[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Feb 7 17:01:01 EST 2006


[***] Results from Oinkmaster started Tue Feb  7 20:00:11 2006 [***]

[+++]          Added rules:          [+++]

 2002185 - BLEEDING-EDGE WORM Possible MS05-039 PnP worm infection (bleeding-virus.rules)
 2002190 - BLEEDING-EDGE WORM Possible UPnP Infection - gc.exe download (bleeding-virus.rules)
 2002733 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - All Ports - v3 (bleeding-exploit.rules)
 2002734 - BLEEDING-EDGE CURRENT WMF Exploit (bleeding-exploit.rules)
 2002741 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Web Only - version 3 (bleeding-exploit.rules)
 2002742 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Version 3 (bleeding-exploit.rules)
 2002743 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Web Only - all versions (bleeding-exploit.rules)
 2002757 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Web Only - version 1 (bleeding-exploit.rules)
 2002758 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Version 1 (bleeding-exploit.rules)
 2002759 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - All Ports - v1 (bleeding-exploit.rules)
 2002799 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt (bleeding-exploit.rules)


[///]     Modified active rules:     [///]

 2001591 - BLEEDING-EDGE Virus NetSky.C Worm - outgoing detected (bleeding-virus.rules)
 2001603 - BLEEDING-EDGE Virus Netsky.Z Worm - outgoing detected (bleeding-virus.rules)
 2001621 - BLEEDING-EDGE Exploit Suspected PHP Injection Attack (bleeding-web.rules)
 2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code Attempt (bleeding-exploit.rules)
 2001810 - BLEEDING-EDGE EXPLOIT WEB PHP remote file include exploit attempt (bleeding-web.rules)
 2001954 - BLEEDING-EDGE EXPLOIT Meteor FTP Server Exploit (bleeding-exploit.rules)
 2002034 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP (bleeding-attack_response.rules)
 2002090 - BLEEDING-EDGE MALWARE IEHelp.net Spyware Installer (bleeding-malware.rules)
 2002096 - BLEEDING-EDGE MALWARE IEHelp.net Spyware checkin (bleeding-malware.rules)
 2002189 - BLEEDING-EDGE Current Events OSA4.GIF Detected Possible Trojan.Tooso Infection (bleeding.rules)
 2002700 - BLEEDING-EDGE WORM Netsky.P (variant 2) - SMTP outgoing (bleeding-virus.rules)
 2002788 - BLEEDING-EDGE VIRUS webstats.web.rcn.net count.cgi request without referrer (possible BlackWorm/Nyxem infection) (bleeding-virus.rules)
 2002789 - BLEEDING-EDGE VIRUS Agentless HTTP request to www.microsoft.com (possible BlackWorm/Nyxem infection) (bleeding-virus.rules)
 2002798 - BLEEDING-EDGE VIRUS Bagle.fj SMTP Outbound (bleeding-virus.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.245.138.0/24 (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.210.137.0/24 (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.64.96.0/20 (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic -  (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.245.138.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.210.137.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.64.96.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic -  BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2001590 - BLEEDING-EDGE Virus NetSky.C Worm - incoming (bleeding-virus.rules)
 2001602 - BLEEDING-EDGE Virus Netsky.Z Worm - incoming detected (bleeding-virus.rules)
 2002698 - BLEEDING-EDGE WORM Netsky.P (variant 2) - SMTP incoming  (bleeding-virus.rules)
 2002797 - BLEEDING-EDGE VIRUS Bagle.fj SMTP Inbound (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2002185 - BLEEDING-EDGE Possible MS05-039 PnP worm infection (bleeding.rules)
 2002190 - BLEEDING-EDGE Current Events Possible UPnP Infection - gc.exe download (bleeding.rules)
 2002717 - BLEEDING-EDGE CURRENT URL request for sites serving Sober control activity - Host header only (bleeding.rules)
 2002718 - BLEEDING-EDGE CURRENT URL request for sites serving Sober control activity - Suspected URL (bleeding.rules)
 2002733 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - All Ports - v3 (bleeding.rules)
 2002734 - BLEEDING-EDGE CURRENT WMF Exploit (bleeding.rules)
 2002741 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Web Only - version 3 (bleeding.rules)
 2002742 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Version 3 (bleeding.rules)
 2002743 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Web Only - all versions (bleeding.rules)
 2002757 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Web Only - version 1 (bleeding.rules)
 2002758 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - Version 1 (bleeding.rules)
 2002759 - BLEEDING-EDGE EXPLOIT WMF Escape Record Exploit - All Ports - v1 (bleeding.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 138.252.0.0/16 (bleeding-drop.rules)
 2400005 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 143.49.0.0/16 (bleeding-drop.rules)
 2400006 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 146.100.0.0/16 (bleeding-drop.rules)
 2400007 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 147.111.0.0/16 (bleeding-drop.rules)
 2400008 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 148.3.0.0/16 (bleeding-drop.rules)
 2400009 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 152.147.0.0/16 (bleeding-drop.rules)
 2400010 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 159.2.0.0/16 (bleeding-drop.rules)
 2400011 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 160.116.0.0/16 (bleeding-drop.rules)
 2400012 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 163.125.0.0/16 (bleeding-drop.rules)
 2400013 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 167.175.0.0/16 (bleeding-drop.rules)
 2400014 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 167.97.0.0/16 (bleeding-drop.rules)
 2400015 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 170.67.0.0/16 (bleeding-drop.rules)
 2400016 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 192.160.44.0/24 (bleeding-drop.rules)
 2400017 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 192.67.16.0/24 (bleeding-drop.rules)
 2400018 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 193.110.136.0/24 (bleeding-drop.rules)
 2400019 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 193.238.120.0/22 (bleeding-drop.rules)
 2400020 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 195.206.120.0/22 (bleeding-drop.rules)
 2400021 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 195.214.236.0/22 (bleeding-drop.rules)
 2400022 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 196.4.167.0/24 (bleeding-drop.rules)
 2400023 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 198.151.152.0/22 (bleeding-drop.rules)
 2400024 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 198.186.16.0/20 (bleeding-drop.rules)
 2400025 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 198.204.0.0/21 (bleeding-drop.rules)
 2400026 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.120.163.0/24 (bleeding-drop.rules)
 2400027 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.166.200.0/22 (bleeding-drop.rules)
 2400028 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.201.151.0/24 (bleeding-drop.rules)
 2400029 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.201.152.0/24 (bleeding-drop.rules)
 2400030 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.245.138.0/24 (bleeding-drop.rules)
 2400031 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.248.213.0/24 (bleeding-drop.rules)
 2400032 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.60.102.0/24 (bleeding-drop.rules)
 2400033 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 200.108.160.0/20 (bleeding-drop.rules)
 2400034 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 200.108.176.0/20 (bleeding-drop.rules)
 2400035 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 200.124.64.0/19 (bleeding-drop.rules)
 2400036 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 202.14.69.0/24 (bleeding-drop.rules)
 2400037 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.19.101.0/24 (bleeding-drop.rules)
