[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Oct 11 18:35:00 EDT 2005


[***] Results from Oinkmaster started Tue Oct 11 20:00:13 2005 [***]

[+++]          Added rules:          [+++]

 2002410 - BLEEDING-EDGE POLICY SMTP Non-US Restricted Outbound (bleeding-policy.rules)
 2002411 - BLEEDING-EDGE POLICY SMTP Non-US Confidential Outbound (bleeding-policy.rules)
 2002412 - BLEEDING-EDGE POLICY SMTP Non-US Top Secret Outbound (bleeding-policy.rules)
 2002413 - BLEEDING-EDGE POLICY SMTP Non-US Secret (bleeding-policy.rules)
 2002414 - BLEEDING-EDGE POLICY SMTP NATO Restricted (bleeding-policy.rules)
 2002415 - BLEEDING-EDGE POLICY SMTP NATO Confidential Atomal (bleeding-policy.rules)
 2002416 - BLEEDING-EDGE POLICY SMTP NATO Confidential (bleeding-policy.rules)
 2002417 - BLEEDING-EDGE POLICY SMTP NATO COSMIC Top Secret Atomal (bleeding-policy.rules)
 2002418 - BLEEDING-EDGE POLICY SMTP NATO Secret Atomal (bleeding-policy.rules)
 2002419 - BLEEDING-EDGE POLICY SMTP NATO Secret (bleeding-policy.rules)
 2002420 - BLEEDING-EDGE POLICY SMTP US Confidential, Electronic (bleeding-policy.rules)
 2002421 - BLEEDING-EDGE POLICY SMTP US Top Secret, Electronic (bleeding-policy.rules)
 2002422 - BLEEDING-EDGE POLICY SMTP US Secret, Electronic (bleeding-policy.rules)
 2002423 - BLEEDING-EDGE POLICY SMTP US Confidential REL TO (bleeding-policy.rules)
 2002424 - BLEEDING-EDGE POLICY SMTP US Top Secret REL TO (bleeding-policy.rules)
 2002425 - BLEEDING-EDGE POLICY SMTP US Secret REL TO (bleeding-policy.rules)
 2002426 - BLEEDING-EDGE POLICY SMTP US Confidential COMINT (bleeding-policy.rules)
 2002427 - BLEEDING-EDGE POLICY SMTP US Top Secret COMINT (bleeding-policy.rules)
 2002428 - BLEEDING-EDGE POLICY SMTP US Secret COMINT (bleeding-policy.rules)
 2002429 - BLEEDING-EDGE POLICY SMTP US Unclassified COMSEC (bleeding-policy.rules)
 2002430 - BLEEDING-EDGE POLICY SMTP US Confidential COMSEC (bleeding-policy.rules)
 2002431 - BLEEDING-EDGE POLICY SMTP US Top Secret COMSEC (bleeding-policy.rules)
 2002432 - BLEEDING-EDGE POLICY SMTP US Secret COMSEC (bleeding-policy.rules)
 2002433 - BLEEDING-EDGE POLICY SMTP US Secret IMCON (bleeding-policy.rules)
 2002434 - BLEEDING-EDGE POLICY SMTP US Top Secret CNWDI (bleeding-policy.rules)
 2002435 - BLEEDING-EDGE POLICY SMTP US Secret CNWDI (bleeding-policy.rules)
 2002436 - BLEEDING-EDGE POLICY SMTP US Top Secret TK (bleeding-policy.rules)
 2002437 - BLEEDING-EDGE POLICY SMTP US Secret TK (bleeding-policy.rules)
 2002438 - BLEEDING-EDGE POLICY SMTP US FGI (bleeding-policy.rules)
 2002439 - BLEEDING-EDGE POLICY SMTP US FOUO (bleeding-policy.rules)
 2002440 - BLEEDING-EDGE POLICY SMTP US Confidential NOFORN (bleeding-policy.rules)
 2002441 - BLEEDING-EDGE POLICY SMTP US Top Secret NOFORN (bleeding-policy.rules)
 2002442 - BLEEDING-EDGE POLICY SMTP US Secret NOFORN (bleeding-policy.rules)
 2002443 - BLEEDING-EDGE POLICY SMTP US Confidential ORCON (bleeding-policy.rules)
 2002444 - BLEEDING-EDGE POLICY SMTP US Top Secret ORCON (bleeding-policy.rules)
 2002445 - BLEEDING-EDGE POLICY SMTP US Secret ORCON (bleeding-policy.rules)
 2002446 - BLEEDING-EDGE POLICY SMTP US Unclassified PROPIN (bleeding-policy.rules)
 2002447 - BLEEDING-EDGE POLICY SMTP US Confidential PROPIN (bleeding-policy.rules)
 2002448 - BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN (bleeding-policy.rules)
