[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Jan 20 17:01:01 EST 2006


[***] Results from Oinkmaster started Fri Jan 20 20:00:11 2006 [***]

[///]     Modified active rules:     [///]

       1 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 211.41.232.0/24 (bleeding-dshield.rules)
       2 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 140.113.31.0/24 (bleeding-dshield.rules)
       3 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 85.105.48.0/24 (bleeding-dshield.rules)
       4 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 213.113.116.0/24 (bleeding-dshield.rules)
       5 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.109.0/24 (bleeding-dshield.rules)
       6 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.136.249.0/24 (bleeding-dshield.rules)
       7 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.84.0/24 (bleeding-dshield.rules)
       8 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.167.165.0/24 (bleeding-dshield.rules)
       9 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 60.46.165.0/24 (bleeding-dshield.rules)
      10 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 58.93.212.0/24 (bleeding-dshield.rules)
      11 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 193.217.215.0/24 (bleeding-dshield.rules)
      12 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 (bleeding-dshield.rules)
      13 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 210.240.180.0/24 (bleeding-dshield.rules)
      14 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 66.218.139.0/24 (bleeding-dshield.rules)
      15 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 84.204.35.0/24 (bleeding-dshield.rules)
      16 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 204.16.208.0/24 (bleeding-dshield.rules)
      17 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 (bleeding-dshield.rules)
      18 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 (bleeding-dshield.rules)
      19 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.167.29.0/24 (bleeding-dshield.rules)
 2001609 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 (bleeding-scan.rules)
 2001610 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 (bleeding-scan.rules)
 2001611 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 (bleeding-scan.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dshield-BLOCK.rules (1):
        alert tcp 193.74.151.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 193.74.151.0/24 BLOCKING"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:20; fwsam: src, 72 hours;)

     -> Added to bleeding-dshield.rules (1):
        alert tcp 193.74.151.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 193.74.151.0/24"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:20;)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dshield-BLOCK.rules (1):
        alert tcp 137.165.18.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 137.165.18.0/24 BLOCKING"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:18; fwsam: src, 72 hours;)

     -> Removed from bleeding-dshield.rules (1):
        alert tcp 137.165.18.0/24 any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source IP - 137.165.18.0/24"; flow:established; reference:url,www.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; sid:; rev:18;)





More information about the Snort-sigs mailing list