[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Jun 24 18:03:25 EDT 2005


[***] Results from Oinkmaster started Fri Jun 24 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2000004 - BLEEDING-EDGE EXPLOIT Microsoft MHTML URL Redirection Attempt (bleeding-exploit.rules)
 2000005 - BLEEDING-EDGE EXPLOIT Cisco Telnet Buffer Overflow (bleeding-exploit.rules)
 2000006 - BLEEDING-EDGE DOS Cisco Router HTTP DoS (bleeding-dos.rules)
 2000007 - BLEEDING-EDGE EXPLOIT Catalyst SSH protocol mismatch (bleeding-exploit.rules)
 2000008 - BLEEDING-EDGE EXPLOIT Catalyst 3500 arbitrary command (bleeding-exploit.rules)
 2000009 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP DoS (bleeding-exploit.rules)
 2000010 - BLEEDING-EDGE DOS Cisco 514 UDP flood DoS (bleeding-dos.rules)
 2000011 - BLEEDING-EDGE DOS Catalyst memory leak attack (bleeding-dos.rules)
 2000012 - BLEEDING-EDGE EXPLOIT Cisco %u IDS evasion (bleeding-exploit.rules)
 2000013 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP server DoS (bleeding-exploit.rules)
 2000016 - BLEEDING-EDGE DOS SSL Bomb DoS Attempt (bleeding-dos.rules)
 2000017 - BLEEDING-EDGE EXPLOIT NII Microsoft ASN.1 Library Buffer Overflow Exploit (bleeding-exploit.rules)
 2000031 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target BSD) (bleeding-exploit.rules)
 2000032 - BLEEDING-EDGE EXPLOIT LSA exploit (bleeding-exploit.rules)
 2000033 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) (bleeding-exploit.rules)
 2000046 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) (bleeding-exploit.rules)
 2000048 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target Linux) (bleeding-exploit.rules)
 2000049 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target Solaris) (bleeding-exploit.rules)
 2000329 - BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC Buffer Overflow (bleeding-exploit.rules)
 2000342 - BLEEDING-EDGE EXPLOIT Squid NTLM Auth Overflow Exploit (bleeding-exploit.rules)
 2000372 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection running SQL statements line comment (bleeding-exploit.rules)
 2000373 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection line comment (bleeding-exploit.rules)
 2000377 - BLEEDING-EDGE EXPLOIT MS-SQL heap overflow attempt (bleeding-exploit.rules)
 2000378 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) (bleeding-exploit.rules)
 2000379 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 1 byte (bleeding-exploit.rules)
 2000380 - BLEEDING-EDGE EXPLOIT MS-SQL Spike buffer overflow (bleeding-exploit.rules)
 2000381 - BLEEDING-EDGE EXPLOIT MS-SQL DOS bouncing packets (bleeding-exploit.rules)
 2000488 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection closing string plus line comment (bleeding-exploit.rules)
 2000496 - BLEEDING-EDGE DOS Microsoft SMS dos attempt (bleeding-dos.rules)
 2000536 - BLEEDING-EDGE SCAN NMAP -sO (bleeding-scan.rules)
 2000537 - BLEEDING-EDGE SCAN NMAP -sS (bleeding-scan.rules)
 2000538 - BLEEDING-EDGE SCAN NMAP -sA (bleeding-scan.rules)
 2000540 - BLEEDING-EDGE SCAN NMAP -sA (bleeding-scan.rules)
 2000543 - BLEEDING-EDGE SCAN NMAP -f -sF (bleeding-scan.rules)
 2000544 - BLEEDING-EDGE SCAN NMAP -f -sN (bleeding-scan.rules)
 2000545 - BLEEDING-EDGE SCAN NMAP -f -sS (bleeding-scan.rules)
 2000546 - BLEEDING-EDGE SCAN NMAP -f -sX (bleeding-scan.rules)
 2000559 - BLEEDING-EDGE THCIISLame IIS SSL Exploit Attempt (bleeding-web.rules)
 2000563 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 445 (bleeding-exploit.rules)
 2000564 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 445 (bleeding-exploit.rules)
 2000565 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 139 (bleeding-exploit.rules)
 2000566 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 445 (bleeding-exploit.rules)
 2000567 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 139 (bleeding-exploit.rules)
 2000568 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 139 (bleeding-exploit.rules)
