[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Jan 25 17:01:01 EST 2006


[***] Results from Oinkmaster started Wed Jan 25 20:00:17 2006 [***]

[+++]          Added rules:          [+++]

 2002792 - BLEEDING-EDGE TROJAN Win32.Agent Reporting User Activity (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2002790 - BLEEDING-EDGE TROJAN Haxdoor Reporting User Activity (bleeding-virus.rules)
 2002791 - BLEEDING-EDGE WEB MISC Computer Associates Negative Content-Length Buffer Overflow (bleeding-exploit.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 (bleeding-dshield.rules)
 2402001 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.84.0/24 (bleeding-dshield.rules)
 2402002 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 66.199.248.0/24 (bleeding-dshield.rules)
 2402003 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.12.197.0/24 (bleeding-dshield.rules)
 2402004 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 64.88.60.0/24 (bleeding-dshield.rules)
 2402005 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.183.80.0/24 (bleeding-dshield.rules)
 2402006 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 (bleeding-dshield.rules)
 2402007 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 (bleeding-dshield.rules)
 2402008 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.185.36.0/24 (bleeding-dshield.rules)
 2402009 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 168.143.160.0/24 (bleeding-dshield.rules)
 2402010 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.130.114.0/24 (bleeding-dshield.rules)
 2402011 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.161.0/24 (bleeding-dshield.rules)
 2402012 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.152.0/24 (bleeding-dshield.rules)
 2402013 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.11.0/24 (bleeding-dshield.rules)
 2402014 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 62.68.180.0/24 (bleeding-dshield.rules)
 2402015 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 64.182.90.0/24 (bleeding-dshield.rules)
 2402016 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 213.125.164.0/24 (bleeding-dshield.rules)
 2402017 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 162.39.174.0/24 (bleeding-dshield.rules)
 2402018 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 134.187.160.0/24 (bleeding-dshield.rules)
 2402019 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.139.44.0/24 (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403001 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.84.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403002 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 66.199.248.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403003 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.12.197.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403004 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 64.88.60.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403005 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.183.80.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403006 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403007 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403008 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.185.36.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403009 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 168.143.160.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403010 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.130.114.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403011 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.161.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403012 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.152.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403013 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.11.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403014 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 62.68.180.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403015 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 64.182.90.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403016 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 213.125.164.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403017 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 162.39.174.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403018 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 134.187.160.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)
 2403019 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.139.44.0/24 BLOCKING (bleeding-dshield-BLOCK.rules)


[---]         Removed rules:         [---]

 2002744 - BLEEDING-EDGE POLICY HTTP-Response - Missing Server header (bleeding-policy.rules)
 2002745 - BLEEDING-EDGE POLICY HTTP-Response - gzip encoding (bleeding-policy.rules)
 2002746 - BLEEDING-EDGE POLICY HTTP-Response - gzip encoding and Server header missing (bleeding-policy.rules)
 2002748 - BLEEDING-EDGE POLICY HTTP-Response - Missing Content-Type header (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (3):
        2002790 || BLEEDING-EDGE TROJAN Haxdoor Reporting User Activity || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.DI
        2002791 || BLEEDING-EDGE WEB MISC Computer Associates Negative Content-Length Buffer Overflow || cve,2005-3653 || bugtraq,16354
        2002792 || BLEEDING-EDGE TROJAN Win32.Agent Reporting User Activity

     -> Added to bleeding-virus.rules (3):
        #By Tom Fischer
        #Submitted 2006-01-17 by Mark Tombaugh
        #by Joe Stewart at LURHQ, tweaks by Matt Jonkman

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-policy.rules (1):
        # These rules should alert on funky HTTP Server responses.

     -> Removed from bleeding-sid-msg.map (6):
        2002744 || BLEEDING-EDGE POLICY HTTP-Response - Missing Server header
        2002745 || BLEEDING-EDGE POLICY HTTP-Response - gzip encoding
        2002746 || BLEEDING-EDGE POLICY HTTP-Response - gzip encoding and Server header missing
        2002748 || BLEEDING-EDGE POLICY HTTP-Response - Missing Content-Type header
        2002790 || BLEEDING-EDGE TROJAN Haxdoor Reporting User Activity
        2002791 || WEB MISC Computer Associates Negative Content-Length Buffer Overflow || cve,2005-3653 || bugtraq,16354

     -> Removed from bleeding-virus.rules (1):
        #Submitted 2006-01-17 by Mark Tombaugh the worm man





More information about the Snort-sigs mailing list