|
|
Bleedingsnort.com Daily Update: msg#00144security.ids.snort.sigs
[***] Results from Oinkmaster started Mon Oct 18 20:00:01 2004 [***] [///] Modified active rules: [///] -> Modified active in bleeding-malware.rules (9): old: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE IE shell access WSH (Windows Script Host)"; content:"wsh.Run"; content:"command"; reference: url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000516; rev:2;) new: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE IE shell access WSH (Windows Script Host)"; content:"wsh.Run"; content:"command"; reference:url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000516; rev:2;) old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE Object Data vulnerability"; content:"document.body.innerHTML"; content:"object"; content:"data"; content:"show"; content:"document.body"; reference: url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000517; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE Object Data vulnerability"; content:"document.body.innerHTML"; content:"object"; content:"data"; content:"show"; content:"document.body"; reference:url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000517; rev:1;) old: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE shell browser vulnerability NT/2K"; content:"shell\:winnt"; reference: url,www.packetfocus.com/shell_exploit.htm; nocase; classtype:misc-attack; sid:2000520; rev:2;) new: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE shell browser vulnerability NT/2K"; content:"shell\:winnt"; reference:url,www.packetfocus.com/shell_exploit.htm; nocase; classtype:misc-attack; sid:2000520; rev:2;) old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE suspicious access to WSH (Windows Script Host)"; content:"object"; content:"id"; content:"wsh"; content:"classid"; content:"clsid\:"; content:"\/"; content:"object"; reference: url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000515; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE suspicious access to WSH (Windows Script Host)"; content:"object"; content:"id"; content:"wsh"; content:"classid"; content:"clsid\:"; content:"\/"; content:"object"; reference:url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000515; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE homepage hijacking"; content:"wsh.RegWrite"; content:"HKLM\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\Start Page"; reference: url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000514; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE homepage hijacking"; content:"wsh.RegWrite"; content:"HKLM\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\Start Page"; reference:url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; nocase; classtype:misc-attack; sid:2000514; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE Encrypted Jscript (Windows Script Encoder)"; content:"JScript.Encode"; content:"Start Encode"; reference: url,microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en; nocase; classtype:misc-attack; sid:2000518; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE Encrypted Jscript (Windows Script Encoder)"; content:"JScript.Encode"; content:"Start Encode"; reference:url,microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en; nocase; classtype:misc-attack; sid:2000518; rev:1;) old: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE Comet Cursor spyware detection"; content:"|53 65 72 76 65 72|"; content:"|43 6F 6D 65 74|"; reference: url,simplythebest.net/info/spyware/comet_cursor_spyware.html; classtype:policy-violation; sid:2000551; rev:5;) new: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE Comet Cursor spyware detection"; content:"|53 65 72 76 65 72|"; content:"|43 6F 6D 65 74|"; reference:url,simplythebest.net/info/spyware/comet_cursor_spyware.html; classtype:policy-violation; sid:2000551; rev:5;) old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE spyware downloader Microsoft VM vulnerability"; content:"document.write"; content:"APPLET"; content:"ActiveXComponent"; reference: url,www.giac.org/practical/GCIH/Franklin_Witter_GCIH.pdf; nocase; classtype:misc-attack; sid:2000513; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE IE spyware downloader Microsoft VM vulnerability"; content:"document.write"; content:"APPLET"; content:"ActiveXComponent"; reference:url,www.giac.org/practical/GCIH/Franklin_Witter_GCIH.pdf; nocase; classtype:misc-attack; sid:2000513; rev:1;) old: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE shell browser vulnerability W9x/XP"; content:"shell\:windows"; reference: url,www.packetfocus.com/shell_exploit.htm; nocase; classtype:misc-attack; sid:2000519; rev:2;) new: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE shell browser vulnerability W9x/XP"; content:"shell\:windows"; reference:url,www.packetfocus.com/shell_exploit.htm; nocase; classtype:misc-attack; sid:2000519; rev:2;) -> Modified active in bleeding-policy.rules (4): old: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE NE EXE OS2 file download"; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in a DOS session."; isdataat:6,relative; content:"NE"; distance:0; reference: url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000423; rev:3;) new: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE NE EXE OS2 file download"; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in a DOS session."; isdataat:6,relative; content:"NE"; distance:0; reference:url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000423; rev:3;) old: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Download Windows Help File CHM"; content:"ITSF|03|"; isdataat:19,relative; content:"|7C 