[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Thu Oct 25 16:00:18 EDT 2007


[***] Results from Oinkmaster started Thu Oct 25 20:00:18 2007 [***]

[///]     Modified active rules:     [///]

 2002383 - BLEEDING-EDGE SCAN Potential FTP Brute-Force attempt (bleeding-scan.rules)
 2007567 - BLEEDING-EDGE VIRUS Zlob User Agent - updating (unknown) (bleeding-virus.rules)


[---]         Disabled rules:        [---]

 2007636 - BLEEDING-EDGE TROJAN Storm Worm Encrypted Traffic Inbound - Likely Search by md5 (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (52):
        2501127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2501152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (1153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2511152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (1):
        #Significant reports of falses on skype traffic. Disabling for now





More information about the Snort-sigs mailing list