[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sun Feb 26 17:01:02 EST 2006


[***] Results from Oinkmaster started Sun Feb 26 20:00:09 2006 [***]

[+++]          Added rules:          [+++]

 2002822 - BLEEDING-EDGE POLICY Wget User Agent (bleeding-policy.rules)
 2002823 - BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Wget (bleeding-policy.rules)
 2002824 - BLEEDING-EDGE POLICY CURL User Agent (bleeding-policy.rules)
 2002825 - BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Curl (bleeding-policy.rules)
 2002826 - BLEEDING-EDGE POLICY fetch User Agent (bleeding-policy.rules)
 2002827 - BLEEDING-EDGE POLICY POSSIBLE Crawl using Fetch (bleeding-policy.rules)
 2002828 - BLEEDING-EDGE POLICY googlebot User Agent (bleeding-policy.rules)
 2002829 - BLEEDING-EDGE POLICY Googlebot Crawl (bleeding-policy.rules)
 2002830 - BLEEDING-EDGE POLICY msnbot User Agent (bleeding-policy.rules)
 2002831 - BLEEDING-EDGE POLICY Msnbot Crawl (bleeding-policy.rules)
 2002832 - BLEEDING-EDGE POLICY Yahoo Crawler User Agent (bleeding-policy.rules)
 2002833 - BLEEDING-EDGE POLICY Yahoo Crawler Crawl (bleeding-policy.rules)
 2002835 - BLEEDING-EDGE SCAN FTP Brute Force Attempts (bleeding-scan.rules)


[///]     Modified active rules:     [///]

 2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code Attempt (bleeding-exploit.rules)
 2002799 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt (bleeding-exploit.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #By Shirkdog, tweaks by Dale Handy

     -> Added to bleeding-policy.rules (3):
        #by Jacob Kitchel of infotex
        #These are of particular use in detecting recon for phishing, etc.
        #These aren't security issues necessarily, but you may be interested in seeing how often these crawlers hit you

     -> Added to bleeding-scan.rules (1):
        #Matt jonkman. Adapted from snort.org 491

     -> Added to bleeding-sid-msg.map (15):
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119 || cve,2004-0848
        2002799 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119 || cve,2004-0848
        2002822 || BLEEDING-EDGE POLICY Wget User Agent || url,www.gnu.org/software/wget
        2002823 || BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Wget || url,www.gnu.org/software/wget/
        2002824 || BLEEDING-EDGE POLICY CURL User Agent || url,curl.haxx.se
        2002825 || BLEEDING-EDGE POLICY POSSIBLE Web Crawl using Curl || url,curl.haxx.se
        2002826 || BLEEDING-EDGE POLICY fetch User Agent || url,gobsd.com/code/freebsd/lib/libfetch
        2002827 || BLEEDING-EDGE POLICY POSSIBLE Crawl using Fetch || url,gobsd.com/code/freebsd/lib/libfetch
        2002828 || BLEEDING-EDGE POLICY googlebot User Agent || url,www.google.com/webmasters/bot.html
        2002829 || BLEEDING-EDGE POLICY Googlebot Crawl || url,www.google.com/webmasters/bot.html
        2002830 || BLEEDING-EDGE POLICY msnbot User Agent || url,search.msn.com/msnbot.htm
        2002831 || BLEEDING-EDGE POLICY Msnbot Crawl || url,search.msn.com/msnbot.htm
        2002832 || BLEEDING-EDGE POLICY Yahoo Crawler User Agent || url,mms-mmcrawler-support at ...3204...
        2002833 || BLEEDING-EDGE POLICY Yahoo Crawler Crawl || url,mms-mmcrawler-support at ...3204...
        2002835 || BLEEDING-EDGE SCAN FTP Brute Force Attempts

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-exploit.rules (1):
        #By Shirkdog

     -> Removed from bleeding-sid-msg.map (2):
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .doc Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119
        2002799 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119





More information about the Snort-sigs mailing list