[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Sat Nov 10 15:00:13 EST 2007


[***] Results from Oinkmaster started Sat Nov 10 20:00:13 2007 [***]

[+++]          Added rules:          [+++]

 2007672 - BLEEDING-EDGE TROJAN B0tN3t IRCbotnet (bleeding-virus.rules)
 2007673 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (1) (bleeding.rules)
 2007674 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (2) (bleeding.rules)
 2007675 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (3) (bleeding.rules)
 2007676 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (4) (bleeding.rules)
 2007677 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (5) (bleeding.rules)
 2007678 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (1) (bleeding.rules)
 2007679 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (2) (bleeding.rules)
 2007680 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (3) (bleeding.rules)
 2007681 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (4) (bleeding.rules)
 2007682 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (5) (bleeding.rules)
 2007683 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 1 (bleeding.rules)
 2007684 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 2 (bleeding.rules)
 2007685 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 3 (bleeding.rules)
 2007686 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND (bleeding.rules)
 2007687 - BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (132):
        2007672 || BLEEDING-EDGE TROJAN B0tN3t IRCbotnet || url,en.wikipedia.org/wiki/Botnet
        2007673 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (1) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007674 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (2) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007675 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (3) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007676 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (4) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007677 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (5) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007678 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (1) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007679 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (2) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007680 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (3) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007681 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (4) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007682 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (5) || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007683 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 1 || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007684 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 2 || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007685 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 3 || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007686 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2007687 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND || url,doc.bleedingthreats.net/bin/view/Main/EJihadHackTool
        2500469 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (470) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500470 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (471) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500471 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (472) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500472 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (473) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500473 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (474) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500474 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (475) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500475 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (476) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500476 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (477) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500477 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (478) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500478 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (479) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500479 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (480) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500480 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (481) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500481 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (482) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500482 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (483) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500483 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (484) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500484 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (485) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500485 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (486) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500486 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (487) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500487 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (488) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500488 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (489) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500489 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (490) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500490 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (491) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500491 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (492) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500492 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (493) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500493 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (494) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500494 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (495) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500495 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (496) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500496 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (497) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500497 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (498) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500498 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (499) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500499 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (500) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500500 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (501) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500501 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (502) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500502 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (503) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500503 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (504) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500504 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (505) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500505 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (506) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500506 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (507) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500507 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (508) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500508 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (509) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500509 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (510) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500510 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (511) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (512) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500512 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (513) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500513 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (514) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500514 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (515) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500515 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (516) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500516 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (517) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500517 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (518) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500518 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (519) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500519 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (520) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500520 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (521) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500521 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (522) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500522 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (523) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500523 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (524) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500524 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (525) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500525 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (526) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500526 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (527) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510469 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (470) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510470 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (471) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510471 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (472) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510472 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (473) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510473 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (474) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510474 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (475) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510475 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (476) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510476 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (477) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510477 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (478) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510478 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (479) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510479 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (480) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510480 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (481) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510481 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (482) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510482 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (483) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510483 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (484) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510484 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (485) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510485 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (486) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510486 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (487) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510487 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (488) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510488 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (489) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510489 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (490) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510490 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (491) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510491 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (492) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510492 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (493) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510493 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (494) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510494 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (495) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510495 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (496) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510496 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (497) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510497 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (498) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510498 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (499) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510499 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (500) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510500 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (501) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510501 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (502) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510502 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (503) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510503 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (504) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510504 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (505) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510505 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (506) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510506 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (507) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510507 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (508) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510508 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (509) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510509 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (510) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (511) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (512) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510512 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (513) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510513 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (514) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510514 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (515) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510515 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (516) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510516 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (517) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510517 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (518) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510518 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (519) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510519 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (520) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510520 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (521) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510521 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (522) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510522 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (523) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510523 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (524) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510524 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (525) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510525 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (526) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510526 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (527) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (7):
        # [8:03am dominic] telnet 59.124.158.12 65500
        # Trying 59.124.158.12...
        # Connected to 59-124-158-12.HINET-IP.hinet.net (59.124.158.12).
        # Escape character is '^]'.
        # :irc.Indonesia.B0tN3t.org NOTICE AUTH :*** Looking up your hostname...
        # :irc.Indonesia.B0tN3t.org NOTICE AUTH :*** Found your hostname
        # Reg Quinton <reggers at ...3324...>; 9-Nov-2007

     -> Added to bleeding.rules (6):
        #By Don Jackson of SecureWorks
        # Crafted for the lowest common denominator; should work in most 1.x and later engines, PCRE used for C&C traffic.
        # Mostly for spotting it's use on your network.  Only one DDoS rule. Be careful of the number/rate of alerts; these do not use thresholding.
        # DNS left in hex to avoid advertising the domains to the bad guys via google
        #these first few are for specific domains, to be removed in the not too distant future
        #these are more permanent, C&C related





More information about the Snort-sigs mailing list