 2000575 - BLEEDING-EDGE ICMP PING IPTools (bleeding-scan.rules)
 2001021 - BLEEDING-EDGE Suspicious Encrypted Webpage Content (bleeding-web.rules)
 2001022 - BLEEDING-EDGE EXPLOIT Invalid non-fragmented packet with fragment offset>0 (bleeding-exploit.rules)
 2001023 - BLEEDING-EDGE EXPLOIT Invalid fragment - ACK reset (bleeding-exploit.rules)
 2001024 - BLEEDING-EDGE EXPLOIT Invalid fragment - illegal flags (bleeding-exploit.rules)
 2001048 - BLEEDING-EDGE EXPLOIT IE process injection iexplore.exe executable download (bleeding-exploit.rules)
 2001049 - BLEEDING-EDGE EXPLOIT Buffer Overflow Exploit in Adobe Acrobat Reader (bleeding-exploit.rules)
 2001052 - BLEEDING-EDGE EXPLOIT NTDump Session Established Reg-Entry port 139 (bleeding-exploit.rules)
 2001053 - BLEEDING-EDGE EXPLOIT NTDump.exe Service Started port 139 (bleeding-exploit.rules)
 2001058 - BLEEDING-EDGE EXPLOIT libpng tRNS overflow attempt (bleeding-exploit.rules)
 2001075 - BLEEDING-EDGE WEB-MISC cross site scripting attempt IMG onerror or onload (bleeding-web.rules)
 2001077 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + JAVASCRIPT (bleeding-web.rules)
 2001078 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + JSCRIPT (bleeding-web.rules)
 2001079 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT (bleeding-web.rules)
 2001080 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT (bleeding-web.rules)
 2001081 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + ECMACRIPT (bleeding-web.rules)
 2001082 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + EXPRESSION (bleeding-web.rules)
 2001083 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + EXPRESSION (bleeding-web.rules)
 2001084 - BLEEDING-EDGE WEB-MISC cross site scripting attempt using XML (bleeding-web.rules)
 2001085 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden Javascript (bleeding-web.rules)
 2001086 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden Javascript (bleeding-web.rules)
 2001087 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to execute Javascript code (bleeding-web.rules)
 2001088 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to execute VBScript code (bleeding-web.rules)
 2001089 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to access SHELL\: (bleeding-web.rules)
 2001090 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to execute Javascript code (bleeding-web.rules)
 2001091 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to execute VBScript code (bleeding-web.rules)
 2001092 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to access SHELL\: (bleeding-web.rules)
 2001093 - BLEEDING-EDGE EXPLOIT IE Local zone Shell execution of arbitrary code (bleeding-exploit.rules)
 2001094 - BLEEDING-EDGE EXPLOIT Internet Explorer URL parsing vulnerability (bleeding-exploit.rules)
 2001095 - BLEEDING-EDGE EXPLOIT IFRAME ExecCommand vulnerability (bleeding-exploit.rules)
 2001097 - BLEEDING-EDGE EXPLOIT Internet Explorer Object Data Remote Execution Vulnerability (bleeding-exploit.rules)
 2001099 - BLEEDING-EDGE EXPLOIT Attempt to execute VBScript code (bleeding-exploit.rules)
 2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code (bleeding-exploit.rules)
 2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code (bleeding-exploit.rules)
 2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\: (bleeding-exploit.rules)
 2001105 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval (bleeding-exploit.rules)
 2001106 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval hex (bleeding-exploit.rules)
 2001181 - BLEEDING-EDGE EXPLOIT Internet Explorer Plugin.ocx Heap Overflow (bleeding-exploit.rules)
 2001182 - BLEEDING-EDGE EXPLOIT IE trojan Ants3set 1.exe - process injection (bleeding-exploit.rules)
 2001190 - BLEEDING-EDGE EXPLOIT libPNG - Possible NULL-pointer crash in png_handle_iCCP (bleeding-exploit.rules)
 2001191 - BLEEDING-EDGE EXPLOIT libPNG - Width exceeds limit (bleeding-exploit.rules)