 2002449 - BLEEDING-EDGE POLICY SMTP US Secret PROPIN (bleeding-policy.rules)
 2002450 - BLEEDING-EDGE POLICY SMTP US Confidential RD (bleeding-policy.rules)
 2002451 - BLEEDING-EDGE POLICY SMTP US Top Secret RD (bleeding-policy.rules)
 2002452 - BLEEDING-EDGE POLICY SMTP US Secret RD (bleeding-policy.rules)
 2002453 - BLEEDING-EDGE POLICY SMTP US SAMI (bleeding-policy.rules)
 2002454 - BLEEDING-EDGE POLICY SMTP US Confidential SPECAT (bleeding-policy.rules)
 2002455 - BLEEDING-EDGE POLICY SMTP US Top Secret SPECAT (bleeding-policy.rules)
 2002456 - BLEEDING-EDGE POLICY SMTP US Secret SPECAT (bleeding-policy.rules)
 2002457 - BLEEDING-EDGE POLICY SMTP US Top Secret STOP (bleeding-policy.rules)
 2002458 - BLEEDING-EDGE POLICY SMTP Private (bleeding-policy.rules)
 2002459 - BLEEDING-EDGE POLICY SMTP Restricted (bleeding-policy.rules)
 2002460 - BLEEDING-EDGE POLICY SMTP Confidential (bleeding-policy.rules)
 2002461 - BLEEDING-EDGE POLICY SMTP Secret (bleeding-policy.rules)
 2002462 - BLEEDING-EDGE POLICY SMTP Top Secret (bleeding-policy.rules)
 2002463 - BLEEDING-EDGE POLICY SMTP Sealed (bleeding-policy.rules)
 2002464 - BLEEDING-EDGE POLICY SMTP Sensitive (bleeding-policy.rules)
 2002465 - BLEEDING-EDGE POLICY SMTP Proprietary (bleeding-policy.rules)
 2002466 - BLEEDING-EDGE POLICY SMTP Protected (bleeding-policy.rules)
 2002467 - BLEEDING-EDGE POLICY SMTP Law Enorcement Sensitive (bleeding-policy.rules)
 2002468 - BLEEDING-EDGE POLICY SMTP Internal Use Only (bleeding-policy.rules)
 2002469 - BLEEDING-EDGE POLICY SMTP Date of Birth (bleeding-policy.rules)
 2002470 - BLEEDING-EDGE POLICY SMTP HCPCS Code (bleeding-policy.rules)
 2002471 - BLEEDING-EDGE POLICY SMTP ICD-10 Code (bleeding-policy.rules)
 2002472 - BLEEDING-EDGE POLICY SMTP FDA NDC Code (bleeding-policy.rules)
 2002473 - BLEEDING-EDGE POLICY SMTP ADA Procedure Code (bleeding-policy.rules)
 2002474 - BLEEDING-EDGE POLICY SMTP DSM-IV Code (bleeding-policy.rules)
 2002475 - BLEEDING-EDGE POLICY SMTP AMA CPT Code (bleeding-policy.rules)
 2002477 - BLEEDING-EDGE POLICY SMTP Credit Card, JCB (bleeding-policy.rules)
 2002483 - BLEEDING-EDGE POLICY SMTP Password (bleeding-policy.rules)
 2002484 - BLEEDING-EDGE POLICY SMTP Appraisal (bleeding-policy.rules)
 2002485 - BLEEDING-EDGE POLICY SMTP Account Balance (bleeding-policy.rules)
 2002486 - BLEEDING-EDGE POLICY SMTP Payment History (bleeding-policy.rules)
 2002487 - BLEEDING-EDGE POLICY SMTP Annual Income (bleeding-policy.rules)
 2002488 - BLEEDING-EDGE POLICY SMTP Credit History (bleeding-policy.rules)
 2002489 - BLEEDING-EDGE POLICY SMTP Transaction History (bleeding-policy.rules)
 2002490 - BLEEDING-EDGE POLICY SMTP Customer List (bleeding-policy.rules)
 2002491 - BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 1) (bleeding-exploit.rules)
 2002492 - BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 2) (bleeding-exploit.rules)
 2002493 - BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 3) (bleeding-exploit.rules)
 2002494 - BLEEDING-EDGE WEB Versatile ulletin Board SQL Injection Attack (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2000929 - BLEEDING-EDGE Malware Hotbar Agent Activity (bleeding-malware.rules)
 2001197 - BLEEDING-EDGE PHPNuke SQL injection attempt (bleeding-web.rules)
 2001218 - BLEEDING-EDGE PHPNuke general XSS attempt (bleeding-web.rules)
 2001315 - BLEEDING-EDGE Malware Traffic Syndicate Agent Updating (1) (bleeding-malware.rules)
