[Emerging-Sigs] update for bogon nets (sids 2002749, 2002750)
Markus Lude
markus.lude at gmx.de
Sun May 18 12:05:22 EDT 2008
Hello,
some updates for rules concerning bogon nets. Also see
http://www.iana.org/assignments/ipv4-address-space
add: 14/8
remove: 114/8, 115/8, 173/8, 174/8, 186/8, 187/8
alert ip [0.0.0.0/7,2.0.0.0/8,5.0.0.0/8,14.0.0.0/8,23.0.0.0/8,27.0.0.0/8,31.0.0.0/8,36.0.0.0/7,39.0.0.0/8,42.0.0.0/8,46.0.0.0/8,49.0.0.0/8] any -> $REAL_HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 1"; classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; threshold: type limit, track by_src, count 1, seconds 360; sid:2002749; rev:5;)
alert ip [50.0.0.0/8,100.0.0.0/6,104.0.0.0/5,112.0.0.0/7,175.0.0.0/8,176.0.0.0/5,184.0.0.0/7] any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 2"; classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; threshold: type limit, track by_src, count 1, seconds 360; sid:2002750; rev:11;)
Regards,
Markus
More information about the Emerging-sigs
mailing list