 2400038 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.29.222.0/24 (bleeding-drop.rules)
 2400039 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.31.88.0/23 (bleeding-drop.rules)
 2400040 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.33.120.0/24 (bleeding-drop.rules)
 2400041 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.192.0/23 (bleeding-drop.rules)
 2400042 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.204.0/24 (bleeding-drop.rules)
 2400043 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.205.0/24 (bleeding-drop.rules)
 2400044 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.70.0/24 (bleeding-drop.rules)
 2400045 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.71.0/24 (bleeding-drop.rules)
 2400046 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.4.141.0/24 (bleeding-drop.rules)
 2400047 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.4.142.0/24 (bleeding-drop.rules)
 2400048 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.55.153.0/24 (bleeding-drop.rules)
 2400049 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.11.72.0/21 (bleeding-drop.rules)
 2400050 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.13.16.0/21 (bleeding-drop.rules)
 2400051 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.14.0.0/21 (bleeding-drop.rules)
 2400052 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.14.24.0/21 (bleeding-drop.rules)
 2400053 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.52.255.0/24 (bleeding-drop.rules)
 2400054 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.62.213.0/24 (bleeding-drop.rules)
 2400055 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.89.156.0/23 (bleeding-drop.rules)
 2400056 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.89.224.0/24 (bleeding-drop.rules)
 2400057 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.9.240.0/21 (bleeding-drop.rules)
 2400058 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.159.34.0/24 (bleeding-drop.rules)
 2400059 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.172.188.0/22 (bleeding-drop.rules)
 2400060 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.210.137.0/24 (bleeding-drop.rules)
 2400061 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.235.64.0/20 (bleeding-drop.rules)
 2400062 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.236.189.0/24 (bleeding-drop.rules)
 2400063 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.134.0/24 (bleeding-drop.rules)
 2400064 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.175.0/24 (bleeding-drop.rules)
 2400065 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.176.0/24 (bleeding-drop.rules)
 2400066 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.177.0/24 (bleeding-drop.rules)
 2400067 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.28.0/24 (bleeding-drop.rules)
 2400068 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.29.0/24 (bleeding-drop.rules)
 2400069 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.99.0/24 (bleeding-drop.rules)
 2400070 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.81.80.0/20 (bleeding-drop.rules)
 2400071 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 207.115.112.0/20 (bleeding-drop.rules)
 2400072 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 207.182.128.0/19 (bleeding-drop.rules)
 2400073 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 207.191.160.0/20 (bleeding-drop.rules)
 2400074 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 209.165.224.0/20 (bleeding-drop.rules)
 2400075 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 209.190.8.0/21 (bleeding-drop.rules)
 2400076 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 209.197.192.0/19 (bleeding-drop.rules)
 2400077 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 213.135.80.0/23 (bleeding-drop.rules)
 2400078 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.108.224.0/20 (bleeding-drop.rules)
 2400079 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.130.192.0/19 (bleeding-drop.rules)
 2400080 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.211.144.0/20 (bleeding-drop.rules)
 2400081 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.7.128.0/20 (bleeding-drop.rules)
 2400082 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 217.69.112.0/20 (bleeding-drop.rules)
 2400083 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 65.182.128.0/20 (bleeding-drop.rules)
 2400084 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 65.255.32.0/20 (bleeding-drop.rules)
 2400085 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.102.32.0/20 (bleeding-drop.rules)
 2400086 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.181.160.0/19 (bleeding-drop.rules)
 2400087 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.235.128.0/20 (bleeding-drop.rules)
 2400088 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.55.160.0/19 (bleeding-drop.rules)
 2400089 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.63.160.0/19 (bleeding-drop.rules)
 2400090 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.64.96.0/20 (bleeding-drop.rules)
 2400091 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 67.43.48.0/20 (bleeding-drop.rules)
 2400092 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.10.0.0/20 (bleeding-drop.rules)
 2400093 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.36.192.0/20 (bleeding-drop.rules)
 2400094 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.42.96.0/19 (bleeding-drop.rules)
 2400095 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.67.64.0/20 (bleeding-drop.rules)
 2400096 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.8.176.0/20 (bleeding-drop.rules)
 2400097 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.11.128.0/19 (bleeding-drop.rules)
 2400098 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.21.128.0/20 (bleeding-drop.rules)
 2400099 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.21.64.0/20 (bleeding-drop.rules)
 2400100 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.26.192.0/19 (bleeding-drop.rules)
 2400101 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.34.160.0/20 (bleeding-drop.rules)
 2400102 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 80.71.64.0/19 (bleeding-drop.rules)
 2400103 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 80.93.176.0/20 (bleeding-drop.rules)
 2400104 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 83.223.224.0/19 (bleeding-drop.rules)
 2400105 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 83.223.240.0/22 (bleeding-drop.rules)
 2400106 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 85.249.16.0/20 (bleeding-drop.rules)
 2400107 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 86.111.128.0/20 (bleeding-drop.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 138.252.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401005 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 143.49.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401006 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 146.100.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401007 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 147.111.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401008 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 148.3.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401009 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 152.147.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401010 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 159.2.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401011 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 160.116.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401012 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 163.125.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401013 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 167.175.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401014 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 167.97.