01 FD 10 7B AA 11 D0 9E 0C 00 A0 C9 22 E6 EC 7C 01 FD 11 7B AA 11 D0 9E 0C 00 A0 C9 22 E6 EC|"; distance:0; reference: url,www.speakeasy.org/~russotto/chm/chmformat.html; reference: url,www.securiteam.com/windowsntfocus/6V00N000AU.html; classtype:misc-activity; sid:2000489; rev:3;) new: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Download Windows Help File CHM"; content:"ITSF|03|"; isdataat:19,relative; content:"|7C 01 FD 10 7B AA 11 D0 9E 0C 00 A0 C9 22 E6 EC 7C 01 FD 11 7B AA 11 D0 9E 0C 00 A0 C9 22 E6 EC|"; distance:0; reference:url,www.speakeasy.org/~russotto/chm/chmformat.html; reference:url,www.securiteam.com/windowsntfocus/6V00N000AU.html; classtype:misc-activity; sid:2000489; rev:3;) old: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE LX EXE OS2 file download"; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in a DOS session."; isdataat:6,relative; content:"LX"; distance:0; reference: url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000424; rev:3;) new: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE LX EXE OS2 file download"; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in a DOS session."; isdataat:6,relative; content:"LX"; distance:0; reference:url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000424; rev:3;) old: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Download Windows Help File CHM 2"; content:"ITSF|03|"; isdataat:19,relative; content:"|10 FD 01 7C AA 7B D0 11 9E 0C 00 A0 C9 22 E6 EC 11 FD 01 7C AA 7B D0 11 9E 0C 00 A0 C9 22 E6 EC|"; distance:0; reference: url,www.speakeasy.org/~russotto/chm/chmformat.html; reference: url,www.securiteam.com/windowsntfocus/6V00N000AU.html; classtype:misc-activity; sid:2000429; rev:3;) new: alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Download Windows Help File CHM 2"; content:"ITSF|03|"; isdataat:19,relative; content:"|10 FD 01 7C AA 7B D0 11 9E 0C 00 A0 C9 22 E6 EC 11 FD 01 7C AA 7B D0 11 9E 0C 00 A0 C9 22 E6 EC|"; distance:0; reference:url,www.speakeasy.org/~russotto/chm/chmformat.html; reference:url,www.securiteam.com/windowsntfocus/6V00N000AU.html; classtype:misc-activity; sid:2000429; rev:3;) -> Modified active in bleeding.rules (26): old: alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection line comment"; flow:to_server,established; content:"-|00|-|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000373; rev:1;) new: alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection line comment"; flow:to_server,established; content:"-|00|-|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000373; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASAX source exposed with Alternate Data Stream"; content: ".asax\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000533; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASAX source exposed with Alternate Data Stream"; content: ".asax\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000533; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE PHPNukegeneral XSS attemp"; content:"/modules.php?"; content:"name="; uricontent:"SCRIPT"; nocase; pcre:"/<\s*SCRIPT\s*>/iU"; reference: url,www.waraxe.us/?modname=sa&id=030; classtype:web-application-attack; sid:2001218; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE PHPNukegeneral XSS attemp"; content:"/modules.php?"; content:"name="; uricontent:"SCRIPT"; nocase; pcre:"/<\s*SCRIPT\s*>/iU"; reference:url,www.waraxe.us/?modname=sa&id=030; classtype:web-application-attack; sid:2001218; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS SHTML source exposed with Alternate Data Stream"; content: ".shtml\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000525; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS SHTML source exposed with Alternate Data Stream"; content: ".shtml\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000525; rev:1;) old: alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection closing string plus line comment"; flow:to_server,established; content:"'|00|"; content:"-|00|-|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000488; rev:1;) new: alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection closing string plus line comment"; flow:to_server,established; content:"'|00|"; content:"-|00|-|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000488; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS PL source exposed with Alternate Data Stream"; content: ".pl\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000530; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS PL source exposed with Alternate Data Stream"; content: ".pl\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000530; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Possible Microsoft asycpict.dll 1.0 Remote JPEG DoS Attack Vulnerability Attempt"; content:".jp"; content:"mspert10.cab"; content:"|FF FF FF FF|"; nocase; reference:url,archives.neohapsis.com/archives/bugtraq/2004-10/0126.html; classtype:attempted-dos; sid:2001360; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Possible Microsoft asycpict.dll 1.0 Remote JPEG DoS Attack Vulnerability Attempt"; content:"|4A 46 49 46|"; content:"|11 08 FF FF FF FF|"; nocase; reference:url,archives.neohapsis.com/archives/bugtraq/2004-10/0126.html; classtype:attempted-dos; sid:2001360; rev:2;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS IDC source exposed with Alternate Data Stream"; content: ".idc\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000526; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS IDC source exposed with Alternate Data Stream"; content: ".idc\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000526; rev:1;) old: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL DOS attempt (08) 1 byte"; content:"|08|"; depth:1; dsize:1; reference: url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-dos; sid:2000379; rev:1;) new: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL DOS attempt (08) 1 byte"; content:"|08|"; depth:1; dsize:1; reference:url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-dos; sid:2000379; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS IDA source exposed with Alternate Data Stream"; content: ".ida\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000529; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS IDA source exposed with Alternate Data Stream"; content: ".ida\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000529; rev:1;) old: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL Spike buffer overflow"; content:"|12 01 00 34|"; depth:4; reference: url,www.securityfocus.com/bid/5411/exploit; classtype:attempted-admin; sid:2000380; rev:1;) new: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL Spike buffer overflow"; content:"|12 01 00 34|"; depth:4; reference:url,www.securityfocus.com/bid/5411/exploit; classtype:attempted-admin; sid:2000380; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS SHTM source exposed with Alternate Data Stream"; content: ".shtm\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000524; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS SHTM source exposed with Alternate Data Stream"; content: ".shtm\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000524; rev:1;) old: alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE ICMP PING IPTools"; itype:8; icode:0; content:"|A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7|"; depth:64; reference: url,www.ks-soft.net/ip-tools.eng; classtype:misc-activity; sid:2000575; rev:1;) new: alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE ICMP PING IPTools"; itype:8; icode:0; content:"|A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7 A7|"; depth:64; reference:url,www.ks-soft.net/ip-tools.eng; classtype:misc-activity; sid:2000575; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASP source exposed with Alternate Data Stream"; content: ".asp\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000521; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASP source exposed with Alternate Data Stream"; content: ".asp\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000521; rev:1;) old: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL DOS bouncing packets"; content:"|0A|"; depth:1; reference: url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-dos; sid:2000381; rev:1;) new: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL DOS bouncing packets"; content:"|0A|"; depth:1; reference:url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-dos; sid:2000381; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS STM source exposed with Alternate Data Stream"; content: ".stm\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000523; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS STM source exposed with Alternate Data Stream"; content: ".stm\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000523; rev:1;) old: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL DOS attempt (08)"; content:"|08|"; depth:1; content:!"|3A|"; depth:1; offset:1; dsize:>1; reference: url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-dos; sid:2000378; rev:1;) new: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL DOS attempt (08)"; content:"|08|"; depth:1; content:!"|3A|"; depth:1; offset:1; dsize:>1; reference:url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-dos; sid:2000378; rev:1;) old: alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection running SQL statements line comment"; flow:to_server,established; content:"\;|00|"; content:"-|00|-|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000372; rev:1;) new: alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection running SQL statements line comment"; flow:to_server,established; content:"\;|00|"; content:"-|00|-|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000372; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS HTW source exposed with Alternate Data Stream"; content: ".htw\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000527; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS HTW source exposed with Alternate Data Stream"; content: ".htw\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000527; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASA source exposed with Alternate Data Stream"; content: ".asa\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000522; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASA source exposed with Alternate Data Stream"; content: ".asa\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000522; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS IDQ source exposed with Alternate Data Stream"; content: ".idq\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000528; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS IDQ source exposed with Alternate Data Stream"; content: ".idq\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000528; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASPX source exposed with Alternate Data Stream"; content: ".aspx\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000532; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS ASPX source exposed with Alternate Data Stream"; content: ".aspx\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000532; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS PHP source exposed with Alternate Data Stream"; content: ".php\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000531; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS PHP source exposed with Alternate Data Stream"; content: ".php\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000531; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS CONFIG source exposed with Alternate Data Stream"; content: ".config\:\:$DATA"; nocase; reference: url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000534; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB-IIS CONFIG source exposed with Alternate Data Stream"; content: ".config\:\:$DATA"; nocase; reference:url,support.microsoft.com/support/kb/articles/q188/8/06.asp&NoWebContent=1&NoWebContent=1; sid:2000534; rev:1;) old: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE PHPNuke general SQL injection attempt"; content:"/modules.php?"; content:"name="; content:"UNION"; nocase; content:"SELECT"; nocase; reference: url,www.waraxe.us/?modname=sa&id=030; reference: url,www.waraxe.us/?modname=sa&id=036; classtype:web-application-attack ;sid:2001202; rev:1;) new: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE PHPNuke general SQL injection attempt"; content:"/modules.php?"; content:"name="; content:"UNION"; nocase; content:"SELECT"; nocase; reference:url,www.waraxe.us/?modname=sa&id=030; reference:url,www.waraxe.us/?modname=sa&id=036; classtype:web-application-attack ;sid:2001202; rev:1;) old: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL heap overflow attempt"; content:"|08 3A 31|"; depth:3; reference: url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-admin; sid:2000377; rev:1;) new: alert udp any any -> $HOME_NET 1434 (msg:"BLEEDING-EDGE MS-SQL heap overflow attempt"; content:"|08 3A 31|"; depth:3; reference:url,www.nextgenss.com/papers/tp-SQL2000.pdf; classtype:attempted-admin; sid:2000377; rev:1;) [///] Modified inactive rules: [///] -> Modified inactive in bleeding-policy.rules (9): old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE REG files version 5 download"; content:"Windows Registry Editor Version 5.00"; content:"|0D 0A|"; content:"["; content:"HKEY_"; reference: url,www.ss64.com/nt/regedit.html; nocase; classtype:misc-activity; sid:2000421; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE REG files version 5 download"; content:"Windows Registry Editor Version 5.00"; content:"|0D 0A|"; content:"["; content:"HKEY_"; reference:url,www.ss64.com/nt/regedit.html; nocase; classtype:misc-activity; sid:2000421; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Executable and linking format (ELF) file download"; content:"|7F|ELF"; content:"|00 00 00 00 00 00 00 00|"; reference: url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000418; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE Executable and linking format (ELF) file download"; content:"|7F|ELF"; content:"|00 00 00 00 00 00 00 00|"; reference:url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000418; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE EXE compressed PKWARE Windows file download"; content:"MZ"; isdataat:28,relative; content:"PKLITE"; distance:0; reference: url,www.program-transformation.org/Transform/PcExeFormat; classtype:misc-activity; sid:2000426; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE EXE compressed PKWARE Windows file download"; content:"MZ"; isdataat:28,relative; content:"PKLITE"; distance:0; reference:url,www.program-transformation.org/Transform/PcExeFormat; classtype:misc-activity; sid:2000426; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE PE EXE or DLL Windows file download"; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in DOS mode."; distance: 0; isdataat:10,relative; content:"PE"; distance: 0; reference: url,hyatus.dune2.info/Miscellanous/exe_header.html; classtype:misc-activity; sid:2000419; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE PE EXE or DLL Windows file download"; content:"MZ"; isdataat:76,relative; content:"This program cannot be run in DOS mode."; distance: 0; isdataat:10,relative; content:"PE"; distance: 0; reference:url,hyatus.dune2.info/Miscellanous/exe_header.html; classtype:misc-activity; sid:2000419; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE REG files version 4 download"; content:"REGEDIT4"; content:"|0D 0A|"; content:"["; content:"HKEY_"; reference: url,www.ss64.com/nt/regedit.html; nocase; classtype:misc-activity; sid:2000420; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE REG files version 4 download"; content:"REGEDIT4"; content:"|0D 0A|"; content:"["; content:"HKEY_"; reference:url,www.ss64.com/nt/regedit.html; nocase; classtype:misc-activity; sid:2000420; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE NE EXE Windows 3.x file download"; content:"MZ"; isdataat:76,relative; content:"This program requires Microsoft Windows."; isdataat:10,relative; content:"NE"; distance:0; reference: url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000425; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE NE EXE Windows 3.x file download"; content:"MZ"; isdataat:76,relative; content:"This program requires Microsoft Windows."; isdataat:10,relative; content:"NE"; distance:0; reference:url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm; classtype:misc-activity; sid:2000425; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE REG files version 5 Unicode download"; content:"W|00|i|00|n|00|d|00|o|00|w|00|s|00| |00|R|00|e|00|g|00|i|00|s|00|t|00|r|00|y|00| |00|E|00|d|00|i|00|t|00|o|00|r|00| |00|V|00|e|00|r|00|s|00|i|00|o|00|n|00| |00|5|00|.