 2001192 - BLEEDING-EDGE EXPLOIT libPNG - Height exceeds limit (bleeding-exploit.rules)
 2001195 - BLEEDING-EDGE EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT (bleeding-exploit.rules)
 2001197 - BLEEDING-EDGE PHPNuke SQL injection attemp (bleeding-web.rules)
 2001202 - BLEEDING-EDGE PHPNuke general SQL injection attempt (bleeding-web.rules)
 2001205 - BLEEDING-EDGE DOS Internet Explorer Memory Corruption Bug (bleeding-dos.rules)
 2001206 - BLEEDING-EDGE EXPLOIT Mozilla Firefox Certificate Spoofing (bleeding-exploit.rules)
 2001207 - BLEEDING-EDGE EXPLOIT Mozilla Cookie theft (bleeding-exploit.rules)
 2001209 - BLEEDING-EDGE EXPLOIT Mozilla FTP View Cross-Site Scripting Vulnerability (bleeding-exploit.rules)
 2001210 - BLEEDING-EDGE EXPLOIT FTP Serv-U Local Privilege Escalation Vulnerability (bleeding-exploit.rules)
 2001211 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability (bleeding-exploit.rules)
 2001212 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability (bleeding-exploit.rules)
 2001213 - BLEEDING-EDGE EXPLOIT FTP Serv-U LIST -l Parameter Buffer Overflow (bleeding-exploit.rules)
 2001215 - BLEEDING-EDGE EXPLOIT FTP Serv-U Server Long Filename Stack Overflow Vulnerability (bleeding-exploit.rules)
 2001217 - BLEEDING-EDGE EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte (bleeding-exploit.rules)
 2001218 - BLEEDING-EDGE PHPNuke general XSS attemp (bleeding-web.rules)
 2001219 - BLEEDING-EDGE Potential SSH Scan (bleeding-scan.rules)
 2001238 - BLEEDING-EDGE Possible Xedus Webserver Directory Traversal Attempt (bleeding-web.rules)
 2001342 - BLEEDING-EDGE WEB-IIS ASP.net Auth Bypass / Canonicalization (bleeding-web.rules)
 2001343 - BLEEDING-EDGE WEB-IIS ASP.net Auth Bypass / Canonicalization % 5 C (bleeding-web.rules)
 2001344 - BLEEDING-EDGE WEB-PHP EasyDynamicPages exploit (bleeding-web.rules)
 2001346 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn preteen (bleeding-inappropriate.rules)
 2001347 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn pre-teen (bleeding-inappropriate.rules)
 2001348 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn early teen (bleeding-inappropriate.rules)
 2001349 - BLEEDING-EDGE INAPROPRIATE free XXX (bleeding-inappropriate.rules)
 2001350 - BLEEDING-EDGE INAPROPRIATE hardcore anal (bleeding-inappropriate.rules)
 2001351 - BLEEDING-EDGE INAPROPRIATE masturbation (bleeding-inappropriate.rules)
 2001352 - BLEEDING-EDGE INAPROPRIATE ejaculation (bleeding-inappropriate.rules)
 2001353 - BLEEDING-EDGE INAPROPRIATE BDSM (bleeding-inappropriate.rules)
 2001362 - BLEEDING-EDGE DOS MS04-030 Attempted DoS (bleeding-dos.rules)
 2001363 - BLEEDING-EDGE EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt (bleeding-exploit.rules)
 2001364 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt (bleeding-exploit.rules)
 2001365 - BLEEDING-EDGE WEB-MISC Alternate Data Stream source view attempt (bleeding-web.rules)
 2001366 - BLEEDING-EDGE DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt (bleeding-dos.rules)
 2001369 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit (bleeding-exploit.rules)
 2001374 - BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file (bleeding-exploit.rules)
 2001385 - BLEEDING-EDGE EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt (bleeding-exploit.rules)
 2001386 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn pthc (bleeding-inappropriate.rules)
 2001387 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn zeps (bleeding-inappropriate.rules)
 2001388 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn r at ...2850... (bleeding-inappropriate.rules)
 2001389 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn childlover (bleeding-inappropriate.rules)
 2001392 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected (bleeding-inappropriate.rules)
 2001393 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected (bleeding-inappropriate.rules)
 2001401 - BLEEDING-EDGE EXPLOIT IE IFRAME Exploit (bleeding-exploit.rules)
