[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Mar 2 17:01:16 EST 2006


[***] Results from Oinkmaster started Thu Mar  2 20:00:14 2006 [***]

[+++]          Added rules:          [+++]

 2002842 - BLEEDING-EDGE SCAN MYSQL 4.1 brute force root login attempt (bleeding-scan.rules)
 2002843 - BLEEDING-EDGE DOS Microsoft Streaming Server Timing test data request (Potential) (bleeding-dos.rules)
 2002844 - BLEEDING-EDGE WEB WebDAV search overflow (bleeding-web.rules)
 2002845 - BLEEDING-EDGE EXPLOIT Hello Overflow Attempt (bleeding-exploit.rules)
 2002846 - BLEEDING-EDGE WEB Minishare GET Overflow (bleeding-web.rules)
 2002847 - BLEEDING-EDGE WEB WebAdmin User Overflow (bleeding-web.rules)
 2002848 - BLEEDING-EDGE EXPLOIT SIP UDP Softphone INVITE overflow (bleeding-exploit.rules)
 2002849 - BLEEDING-EDGE WEB-MISC Google Appliance External Proxy Stylesheet (bleeding-web.rules)
 2002850 - BLEEDING-EDGE FTP USER login flowbit (bleeding-exploit.rules)
 2002851 - BLEEDING-EDGE FTP HP-UX LIST command without login (bleeding-exploit.rules)
 2002852 - BLEEDING-EDGE EXPLOIT HP-UX Printer LPD Command Insertion (bleeding-exploit.rules)
 2002853 - BLEEDING-EDGE DOS FreeBSD NFS RPC Kernel Panic (bleeding-dos.rules)


[///]     Modified active rules:     [///]

 2001906 - BLEEDING-EDGE SCAN MYSQL 4.0 brute force root login attempt (bleeding-scan.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002832 - BLEEDING-EDGE POLICY Yahoo Crawler User Agent (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (2):
        #by Blake Hartstein of Demarc
        #by Blake Hartstein of Demarc

     -> Added to bleeding-exploit.rules (3):
        #by Blake Hartstein of Demarc
        #by Blake Hartstein of Demarc
        #by Blake Hartstein of Demarc

     -> Added to bleeding-scan.rules (2):
        #By Jeff Kell, tweaks by Dale Handy
        #Dale Handy

     -> Added to bleeding-sid-msg.map (13):
        2001906 || BLEEDING-EDGE SCAN MYSQL 4.0 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-323.html
        2002842 || BLEEDING-EDGE SCAN MYSQL 4.1 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-Protocol.html
        2002843 || BLEEDING-EDGE DOS Microsoft Streaming Server Timing test data request (Potential) || url,www.microsoft.com/technet/security/bulletin/ms00-038.mspx || bugtraq,1282
        2002844 || BLEEDING-EDGE WEB WebDAV search overflow || cve,2003-0109
        2002845 || BLEEDING-EDGE EXPLOIT Hello Overflow Attempt || bugtraq,5411 || cve,2002-1123
        2002846 || BLEEDING-EDGE WEB Minishare GET Overflow || bugtraq,11620 || cve,2004-2271
        2002847 || BLEEDING-EDGE WEB WebAdmin User Overflow || cve,2003-471
        2002848 || BLEEDING-EDGE EXPLOIT SIP UDP Softphone INVITE overflow || cve,2006-0189 || bugtraq,16213
        2002849 || BLEEDING-EDGE WEB-MISC Google Appliance External Proxy Stylesheet || cve,2005-3758 || bugtraq,15509
        2002850 || BLEEDING-EDGE FTP USER login flowbit
        2002851 || BLEEDING-EDGE FTP HP-UX LIST command without login || bugtraq,15138 || cve,2005-3296
        2002852 || BLEEDING-EDGE EXPLOIT HP-UX Printer LPD Command Insertion || bugtraq,15136 || cve,2005-3277
        2002853 || BLEEDING-EDGE DOS FreeBSD NFS RPC Kernel Panic || bugtraq,19017 || cve,2006-0900

     -> Added to bleeding-web.rules (4):
        #by Blake Hartstein of Demarc
        #by Blake Hartstein of Demarc
        #by Blake Hartstein of Demarc
        #by Blake Hartstein of Demarc

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-scan.rules (1):
        #By Jeff Kell

     -> Removed from bleeding-sid-msg.map (1):
        2001906 || BLEEDING-EDGE SCAN MYSQL 4.0 brute force root login attempt





More information about the Snort-sigs mailing list