[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sat Aug 5 21:00:13 EDT 2006


[***] Results from Oinkmaster started Sat Aug  5 21:00:13 2006 [***]

[+++]          Added rules:          [+++]

 2003070 - BLEEDING-EDGE WORM Korgo.U Reporting (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2002034 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP (linux style) (bleeding-attack_response.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002658 - BLEEDING-EDGE POLICY EIN in the clear (US-IRS Employer ID Number) (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2002034 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP (linux style)
        2003070 || BLEEDING-EDGE WORM Korgo.U Reporting || url,www.f-secure.com/v-descs/korgo_u.shtml

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2002034 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP





More information about the Snort-sigs mailing list