 2001457 - BLEEDING-EDGE Exploit phpBB Highlighting Code Execution Attempt (bleeding-web.rules)
 2001543 - BLEEDING-EDGE EXPLOIT NTDump Session Established Reg-Entry port 445 (bleeding-exploit.rules)
 2001544 - BLEEDING-EDGE EXPLOIT NTDump.exe Service Started port 445 (bleeding-exploit.rules)
 2001546 - BLEEDING-EDGE WEB-MISC LINK Method (bleeding-web.rules)
 2001549 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001550 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001551 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001552 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001553 - BLEEDING-EDGE Scan Possible SSL Brute Force attack or Site Crawl (bleeding-scan.rules)
 2001557 - BLEEDING-EDGE Exploit phpBB Highlighting SQL Injection (bleeding-web.rules)
 2001569 - BLEEDING-EDGE Behavioral Unusual Port 445 traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001579 - BLEEDING-EDGE Behavioral Unusual Port 139 traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001580 - BLEEDING-EDGE Behavioral Unusual Port 137 traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001581 - BLEEDING-EDGE Behavioral Unusual Port 135 traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001582 - BLEEDING-EDGE Behavioral Unusual Port 1434 traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001583 - BLEEDING-EDGE Behavioral Unusual Port 1433 traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001604 - BLEEDING-EDGE Exploit phpBB Highlighting Code Execution - Santy.A Worm (bleeding-web.rules)
 2001605 - BLEEDING-EDGE Exploit phpBB Highlight Exploit Attempt (bleeding-web.rules)
 2001608 - BLEEDING-EDGE INAPROPRIATE Likely Porn (bleeding-inappropriate.rules)
 2001609 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 (bleeding-scan.rules)
 2001610 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 (bleeding-scan.rules)
 2001611 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 (bleeding-scan.rules)
 2001621 - BLEEDING-EDGE Exploit Suspected PHP Injection Attack (bleeding-web.rules)
 2001622 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 1 (bleeding-exploit.rules)
 2001623 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 2 (bleeding-exploit.rules)
 2001624 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 3 (bleeding-exploit.rules)
 2001625 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 1 (bleeding-exploit.rules)
 2001626 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 2 (bleeding-exploit.rules)
 2001627 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 3 (bleeding-exploit.rules)
 2001633 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise (bleeding-exploit.rules)
 2001634 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise (bleeding-exploit.rules)
 2001635 - BLEEDING-EDGE DOS HTTP GET with newline appended (bleeding-dos.rules)
 2001636 - BLEEDING-EDGE DOS squ1rt Apache DoS (bleeding-dos.rules)
 2001667 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (bleeding-exploit.rules)
 2001668 - BLEEDING-EDGE EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack (bleeding-exploit.rules)
 2001669 - BLEEDING-EDGE Web Proxy GET Request (bleeding-web.rules)
 2001670 - BLEEDING-EDGE Web Proxy HEAD Request (bleeding-web.rules)
 2001671 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com) (bleeding-exploit.rules)
 2001674 - BLEEDING-EDGE Proxy POST Request (bleeding-web.rules)
 2001675 - BLEEDING-EDGE Proxy CONNECT Request (bleeding-web.rules)
 2001686 - BLEEDING-EDGE EXPLOIT Awstats Remote Code Execution Attempt (bleeding-exploit.rules)
 2001716 - BLEEDING-EDGE Web IDN url seen.. (bleeding-web.rules)
 2001718 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad width (bleeding-exploit.rules)
 2001719 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad height (bleeding-exploit.rules)
 2001720 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color (bleeding-exploit.rules)