|00|0|00|0|00|"; content:"|0D 0A|"; content:"[|00|"; content:"H|00|K|00|E|00|Y|00|_|00|"; reference: url,www.ss64.com/nt/regedit.html; nocase; classtype:misc-activity; sid:2000422; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE REG files version 5 Unicode download"; content:"W|00|i|00|n|00|d|00|o|00|w|00|s|00| |00|R|00|e|00|g|00|i|00|s|00|t|00|r|00|y|00| |00|E|00|d|00|i|00|t|00|o|00|r|00| |00|V|00|e|00|r|00|s|00|i|00|o|00|n|00| |00|5|00|.|00|0|00|0|00|"; content:"|0D 0A|"; content:"[|00|"; content:"H|00|K|00|E|00|Y|00|_|00|"; reference:url,www.ss64.com/nt/regedit.html; nocase; classtype:misc-activity; sid:2000422; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE ZIP file download"; content:"PK|0304|"; byte_test: 1, <=, 0x14, 0, string, hex; distance: 0; content:"|00 00 00|"; distance: 0; reference: url,zziplib.sourceforge.net/zzip-parse.print.html;classtype:misc-activity; sid:2000428; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE ZIP file download"; content:"PK|0304|"; byte_test: 1, <=, 0x14, 0, string, hex; distance: 0; content:"|00 00 00|"; distance: 0; reference:url,zziplib.sourceforge.net/zzip-parse.print.html;classtype:misc-activity; sid:2000428; rev:3;) old: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE PE EXE Install Windows file download"; content:"MZ"; isdataat:76,relative; content:"This program must be run under Win32"; distance:0; isdataat:140,relative; content:"PE"; distance:0; reference: url,www.program-transformation.org/Transform/PcExeFormat; classtype:misc-activity; sid:2000427; rev:3;) new: #alert tcp !$HOME_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE PE EXE Install Windows file download"; content:"MZ"; isdataat:76,relative; content:"This program must be run under Win32"; distance:0; isdataat:140,relative; content:"PE"; distance:0; reference:url,www.program-transformation.org/Transform/PcExeFormat; classtype:misc-activity; sid:2000427; rev:3;) -> Modified inactive in bleeding.rules (7): old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 4"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:"L|00|I|00|K|00|E|00|"; content:"'|00|'|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000492; rev:3;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 4"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:"L|00|I|00|K|00|E|00|"; content:"'|00|'|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000492; rev:3;) old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 2"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:">|00|"; content:"'|00|'|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000490; rev:2;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 2"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:">|00|"; content:"'|00|'|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000490; rev:2;) old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection trying to guess the column name"; flow:to_server,established; content:"'|00|"; content:"+|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000374; rev:1;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection trying to guess the column name"; flow:to_server,established; content:"'|00|"; content:"+|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000374; rev:1;) old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 3"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:"<|00|"; content:"'|00|'|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000491; rev:3;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 3"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:"<|00|"; content:"'|00|'|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000491; rev:3;) old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection running SQL statements NO line comment"; flow:to_server,established; content:"'|00|"; content:"'|00|'|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000376; rev:1;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection running SQL statements NO line comment"; flow:to_server,established; content:"'|00|"; content:"'|00|'|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf; reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html; nocase; classtype:attempted-user; sid:2000376; rev:1;) old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 5"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|";content:"B|00|E|00|T|00|W|00|E|00|E|00|N|00|"; content:"'|00|'|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000493; rev:3;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 5"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|";content:"B|00|E|00|T|00|W|00|E|00|E|00|N|00|"; content:"'|00|'|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000493; rev:3;) old: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:"=|00|"; content:"'|00|'|00|"; reference: url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference: url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000375; rev:3;) new: #alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR"; flow:to_server,established; content:"'|00|'|00|";content:"O|00|R|00|"; content:"=|00|"; content:"'|00|'|00|"; reference:url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf;reference:url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html;nocase; classtype:attempted-user; sid:2000375; rev:3;) [*] Non-rule line modifications: [*] None. [*] Added files: [*] None. ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | FP for NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt: sid 2383 -- the real one: 00144, Russell Fulton |
|---|---|
| Next by Date: | Re: reporting false positives...: 00144, Matt Jonkman |
| Previous by Thread: | Bleedingsnort.com Daily Updatei: 00144, matt |
| Next by Thread: | Bleedingsnort.com Daily Update: 00144, matt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |