[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jun 29 21:00:11 EDT 2006


[***] Results from Oinkmaster started Thu Jun 29 21:00:10 2006 [***]

[+++]          Added rules:          [+++]

 2002992 - BLEEDING-EDGE SCAN Rapid POP3 Connections - Possible Brute Force Attack (bleeding-scan.rules)
 2002993 - BLEEDING-EDGE SCAN Rapid POP3S Connections - Possible Brute Force Attack (bleeding-scan.rules)
 2002994 - BLEEDING-EDGE SCAN Rapid IMAP Connections - Possible Brute Force Attack (bleeding-scan.rules)
 2002995 - BLEEDING-EDGE SCAN Rapid IMAPS Connections - Possible Brute Force Attack (bleeding-scan.rules)
 2002996 - BLEEDING-EDGE WEB-PHP GeekLog Remote File Include Vulnerability (bleeding-web.rules)
 2002997 - BLEEDING-EDGE WEB PHP Remote File Inclusion (monster list) (bleeding-web.rules)
 2002998 - BLEEDING-EDGE SMTP HELO Non-Displayable Characters MailEnable Denial of Service (bleeding-dos.rules)


[///]     Modified active rules:     [///]

 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)


[---]  Disabled and modified rules:  [---]

 2001814 - BLEEDING-EDGE Spambot Proxy Control Channel (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-scan.rules (2):
        #Matt Jonkman
        # Looking for brute forcing of mail services

     -> Added to bleeding-sid-msg.map (8):
        2001814 || BLEEDING-EDGE Spambot Proxy Control Channel || url,isc.sans.org/diary.php?storyid=722
        2002992 || BLEEDING-EDGE SCAN Rapid POP3 Connections - Possible Brute Force Attack
        2002993 || BLEEDING-EDGE SCAN Rapid POP3S Connections - Possible Brute Force Attack
        2002994 || BLEEDING-EDGE SCAN Rapid IMAP Connections - Possible Brute Force Attack
        2002995 || BLEEDING-EDGE SCAN Rapid IMAPS Connections - Possible Brute Force Attack
        2002996 || BLEEDING-EDGE WEB-PHP GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
        2002997 || BLEEDING-EDGE WEB PHP Remote File Inclusion (monster list) || url,www.sans.org/top20/
        2002998 || BLEEDING-EDGE SMTP HELO Non-Displayable Characters MailEnable Denial of Service || bugtraq,18630 || cve,2006-3277

     -> Added to bleeding-web.rules (1):
        # Submitted 2006-06-29 by Frank Knobbe

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2001814 || BLEEDING-EDGE Spambot Proxy Control Channel





More information about the Snort-sigs mailing list