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401015 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 170.67.0.0/16 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401016 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 192.160.44.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401017 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 192.67.16.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401018 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 193.110.136.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401019 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 193.238.120.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401020 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 195.206.120.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401021 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 195.214.236.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401022 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 196.4.167.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401023 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 198.151.152.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401024 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 198.186.16.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401025 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 198.204.0.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401026 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.120.163.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401027 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.166.200.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401028 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.201.151.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401029 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.201.152.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401030 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.245.138.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401031 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.248.213.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401032 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 199.60.102.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401033 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 200.108.160.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401034 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 200.108.176.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401035 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 200.124.64.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401036 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 202.14.69.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401037 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.19.101.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401038 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.29.222.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401039 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.31.88.0/23 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401040 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.33.120.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401041 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.192.0/23 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401042 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.204.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401043 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.205.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401044 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.70.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401045 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.34.71.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401046 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.4.141.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401047 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.4.142.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401048 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 203.55.153.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401049 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.11.72.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401050 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.13.16.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401051 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.14.0.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401052 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.14.24.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401053 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.52.255.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401054 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.62.213.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401055 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.89.156.0/23 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401056 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.89.224.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401057 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 204.9.240.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401058 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.159.34.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401059 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.172.188.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401060 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.210.137.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401061 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.235.64.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401062 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 205.236.189.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401063 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.134.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401064 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.175.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401065 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.176.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401066 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.177.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401067 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.28.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401068 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.29.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401069 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.197.99.0/24 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401070 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 206.81.80.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401071 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 207.115.112.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401072 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 207.182.128.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401073 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 207.191.160.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401074 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 209.165.224.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401075 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 209.190.8.0/21 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401076 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 209.197.192.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401077 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 213.135.80.0/23 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401078 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.108.224.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401079 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.130.192.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401080 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.211.144.