|
|
|
Choosing A Webhost: |
Bleeding Edge Threats Daily Signature Changes: msg#00140security.ids.snort.bleedingsnort
[***] Results from Oinkmaster started Mon Jan 22 20:00:08 2007 [***] [+++] Added rules: [+++] 2003298 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules) 2003299 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Seek Traffic Outbound (bleeding-virus.rules) 2003300 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Reply Traffic Inbound (bleeding-virus.rules) 2003301 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Data Traffic Inbound (bleeding-virus.rules) 2003302 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection (bleeding-virus.rules) 2003303 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) (bleeding-policy.rules) 2003304 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin (bleeding-malware.rules) 2003305 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) (bleeding-malware.rules) 2003306 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) (bleeding-malware.rules) 2003307 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL (bleeding-malware.rules) 2003308 - BLEEDING-EDGE P2P Edonkey IP Request (bleeding-p2p.rules) 2003309 - BLEEDING-EDGE P2P Edonkey IP Reply (bleeding-p2p.rules) 2003310 - BLEEDING-EDGE P2P Edonkey Publicize File (bleeding-p2p.rules) 2003311 - BLEEDING-EDGE P2P Edonkey Publicize File ACK (bleeding-p2p.rules) 2003312 - BLEEDING-EDGE P2P Edonkey Connect Request (bleeding-p2p.rules) 2003313 - BLEEDING-EDGE P2P Edonkey Connect Reply and Server List (bleeding-p2p.rules) 2003314 - BLEEDING-EDGE P2P Edonkey Search Request (by file hash) (bleeding-p2p.rules) 2003315 - BLEEDING-EDGE P2P Edonkey Search Reply (bleeding-p2p.rules) 2003316 - BLEEDING-EDGE P2P Edonkey IP Query End (bleeding-p2p.rules) 2003317 - BLEEDING-EDGE P2P Edonkey Search Request (any type file) (bleeding-p2p.rules) 2003318 - BLEEDING-EDGE P2P Edonkey Get Sources Request (by hash) (bleeding-p2p.rules) 2003319 - BLEEDING-EDGE P2P Edonkey Search Request (search by name) (bleeding-p2p.rules) 2003320 - BLEEDING-EDGE P2P Edonkey Search Results (bleeding-p2p.rules) 2003321 - BLEEDING-EDGE P2P Edonkey Server Message (bleeding-p2p.rules) 2003322 - BLEEDING-EDGE P2P Edonkey Server List (bleeding-p2p.rules) 2003323 - BLEEDING-EDGE P2P Edonkey Client to Server Hello (bleeding-p2p.rules) 2003324 - BLEEDING-EDGE P2P Edonkey Server Status (bleeding-p2p.rules) [///] Modified active rules: [///] 2000335 - BLEEDING-EDGE P2P Overnet (Edonkey) Server Announce (bleeding-p2p.rules) 2001298 - BLEEDING-EDGE P2P eDonkey Server Status Request (bleeding-p2p.rules) 2001299 - BLEEDING-EDGE P2P eDonkey Server Status (bleeding-p2p.rules) 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules) 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules) 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules) 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules) 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules) 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules) 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules) 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules) 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) [---] Disabled rules: [---] 2000330 - BLEEDING-EDGE P2P ed2k connection to server (bleeding-p2p.rules) [---] Removed rules: [---] 2000331 - BLEEDING-EDGE P2P ed2k file search (bleeding-p2p.rules) 2001300 - BLEEDING-EDGE P2P eDonkey Hello Request (bleeding-p2p.rules) 2001305 - BLEEDING-EDGE P2P eDonkey Search (bleeding-p2p.rules) 2003928 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules) 2003929 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection (bleeding-virus.rules) 2003930 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) (bleeding-policy.rules) 2003931 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin (bleeding-malware.rules) 2003932 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) (bleeding-malware.rules) 2003933 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) (bleeding-malware.rules) 2003934 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL (bleeding-malware.rules) [+++] Added non-rule lines: [+++] -> Added to bleeding-drop-BLOCK.rules (1): # VERSION 63 -> Added to bleeding-drop.rules (1): # VERSION 63 -> Added to bleeding-p2p.rules (1): #Matt Jonkman -> Added to bleeding-sid-msg.map (28): 2000335 || BLEEDING-EDGE P2P Overnet (Edonkey) Server Announce || url,www.overnet.com 2003298 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net 2003299 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Seek Traffic Outbound 2003300 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Reply Traffic Inbound 2003301 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Data Traffic Inbound 2003302 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection 2003303 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 2003304 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 2003305 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 2003306 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html 2003307 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL 2003308 || BLEEDING-EDGE P2P Edonkey IP Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003309 || BLEEDING-EDGE P2P Edonkey IP Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003310 || BLEEDING-EDGE P2P Edonkey Publicize File || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003311 || BLEEDING-EDGE P2P Edonkey Publicize File ACK || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003312 || BLEEDING-EDGE P2P Edonkey Connect Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003313 || BLEEDING-EDGE P2P Edonkey Connect Reply and Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003314 || BLEEDING-EDGE P2P Edonkey Search Request (by file hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003315 || BLEEDING-EDGE P2P Edonkey Search Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003316 || BLEEDING-EDGE P2P Edonkey IP Query End || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003317 || BLEEDING-EDGE P2P Edonkey Search Request (any type file) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003318 || BLEEDING-EDGE P2P Edonkey Get Sources Request (by hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003319 || BLEEDING-EDGE P2P Edonkey Search Request (search by name) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003320 || BLEEDING-EDGE P2P Edonkey Search Results || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003321 || BLEEDING-EDGE P2P Edonkey Server Message || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003322 || BLEEDING-EDGE P2P Edonkey Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003323 || BLEEDING-EDGE P2P Edonkey Client to Server Hello || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003324 || BLEEDING-EDGE P2P Edonkey Server Status || url,www.giac.org/certified_professionals/practicals/gcih/0446.php -> Added to bleeding-virus.rules (1): #Commenting these out. This is edonkey protocol. Altering the wexisting edonkey rules to be inclusive [---] Removed non-rule lines: [---] -> Removed from bleeding-drop-BLOCK.rules (1): # VERSION 61 -> Removed from bleeding-drop.rules (1): # VERSION 61 -> Removed from bleeding-sid-msg.map (11): 2000331 || BLEEDING-EDGE P2P ed2k file search || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf 2000335 || BLEEDING-EDGE P2P Overnet Server Announce || url,www.overnet.com 2001300 || BLEEDING-EDGE P2P eDonkey Hello Request || url,www.edonkey.com 2001305 || BLEEDING-EDGE P2P eDonkey Search || url,www.edonkey.com 2003928 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net 2003929 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection 2003930 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 2003931 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 2003932 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 2003933 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html 2003934 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Edonkey Sigs, Matt Jonkman |
|---|---|
| Next by Date: | Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Previous by Thread: | Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Next by Thread: | Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
