY ICQ Login (bleeding-policy.rules)
 2001805 - BLEEDING-EDGE POLICY ICQ Message (bleeding-policy.rules)
 2001834 - BLEEDING-EDGE DNS lookup attempt to hostile, poisoning DNS server - ISC Diary (bleeding.rules)
 2001835 - BLEEDING-EDGE Sites trying to infect PCs with malware - ISC Diary (bleeding.rules)
 2001836 - BLEEDING-EDGE Web page trying to infect PCs with malware - ISC Diary (bleeding.rules)
 2001837 - BLEEDING-EDGE Suspicious DNS server answer\: 218.38.13.108 (bleeding.rules)
 2001838 - BLEEDING-EDGE Suspicious DNS server answer\: 217.16.26.148 (bleeding.rules)
 2001839 - BLEEDING-EDGE Suspicious DNS server answer\: 205.162.201.11 (bleeding.rules)
 2001840 - BLEEDING-EDGE Suspicious DNS server answer\: besthost.co.kr (bleeding.rules)
 2001842 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 7sir7.com (bleeding.rules)
 2001843 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 123xxl.com (bleeding.rules)
 2001844 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain abx4.com (bleeding.rules)
 2001922 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound (bleeding-virus.rules)
 2001923 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound (bleeding-virus.rules)
 2001924 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound (bleeding-virus.rules)
 2001946 - BLEEDING-EDGE iframedollars.biz access (bleeding.rules)
 2001950 - BLEEDING-EDGE POLICY RAR File Outbound (bleeding-policy.rules)
 2001979 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Unusual Port (bleeding-policy.rules)
 2001980 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Unusual Port (bleeding-policy.rules)
 2001981 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Unusual Port (bleeding-policy.rules)
 2001982 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Unusual Port (bleeding-policy.rules)
 2001983 - BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Unusual Port (bleeding-policy.rules)
 2001984 - BLEEDING-EDGE POLICY SSH session in progress on Unusual Port (bleeding-policy.rules)
 2001989 - BLEEDING-EDGE POLICY Prospero Chat Session in Progress (bleeding-policy.rules)
 2001991 - BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command Execution Attempt (bleeding-exploit.rules)
 2002007 - BLEEDING-EDGE Malware Wildmedia Spyware User Agent Activity (bleeding-malware.rules)
 2002022 - BLEEDING-EDGE GotoMyPC poll.gotomypc.com Server Response to Polling Client OK (bleeding-policy.rules)
 2002049 - Mytob.GC - outbound (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2000041 - BLEEDING-EDGE Yahoo Mail Inbox View (bleeding-policy.rules)
 2000042 - BLEEDING-EDGE Yahoo Mail Message View (bleeding-policy.rules)
 2000043 - BLEEDING-EDGE Yahoo Mail Message Compose Open (bleeding-policy.rules)
 2000044 - BLEEDING-EDGE Yahoo Mail Message Send (bleeding-policy.rules)
 2000045 - BLEEDING-EDGE Yahoo Mail Message Send Info Capture (bleeding-policy.rules)
 2000341 - BLEEDING-EDGE Yahoo Mail General Page View (bleeding-policy.rules)
 2000354 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage (bleeding-policy.rules)
 2000418 - BLEEDING-EDGE Executable and linking format (ELF) file download (bleeding-policy.rules)
 2000419 - BLEEDING-EDGE PE EXE or DLL Windows file download (bleeding-policy.rules)
 2000420 - BLEEDING-EDGE REG files version 4 download (bleeding-policy.rules)
 2000421 - BLEEDING-EDGE REG files version 5 download (bleeding-policy.rules)
 2000422 - BLEEDING-EDGE REG files version 5 Unicode download (bleeding-policy.rules)
 2000423 - BLEEDING-EDGE NE EXE OS2 file download (bleeding-policy.rules)
 2000424 - BLEEDING-EDGE LX EXE OS2 file download (bleeding-policy.rules)
 2000425 - BLEEDING-EDGE NE EXE Windows 3.x file download (bleeding-policy.rules)
 2000426 - BLEEDING-EDGE EXE compressed PKWARE Windows file download (bleeding-policy.rules)
 2000427 - BLEEDING-EDGE PE EXE Install Windows file download (bleeding-policy.rules)
 2000428 - BLEEDING-EDGE ZIP file download (bleeding-policy.rules)
 2000429 - BLEEDING-EDGE Download Windows Help File CHM 2 (bleeding-policy.rules)
 2000489 - BLEEDING-EDGE Download Windows Help File CHM (bleeding-policy.rules)
 2000547 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000548 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000549 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000550 - BLEEDING-EDGE HTTP CONNECT Tunnel (bleeding-policy.rules)
 2000560 - BLEEDING-EDGE HTTP CONNECT Tunnel Attempt (bleeding-policy.rules)
 2001114 - BLEEDING-EDGE Policy Mozilla XPI install files download (bleeding-policy.rules)