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401081 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 216.7.128.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401082 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 217.69.112.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401083 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 65.182.128.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401084 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 65.255.32.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401085 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.102.32.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401086 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.181.160.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401087 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.235.128.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401088 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.55.160.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401089 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.63.160.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401090 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 66.64.96.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401091 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 67.43.48.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401092 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.10.0.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401093 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.36.192.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401094 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.42.96.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401095 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.67.64.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401096 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 69.8.176.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401097 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.11.128.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401098 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.21.128.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401099 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.21.64.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401100 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.26.192.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401101 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 72.34.160.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401102 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 80.71.64.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401103 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 80.93.176.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401104 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 83.223.224.0/19 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401105 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 83.223.240.0/22 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401106 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 85.249.16.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401107 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic - 86.111.128.0/20 BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402001 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 203.199.72.0/24 (bleeding-dshield.rules)
 2402002 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.149.192.0/24 (bleeding-dshield.rules)
 2402003 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.176.249.0/24 (bleeding-dshield.rules)
 2402004 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 66.111.255.0/24 (bleeding-dshield.rules)
 2402005 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 (bleeding-dshield.rules)
 2402006 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 (bleeding-dshield.rules)
 2402007 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.230.159.0/24 (bleeding-dshield.rules)
 2402008 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 198.162.17.0/24 (bleeding-dshield.rules)
 2402009 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.82.229.0/24 (bleeding-dshield.rules)
 2402010 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.11.0/24 (bleeding-dshield.rules)
 2402011 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.174.117.0/24 (bleeding-dshield.rules)
 2402012 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.161.0/24 (bleeding-dshield.rules)
 2402013 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.130.254.0/24 (bleeding-dshield.rules)
 2402014 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.152.0/24 (bleeding-dshield.rules)
 2402015 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 216.132.26.0/24 (bleeding-dshield.rules)
 2402016 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.97.181.0/24 (bleeding-dshield.rules)
 2402017 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 60.46.170.0/24 (bleeding-dshield.rules)
 2402018 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.31.79.0/24 (bleeding-dshield.rules)
 2402019 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.142.73.0/24 (bleeding-dshield.rules)
 2403001 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 203.199.72.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403002 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.149.192.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403003 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.176.249.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403004 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 66.111.255.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403005 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403006 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403007 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.230.159.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403008 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 198.162.17.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403009 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.82.229.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403010 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.11.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403011 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.174.117.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403012 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.161.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403013 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.130.254.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403014 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.152.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403015 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 216.132.26.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403016 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.97.181.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403017 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 60.46.170.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403018 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.31.79.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403019 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.142.73.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (9):
        #by mmlange
        # By Frank Knobbe, 2005-12-28. Additional work with Blake Harstein and Brandon Franklin.
        # flow_depth (of http_inspect_server) has to be set to 0. Recommend second Snort instance with that config.
        # Note that these rules will fail to detect the exploit when the HTTP response is gzipped.
        # There is also a possibility for evasion, but a version that catches it will incurr massive amount of FPs.
        # Choose between the All-Ports rules or the Web-Only rules. (All web rules have to be enabled)
        # All ports
        # Web Only
        # Thes rules have to be there for both