 2001721 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big PLTE (bleeding-exploit.rules)
 2001722 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big hIST (bleeding-exploit.rules)
 2001724 - BLEEDING-EDGE EXPLOIT libpng CAN-2004-1244 overflow attempt (bleeding-exploit.rules)
 2001725 - BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit (bleeding-exploit.rules)
 2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt (bleeding-exploit.rules)
 2001738 - BLEEDING-EDGE WEB PHP vBulletin Remote Command Execution Attempt (bleeding-web.rules)
 2001742 - BLEEDING-EDGE EXPLOIT Arkeia full remote access without password or authentication (bleeding-exploit.rules)
 2001751 - BLEEDING-EDGE EXPLOIT Shoutcast file request overflow (bleeding-exploit.rules)
 2001753 - BLEEDING-EDGE EXPLOIT Pwdump4 Session Established GetHash port 139 (bleeding-exploit.rules)
 2001754 - BLEEDING-EDGE EXPLOIT Pwdump4 Session Established GetHash port 445 (bleeding-exploit.rules)
 2001762 - BLEEDING-EDGE WEB phpbb Session Cookie (bleeding-web.rules)
 2001767 - BLEEDING-EDGE WEB ORACLE OLEDB asp error (bleeding-web.rules)
 2001768 - BLEEDING-EDGE WEB MS SQL Server OLEDB asp error (bleeding-web.rules)
 2001780 - BLEEDING-EDGE EXPLOIT Solaris TTYPROMPT environment variable set (bleeding-exploit.rules)
 2001781 - BLEEDING-EDGE WEB ORACLE rwcgi60 information leak attempt (bleeding-web.rules)
 2001784 - BLEEDING-EDGE EXPLOIT AWStats (awstats_shell) Remote Code Execution (bleeding-exploit.rules)
 2001785 - BLEEDING-EDGE EXPLOIT PHP (allow_url_fopen) File Injection Bug Feature (bleeding-exploit.rules)
 2001795 - BLEEDING-EDGE DOS Excessive SMTP MAIL-FROM DDoS (bleeding-dos.rules)
 2001807 - BLEEDING-EDGE EXPLOIT CAN-2005-0399 Gif Vuln via http (bleeding-exploit.rules)
 2001810 - BLEEDING-EDGE EXPLOIT WEB PHP remote file include exploit attempt (bleeding-web.rules)
 2001811 - BLEEDING-EDGE WEB Encoded javascriptdocument.write - usually hostile (bleeding-web.rules)
 2001813 - BLEEDING-EDGE EXPLOIT MSIE Hidden Address Bar (Phish) (bleeding-exploit.rules)
 2001846 - BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt (bleeding-dos.rules)
 2001848 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack (bleeding-exploit.rules)
 2001849 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack (bleeding-exploit.rules)
 2001873 - BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021) (bleeding-exploit.rules)
 2001874 - BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021) (bleeding-exploit.rules)
 2001875 - BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted (bleeding-exploit.rules)
 2001876 - BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk, but didn't die (MS05-021) (bleeding-exploit.rules)
 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold (bleeding-dos.rules)
 2001883 - BLEEDING-EDGE EXPLOIT Kali Tagboard Command Execution Attempt (bleeding-exploit.rules)
 2001904 - BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, Potential Scan or Brute Force (bleeding-scan.rules)
 2001906 - BLEEDING-EDGE SCAN MYSQL 4.0 brute force root login attempt (bleeding-scan.rules)
 2001915 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP) (bleeding-exploit.rules)
 2001916 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-TCP) (bleeding-exploit.rules)
 2001917 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-UDP) (bleeding-exploit.rules)
 2001918 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-UDP) (bleeding-exploit.rules)
 2001928 - BLEEDING-EDGE WEB XSS Possible Arbitrary Scripting Code Attack in phpBB (private message) (bleeding-web.rules)
 2001929 - BLEEDING-EDGE WEB XSS Possible Arbitrary Scripting Code Attack in phpBB (signature) (bleeding-web.rules)
 2001932 - BLEEDING-EDGE Exploit wowBB view_user.php SQL Injection (bleeding-exploit.rules)
 2001944 - BLEEDING-EDGE EXPLOIT MS04-007 Kill-Bill ASN1 exploit attempt (bleeding-exploit.rules)
 2001945 - BLEEDING-EDGE WEB WebAPP Apage.CGI Remote Command Execution Attempt (bleeding-web.rules)
