[Snort-sigs] Snort Community Rules Update

Alex Kirk alex.kirk at ...435...
Mon Mar 5 11:10:10 EST 2007

This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000923-100000927. These rules cover certain UDP floods generated by a specific script; password reconnaissance attacks against the ADP Forum and EasyNews PRO systems; Google searches with SafeSearch disabled, which may be a policy violation; and a type of phishing attempt that uses the Microsoft Messenger service.

Sourcefire would like to thank Dan Protich of Sago Networks for submitting SIDs 100000923 and 100000927.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000923 || COMMUNITY DOS Single-Byte UDP Flood
100000924 || COMMUNITY POLICY Google SafeSearch off
100000925 || COMMUNITY-WEB-PHP ADP Forum Attempted Password Recon
100000926 || COMMUNITY-WEB-PHP EasyNews PRO News Attempted Password Recon
100000927 || COMMUNITY MISC Microsoft Messenger phishing attempt - corrupted registry

More information about the Snort-sigs mailing list