 2001115 - BLEEDING-EDGE MSI (microsoft installer file) download (bleeding-policy.rules)
 2001116 - BLEEDING-EDGE DNS - Standard query response, Format error (bleeding-policy.rules)
 2001117 - BLEEDING-EDGE DNS - Standard query response, Name Error (bleeding-policy.rules)
 2001118 - BLEEDING-EDGE DNS - Standard query response, Not Implemented (bleeding-policy.rules)
 2001119 - BLEEDING-EDGE DNS - Standard query response, Refused (bleeding-policy.rules)
 2001260 - BLEEDING-EDGE CHAT Yahoo IM message (bleeding-policy.rules)
 2001264 - BLEEDING-EDGE CHAT Yahoo IM conference watch (bleeding-policy.rules)
 2001328 - BLEEDING-EDGE SSN Detected in Clear Text (bleeding-policy.rules)
 2001375 - BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit spaced) (bleeding-policy.rules)
 2001376 - BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit dashed) (bleeding-policy.rules)
 2001377 - BLEEDING-EDGE Credit Card Number Detected in Clear (16 digit) (bleeding-policy.rules)
 2001378 - BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit) (bleeding-policy.rules)
 2001379 - BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit spaced) (bleeding-policy.rules)
 2001380 - BLEEDING-EDGE Credit Card Number Detected in Clear (15 digit dashed) (bleeding-policy.rules)
 2001381 - BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit) (bleeding-policy.rules)
 2001382 - BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit spaced) (bleeding-policy.rules)
 2001383 - BLEEDING-EDGE Credit Card Number Detected in Clear (14 digit dashed) (bleeding-policy.rules)
 2001384 - BLEEDING-EDGE SSN Detected in Clear Text (bleeding-policy.rules)
 2001402 - BLEEDING-EDGE ZIPPED DOC in transit (bleeding-policy.rules)
 2001403 - BLEEDING-EDGE ZIPPED XLS in transit (bleeding-policy.rules)
 2001404 - BLEEDING-EDGE ZIPPED EXE in transit (bleeding-policy.rules)
 2001405 - BLEEDING-EDGE ZIPPED PPT in transit (bleeding-policy.rules)
 2001449 - BLEEDING-EDGE Policy Proxy Connection detected (bleeding-policy.rules)
 2001637 - BLEEDING-EDGE Policy SSH Successful user connection (bleeding-policy.rules)
 2001806 - BLEEDING-EDGE POLICY Administrator Login Detected (bleeding-policy.rules)
 2001845 - BLEEDING-EDGE [ISC] Possible MS Outlook email From forgery attempt (bleeding.rules)
 2001898 - BLEEDING-EDGE POLICY eBay Bid Placed (bleeding-policy.rules)
 2001907 - BLEEDING-EDGE POLICY eBay Placing Item for sale (bleeding-policy.rules)
 2001908 - BLEEDING-EDGE POLICY eBay View Item (bleeding-policy.rules)
 2001909 - BLEEDING-EDGE POLICY eBay Watch This Item (bleeding-policy.rules)
 2001951 - BLEEDING-EDGE POLICY RAR File Inbound (bleeding-policy.rules)
 2001957 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage (bleeding-policy.rules)
 2001958 - BLEEDING-EDGE Covert Non-Standard SSH Port Usage (bleeding-policy.rules)
 2001968 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (OpenSSH) (bleeding-policy.rules)
 2001969 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (SecureCRT) (bleeding-policy.rules)
 2001970 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (OpenSSH) (bleeding-policy.rules)
 2001971 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (SecureCRT) (bleeding-policy.rules)
 2001973 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Expected Port (bleeding-policy.rules)
 2001974 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Expected Port (bleeding-policy.rules)
 2001975 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Expected Port (bleeding-policy.rules)
 2001976 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Expected Port (bleeding-policy.rules)
 2001977 - BLEEDING-EDGE POLICY SSHv2 Client New Keys detected on Expected Port (bleeding-policy.rules)
 2001978 - BLEEDING-EDGE POLICY SSH session in progress on Expected Port (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2002006 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #Submitted by Patrick Harper. pcre by Matt Jonkman

     -> Added to bleeding-sid-msg.map (1):
        2001991 || BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command Execution Attempt || bugtraq,13930

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-policy.rules (1):
        #Submitted by Patrick Harper.  pcre by Matt Jonkman

     -> Removed from bleeding-sid-msg.map (2):
        2001991 || BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command Execution Attempt
        2002006 || BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity





More information about the Snort-sigs mailing list