 2001949 - BLEEDING-EDGE WEB Athena Web Registration Remote Command Execution Attempt (bleeding-web.rules)
 2001954 - BLEEDING-EDGE EXPLOIT Meteor FTP Server Exploit (bleeding-exploit.rules)
 2001972 - BLEEDING-EDGE Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (bleeding-scan.rules)
 2001988 - BLEEDING-EDGE EXPLOIT MySQL MaxDB Buffer Overflow (bleeding-exploit.rules)
 2001990 - BLEEDING-EDGE EXPLOIT JamMail Jammail.pl Remote Command Execution Attempt (bleeding-exploit.rules)
 2001991 - BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command Execution Attempt (bleeding-exploit.rules)


[///]    Modified inactive rules:    [///]

 2001076 - BLEEDING-EDGE WEB-MISC cross site scripting attempt TYPE + JAVASCRIPT (bleeding-web.rules)
 2001208 - BLEEDING-EDGE EXPLOIT Reading Local Files in Netscape 6 and Mozilla (bleeding-exploit.rules)
 2001723 - BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad PNG (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (5):
        # NOTE: If you can, put in a check on offset 20 through 23, as these
        # the traffic that caused the icmp unreach (EG: YOU.) example, if you
        # You get the idea. This may well be unnecessary overkill. YMMV.
        # below a sane value, eg 576 bytes. Adjust to taste.
        # real world might even go as high as 1100 bytes min. YMMV.

     -> Added to bleeding-sid-msg.map (4):
        2001350 || BLEEDING-EDGE INAPROPRIATE hardcore anal
        2001351 || BLEEDING-EDGE INAPROPRIATE masturbation
        2001352 || BLEEDING-EDGE INAPROPRIATE ejaculation
        2001353 || BLEEDING-EDGE INAPROPRIATE BDSM

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dos.rules (5):
        # NOTE:  If you can, put in a check on offset 20 through 23, as these
        # the traffic that caused the icmp unreach (EG: YOU.)   example, if you
        # You get the idea. This may well be unnecessary overkill.  YMMV.
        # below a sane value, eg 576 bytes.  Adjust to taste.
        # real world might even go as high as 1100 bytes min.  YMMV.

     -> Removed from bleeding-sid-msg.map (20):
        2000374 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection trying to guess the column name || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000375 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000376 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection running SQL statements NO line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000490 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 2 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000491 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 3 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000492 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 4 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000493 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 5 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000535 || BLEEDING-EDGE CUSTOM SCAN NMAP -sT or TCP incoming connection || arachnids,162
        2000539 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
        2000541 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
        2000542 || BLEEDING-EDGE CUSTOM SCAN NMAP -sU || arachnids,162
        2001098 || BLEEDING-EDGE CUSTOM Attempt to execute Javascript code
        2001100 || BLEEDING-EDGE CUSTOM Attempt to access SHELL\:
        2001104 || BLEEDING-EDGE CUSTOM Stealth attempt to access FILE\:
        2001175 || BLEEDING-EDGE CUSTOM Internet Explorer Bitmap Integer Overflow || url,www.securitytracker.com/alerts/2004/Feb/1009067.html
        2001180 || BLEEDING-EDGE CUSTOM Internet Explorer Object Type Property Overflow || url,www.hnc3k.com/ievulnerabil.htm
        2001350 || BLEEDING-EDGE INAPROPRIATE  hardcore anal
        2001351 || BLEEDING-EDGE INAPROPRIATE  masturbation
        2001352 || BLEEDING-EDGE INAPROPRIATE  ejaculation
        2001353 || BLEEDING-EDGE INAPROPRIATE  BDSM





More information about the Snort-sigs mailing list