[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Jan 18 17:01:02 EST 2006


[***] Results from Oinkmaster started Wed Jan 18 20:00:13 2006 [***]

[+++]          Added rules:          [+++]

 2002778 - BLEEDING-EDGE VIRUS W32.Nyxem-D SMTP outbound (bleeding-virus.rules)
 2002779 - BLEEDING-EDGE VIRUS W32.Nyxem-D SMTP inbound (bleeding-virus.rules)
 2002780 - BLEEDING-EDGE TROJAN Goldun Reporting User Activity 2 (bleeding-virus.rules)


[///]     Modified active rules:     [///]

       1 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.84.0/24 (bleeding-dshield.rules)
       2 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 84.73.223.0/24 (bleeding-dshield.rules)
       3 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 (bleeding-dshield.rules)
       4 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 162.39.156.0/24 (bleeding-dshield.rules)
       5 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 (bleeding-dshield.rules)
       6 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.161.102.0/24 (bleeding-dshield.rules)
       7 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.11.0/24 (bleeding-dshield.rules)
       8 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 217.132.253.0/24 (bleeding-dshield.rules)
       9 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 81.245.172.0/24 (bleeding-dshield.rules)
      10 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 66.159.86.0/24 (bleeding-dshield.rules)
      11 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 194.109.64.0/24 (bleeding-dshield.rules)
      12 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.153.14.0/24 (bleeding-dshield.rules)
      13 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 125.192.97.0/24 (bleeding-dshield.rules)
      14 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 211.209.112.0/24 (bleeding-dshield.rules)
      15 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 (bleeding-dshield.rules)
      16 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 72.13.229.0/24 (bleeding-dshield.rules)
      17 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.1.204.0/24 (bleeding-dshield.rules)
      18 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.175.218.0/24 (bleeding-dshield.rules)
      19 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.147.253.0/24 (bleeding-dshield.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dshield-BLOCK.rules (1):
        alert tcp 137.165.18.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 137.165.18.0/24 BLOCKING"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:18; fwsam: src, 72 hours;)

     -> Added to bleeding-dshield.rules (1):
        alert tcp 137.165.18.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 137.165.18.0/24"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:18;)

     -> Added to bleeding-sid-msg.map (3):
        2002778 || BLEEDING-EDGE VIRUS W32.Nyxem-D SMTP outbound || url,www.sophos.com/virusinfo/analyses/w32nyxemd.html
        2002779 || BLEEDING-EDGE VIRUS W32.Nyxem-D SMTP inbound || url,www.sophos.com/virusinfo/analyses/w32nyxemd.html
        2002780 || BLEEDING-EDGE TROJAN Goldun Reporting User Activity 2 || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html

     -> Added to bleeding-virus.rules (2):
        #	Nyxem-D
        #Submitted 2006-01-17 by Mark Tombaugh the worm man

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dshield-BLOCK.rules (1):
        alert tcp 69.182.47.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 69.182.47.0/24 BLOCKING"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:17; fwsam: src, 72 hours;)

     -> Removed from bleeding-dshield.rules (1):
        alert tcp 69.182.47.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 69.182.47.0/24"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:17;)





More information about the Snort-sigs mailing list