[Emerging-Sigs] Emerging Threats Live Commit Oinkmaster Output
emerging@emergingthreats.net
emerging at emergingthreats.net
Wed Jan 2 16:45:24 EST 2008
[***] Results from Oinkmaster started Wed Jan 2 16:45:24 2008 [***]
[///] Modified active rules: [///]
2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules)
2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules)
2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules)
2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules)
2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules)
2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules)
2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7) (bleeding-botcc.rules)
2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8) (bleeding-botcc.rules)
2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9) (bleeding-botcc.rules)
2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10) (bleeding-botcc.rules)
2404010 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11) (bleeding-botcc.rules)
2404011 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12) (bleeding-botcc.rules)
2404012 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13) (bleeding-botcc.rules)
2404013 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14) (bleeding-botcc.rules)
2404014 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15) (bleeding-botcc.rules)
2404015 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16) (bleeding-botcc.rules)
2404016 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17) (bleeding-botcc.rules)
2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405010 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405011 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405012 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405013 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405014 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405015 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405016 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-drop-BLOCK.rules (2):
# VERSION 1013
# Generated 2008-01-02 01:03:02 EDT
-> Added to bleeding-drop.rules (2):
# VERSION 1013
# Generated 2008-01-02 01:03:02 EDT
-> Added to bleeding-virus.rules (2):
# Created by Jeremy Conway with contributions from Steven Adair
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN TROJ_PROX.AFV POST"; flow:to_server,established; content:"POST "; nocase; depth:5; uricontent:".php"; nocase; content:"=|22|sid|22|"; nocase; content:"=|22|up|22|"; nocase; content:"=|22|wbfl|22|"; nocase; content:"=|22|v|22|"; nocase; content:"=|22|ping|22|"; nocase; content:"=|22|guid|22|"; nocase; content:"=|22|wv|22|"; nocase; reference:url,trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPROXY%2EAFV&VSect=T; classtype:trojan-activity; sid:2007728 rev:1;)
[---] Removed non-rule lines: [---]
-> Removed from bleeding-drop-BLOCK.rules (2):
# VERSION 1012
# Generated 2008-01-01 01:23:44 EDT
-> Removed from bleeding-drop.rules (2):
# VERSION 1012
# Generated 2008-01-01 01:23:44 EDT
More information about the Emerging-sigs
mailing list