     -> Added to bleeding-sid-msg.map (4):
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119
        2002185 || BLEEDING-EDGE WORM Possible MS05-039 PnP worm infection || url,isc.sans.org/diary.php?date=2005-08-14
        2002190 || BLEEDING-EDGE WORM Possible UPnP Infection - gc.exe download
        2002799 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119

     -> Added to bleeding-virus.rules (2):
        # Created 2005/08/14 by Frank Knobbe in response to first information posted on ISC
        #matt Jonkman, from full-disclosure post. Unknown variant of upnp worm

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (5):
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt
        2002185 || BLEEDING-EDGE Possible MS05-039 PnP worm infection || url,isc.sans.org/diary.php?date=2005-08-14
        2002190 || BLEEDING-EDGE Current Events Possible UPnP Infection - gc.exe download
        2002717 || BLEEDING-EDGE CURRENT URL request for sites serving Sober control activity - Host header only || url,www.lurhq.com/soberdates.html || url,www.f-secure.com/weblog/archives/archive-122005.html#00000729
        2002718 || BLEEDING-EDGE CURRENT URL request for sites serving Sober control activity - Suspected URL || url,www.lurhq.com/soberdates.html || url,www.f-secure.com/weblog/archives/archive-122005.html#00000729

     -> Removed from bleeding.rules (11):
        # Created 2005/08/14 by Frank Knobbe in response to first information posted on ISC
        #matt Jonkman, from full-disclosure post. Unknown variant of upnp worm
        #by mmlange
        # By Frank Knobbe, 2005-12-28. Additional work with Blake Harstein and Brandon Franklin.
        # flow_depth (of http_inspect_server) has to be set to 0. Recommend second Snort instance with that config.
        # Note that these rules will fail to detect the exploit when the HTTP response is gzipped.
        # There is also a possibility for evasion, but a version that catches it will incurr massive amount of FPs.
        # Choose between the All-Ports rules or the Web-Only rules. (All web rules have to be enabled)
        # All ports
        # Web Only
        # Thes rules have to be there for both





More information about the Snort-sigs mailing list