[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Jan 17 17:01:05 EST 2006


[***] Results from Oinkmaster started Tue Jan 17 20:00:09 2006 [***]

[+++]          Added rules:          [+++]

 2002777 - BLEEDING-EDGE WEB Light Weight Calendar 'date' Arbitrary Remote Code Execution (bleeding-web.rules)


[///]     Modified active rules:     [///]

       1 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.195.41.0/24 (bleeding-dshield.rules)
       2 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 (bleeding-dshield.rules)
       3 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.195.0/24 (bleeding-dshield.rules)
       4 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.84.0/24 (bleeding-dshield.rules)
       5 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 83.96.200.0/24 (bleeding-dshield.rules)
       6 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 200.40.169.0/24 (bleeding-dshield.rules)
       7 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 67.153.2.0/24 (bleeding-dshield.rules)
       8 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 217.177.187.0/24 (bleeding-dshield.rules)
       9 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 (bleeding-dshield.rules)
      10 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 (bleeding-dshield.rules)
      11 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.153.14.0/24 (bleeding-dshield.rules)
      12 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.11.0/24 (bleeding-dshield.rules)
      13 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 195.90.142.0/24 (bleeding-dshield.rules)
      14 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 209.8.239.0/24 (bleeding-dshield.rules)
      15 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.183.45.0/24 (bleeding-dshield.rules)
      16 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.148.70.0/24 (bleeding-dshield.rules)
      17 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 210.60.85.0/24 (bleeding-dshield.rules)
      18 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.153.207.0/24 (bleeding-dshield.rules)
      19 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.99.159.0/24 (bleeding-dshield.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dshield-BLOCK.rules (1):
        alert tcp 69.182.47.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 69.182.47.0/24 BLOCKING"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:17; fwsam: src, 72 hours;)

     -> Added to bleeding-dshield.rules (1):
        alert tcp 69.182.47.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 69.182.47.0/24"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:17;)

     -> Added to bleeding-sid-msg.map (1):
        2002777 || BLEEDING-EDGE WEB Light Weight Calendar 'date' Arbitrary Remote Code Execution

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dshield-BLOCK.rules (1):
        alert tcp 207.126.122.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 207.126.122.0/24 BLOCKING"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:15; fwsam: src, 72 hours;)

     -> Removed from bleeding-dshield.rules (1):
        alert tcp 207.126.122.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 207.126.122.0/24"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:15;)





More information about the Snort-sigs mailing list