 2001316 - BLEEDING-EDGE Malware Traffic Syndicate Agent Updating (2) (bleeding-malware.rules)
 2002376 - BLEEDING-EDGE IBM Lotus Domino BaseTarget XSS attempt (bleeding-web.rules)
 2002377 - BLEEDING-EDGE IBM Lotus Domino Src XSS attempt (bleeding-web.rules)
 2002402 - BLEEDING-EDGE MALWARE Web Search User Agent 3 (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (79):
        #By Cory Bys, Particle.bored.
        # These are going to increase load on a snort process, and are NOT FOOLPROOF. But they may help reveal issues
        # with informaion flow. NOTE: These will not detect classified UUEncoded docs (email attachments) etc.
        # NPI via Email
        # Non-US Restricted
        # Non-US Confidential
        # Non-US Top Secret
        # Non-US Secret
        # NATO Restricted
        # NATO Confidential Atomal
        # NATO Confidential
        # NATO COSMIC Top Secret Atomal
        # NATO Secret Atomal
        # NATO Secret
        # US Confidential, Electronic Format
        # US Top Secret, Electronic Format
        # US Secret, Electronic Format
        # US Confidential Authorized for Release To
        # US Top Secret Authorized for Release To
        # US Secret Authorized for Release To
        # US Confidential Comint
        # US Top Secret Comint
        # US Secret Comint
        # US Unclassified Communications Security Material
        # US Confidential Communications Security Material
        # US Top Secret Communications Security Material
        # US Secret Communications Security Material
        # US Controlled Imagery
        # US Top Secret Critical Nuclear Weapon Design Information
        # US Secret Critical Nuclear Weapon Design Information
        # US Top Secret Talent Keyhole
        # US Secret Talent Keyhole
        # US Foreign Government Information
        # US For Official Use Only
        # US Confidential Not Releasable to Foreign Nationals
        # US Top Secret Not Releasable to Foreign Nationals
        # US Secret Not Releasable to Foreign Nationals
        # US Confidential Originator Controlled
        # US Top Secret Originator Controlled
        # US Secret Originator Controlled
        # US Unclassified Proprietary Information
        # US Confidential Proprietary Information
        # US Top Secret Proprietary Information
        # US Secret Proprietary Information
        # US Confidential Restricted Data
        # US Top Secret Restricted Data
        # US Secret Restricted Data
        # US Sources and Methods Information
        # US Confidential Special Category
        # US Top Secret Special Category
        # US Secret Special Category
        # US Top Secret Single Integrated Operations Plan
        # The word "private"
        # The word "restricted"
        # The word "confidential"
        # The word "secret"
        # The phrase "top secret"
        # The word "sealed"
        # The word "sensitive"
        # The word "proprietary"
        # The word "protected"
        # The phrase "law enforcement sensitive"
        # The phrase "internal use only"
        # The phrase "date of birth" or its typical abbreviations
        # Health Care Common Procedure Coding System (HCPCS) Codes
        # International Statistical Classification of Diseases and Related Health Problems 10th Revision (ICD-10) Codes
        # Food and Drug Administration (FDA) National Drug Code (NDC) Codes
