[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Thu Jan 17 17:00:08 EST 2008


[***] Results from Oinkmaster started Thu Jan 17 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007762 - BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent Inbound (MJ12bot) (bleeding-policy.rules)
 2007763 - BLEEDING-EDGE POLICY CBS Streaming Video (bleeding-policy.rules)
 2007764 - BLEEDING-EDGE POLICY NBC Streaming Video (bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2406000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets (bleeding-rbn.rules)
 2406001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts (bleeding-rbn.rules)
 2406002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets (bleeding-rbn.rules)
 2406003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs (bleeding-rbn.rules)
 2406004 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets (bleeding-rbn.rules)
 2406005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (1) (bleeding-rbn.rules)
 2406006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (2) (bleeding-rbn.rules)
 2406007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (3) (bleeding-rbn.rules)
 2406008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (4) (bleeding-rbn.rules)
 2407000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407004 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets (bleeding-rbn-BLOCK.rules)
 2407005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (1) (bleeding-rbn-BLOCK.rules)
 2407006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (2) (bleeding-rbn-BLOCK.rules)
 2407007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (3) (bleeding-rbn-BLOCK.rules)
 2407008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (4) (bleeding-rbn-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #by cunningpike

     -> Added to bleeding-rbn-BLOCK.rules (7):
        # $Id: bleeding-rbn-BLOCK.rules $
        # Emerging Threats RBN rules.
        # More information available at doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 26
        #  Updated 2008-01-16 09:06:08

     -> Added to bleeding-rbn.rules (7):
        # $Id: bleeding-rbn.rules $
        # Emerging Threats RBN rules.
        # More information available at doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 26
        #  Updated 2008-01-16 09:06:08

     -> Added to bleeding-sid-msg.map (13):
        2007762 || BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent Inbound (MJ12bot) || url,www.majestic12.co.uk/
        2007763 || BLEEDING-EDGE POLICY CBS Streaming Video
        2007764 || BLEEDING-EDGE POLICY NBC Streaming Video
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-rbn-BLOCK.rules (5):
        # More information available at doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Removed from bleeding-rbn.rules (5):
        # More information available at doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Removed from bleeding-sid-msg.map (10):
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork

[+] Added files (consider updating your snort.conf to include them if needed): [+]

    -> bleeding-sid-msg.map.txt





More information about the Snort-sigs mailing list