[Emerging-Sigs] update for bogon nets (sids 2002749, 2002750)
Matt Jonkman
jonkman at jonkmans.com
Sun May 18 20:38:33 EDT 2008
Got it, thanks Markus. Updating momentarily.
(Glad you're keeping an eye on these :) )
Matt
Markus Lude wrote:
> Hello,
> some updates for rules concerning bogon nets. Also see
>
> http://www.iana.org/assignments/ipv4-address-space
>
> add: 14/8
> remove: 114/8, 115/8, 173/8, 174/8, 186/8, 187/8
>
> alert ip [0.0.0.0/7,2.0.0.0/8,5.0.0.0/8,14.0.0.0/8,23.0.0.0/8,27.0.0.0/8,31.0.0.0/8,36.0.0.0/7,39.0.0.0/8,42.0.0.0/8,46.0.0.0/8,49.0.0.0/8] any -> $REAL_HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 1"; classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; threshold: type limit, track by_src, count 1, seconds 360; sid:2002749; rev:5;)
>
> alert ip [50.0.0.0/8,100.0.0.0/6,104.0.0.0/5,112.0.0.0/7,175.0.0.0/8,176.0.0.0/5,184.0.0.0/7] any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 2"; classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; threshold: type limit, track by_src, count 1, seconds 360; sid:2002750; rev:11;)
>
> Regards,
> Markus
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Emerging-sigs
mailing list