        # American Dental Association (ADA) Dental Procedure Codes
        # Diagnostic and Statistical Manual of Mental Disorders (DSM-IV) Codes
        # American Medical Association (AMA) Current Procedural Terminology (CPT) Codes
        # Japan Credit Bureau Credit Card Number
        # The word "password", its typical abbreviations or written/abbreviated in a few forms of "leet"
        # The word "appraisal"
        # The phrase "account balance"
        # The phrase "payment history"
        # The phrase "annual income"
        # The phrase "credit history"
        # The phrase "transaction history"
        # The phrase "customer list"

     -> Added to bleeding-sid-msg.map (83):
        2001197 || BLEEDING-EDGE PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35
        2001218 || BLEEDING-EDGE PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030
        2002376 || BLEEDING-EDGE IBM Lotus Domino BaseTarget XSS attempt || bugtraq,14845
        2002377 || BLEEDING-EDGE IBM Lotus Domino Src XSS attempt || bugtraq,14846
        2002410 || BLEEDING-EDGE POLICY SMTP Non-US Restricted Outbound
        2002411 || BLEEDING-EDGE POLICY SMTP Non-US Confidential Outbound
        2002412 || BLEEDING-EDGE POLICY SMTP Non-US Top Secret Outbound
        2002413 || BLEEDING-EDGE POLICY SMTP Non-US Secret
        2002414 || BLEEDING-EDGE POLICY SMTP NATO Restricted
        2002415 || BLEEDING-EDGE POLICY SMTP NATO Confidential Atomal
        2002416 || BLEEDING-EDGE POLICY SMTP NATO Confidential
        2002417 || BLEEDING-EDGE POLICY SMTP NATO COSMIC Top Secret Atomal
        2002418 || BLEEDING-EDGE POLICY SMTP NATO Secret Atomal
        2002419 || BLEEDING-EDGE POLICY SMTP NATO Secret
        2002420 || BLEEDING-EDGE POLICY SMTP US Confidential, Electronic
        2002421 || BLEEDING-EDGE POLICY SMTP US Top Secret, Electronic
        2002422 || BLEEDING-EDGE POLICY SMTP US Secret, Electronic
        2002423 || BLEEDING-EDGE POLICY SMTP US Confidential REL TO
        2002424 || BLEEDING-EDGE POLICY SMTP US Top Secret REL TO
        2002425 || BLEEDING-EDGE POLICY SMTP US Secret REL TO
        2002426 || BLEEDING-EDGE POLICY SMTP US Confidential COMINT
        2002427 || BLEEDING-EDGE POLICY SMTP US Top Secret COMINT
        2002428 || BLEEDING-EDGE POLICY SMTP US Secret COMINT
        2002429 || BLEEDING-EDGE POLICY SMTP US Unclassified COMSEC
        2002430 || BLEEDING-EDGE POLICY SMTP US Confidential COMSEC
        2002431 || BLEEDING-EDGE POLICY SMTP US Top Secret COMSEC
        2002432 || BLEEDING-EDGE POLICY SMTP US Secret COMSEC
        2002433 || BLEEDING-EDGE POLICY SMTP US Secret IMCON
        2002434 || BLEEDING-EDGE POLICY SMTP US Top Secret CNWDI
        2002435 || BLEEDING-EDGE POLICY SMTP US Secret CNWDI
        2002436 || BLEEDING-EDGE POLICY SMTP US Top Secret TK
        2002437 || BLEEDING-EDGE POLICY SMTP US Secret TK
        2002438 || BLEEDING-EDGE POLICY SMTP US FGI
        2002439 || BLEEDING-EDGE POLICY SMTP US FOUO
        2002440 || BLEEDING-EDGE POLICY SMTP US Confidential NOFORN
        2002441 || BLEEDING-EDGE POLICY SMTP US Top Secret NOFORN
        2002442 || BLEEDING-EDGE POLICY SMTP US Secret NOFORN
        2002443 || BLEEDING-EDGE POLICY SMTP US Confidential ORCON
        2002444 || BLEEDING-EDGE POLICY SMTP US Top Secret ORCON
        2002445 || BLEEDING-EDGE POLICY SMTP US Secret ORCON
        2002446 || BLEEDING-EDGE POLICY SMTP US Unclassified PROPIN
        2002447 || BLEEDING-EDGE POLICY SMTP US Confidential PROPIN
        2002448 || BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN
        2002449 || BLEEDING-EDGE POLICY SMTP US Secret PROPIN
        2002450 || BLEEDING-EDGE POLICY SMTP US Confidential RD
        2002451 || BLEEDING-EDGE POLICY SMTP US Top Secret RD
        2002452 || BLEEDING-EDGE POLICY SMTP US Secret RD
        2002453 || BLEEDING-EDGE POLICY SMTP US SAMI
        2002454 || BLEEDING-EDGE POLICY SMTP US Confidential SPECAT
        2002455 || BLEEDING-EDGE POLICY SMTP US Top Secret SPECAT
        2002456 || BLEEDING-EDGE POLICY SMTP US Secret SPECAT
        2002457 || BLEEDING-EDGE POLICY SMTP US Top Secret STOP
        2002458 || BLEEDING-EDGE POLICY SMTP Private
        2002459 || BLEEDING-EDGE POLICY SMTP Restricted
        2002460 || BLEEDING-EDGE POLICY SMTP Confidential
        2002461 || BLEEDING-EDGE POLICY SMTP Secret
        2002462 || BLEEDING-EDGE POLICY SMTP Top Secret
        2002463 || BLEEDING-EDGE POLICY SMTP Sealed
        2002464 || BLEEDING-EDGE POLICY SMTP Sensitive
        2002465 || BLEEDING-EDGE POLICY SMTP Proprietary
        2002466 || BLEEDING-EDGE POLICY SMTP Protected
        2002467 || BLEEDING-EDGE POLICY SMTP Law Enorcement Sensitive
        2002468 || BLEEDING-EDGE POLICY SMTP Internal Use Only
        2002469 || BLEEDING-EDGE POLICY SMTP Date of Birth
        2002470 || BLEEDING-EDGE POLICY SMTP HCPCS Code
        2002471 || BLEEDING-EDGE POLICY SMTP ICD-10 Code
        2002472 || BLEEDING-EDGE POLICY SMTP FDA NDC Code
        2002473 || BLEEDING-EDGE POLICY SMTP ADA Procedure Code
        2002474 || BLEEDING-EDGE POLICY SMTP DSM-IV Code
        2002475 || BLEEDING-EDGE POLICY SMTP AMA CPT Code
        2002477 || BLEEDING-EDGE POLICY SMTP Credit Card, JCB
        2002483 || BLEEDING-EDGE POLICY SMTP Password
        2002484 || BLEEDING-EDGE POLICY SMTP Appraisal
        2002485 || BLEEDING-EDGE POLICY SMTP Account Balance
        2002486 || BLEEDING-EDGE POLICY SMTP Payment History
        2002487 || BLEEDING-EDGE POLICY SMTP Annual Income
        2002488 || BLEEDING-EDGE POLICY SMTP Credit History
        2002489 || BLEEDING-EDGE POLICY SMTP Transaction History
        2002490 || BLEEDING-EDGE POLICY SMTP Customer List
        2002491 || BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 1) || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || cve,2005-2127
        2002492 || BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 2) || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || cve,2005-2127
        2002493 || BLEEDING-EDGE EXPLOIT COM Object MS05-052 (group 3) || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || cve,2005-2127
        2002494 || BLEEDING-EDGE WEB Versatile ulletin Board SQL Injection Attack || bugtraq,15068

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (4):
        2001197 || BLEEDING-EDGE PHPNuke SQL injection attemp || url,www.waraxe.us/index.php?modname=sa&id=35
        2001218 || BLEEDING-EDGE PHPNuke general XSS attemp || url,www.waraxe.us/?modname=sa&id=030
        2002376 || BLEEDING-EDGE IBM Lotus Domino BaseTarget XSS attemp || bugtraq,14845
        2002377 || BLEEDING-EDGE IBM Lotus Domino Src XSS attemp || bugtraq,14846





More information about the Snort-sigs mailing list