[Emerging-updates] Live Commit Output
emerging@emergingthreats.net
emerging at emergingthreats.net
Thu Apr 3 12:13:50 EST 2008
[***] Results from Oinkmaster started Thu Apr 3 13:13:50 2008 [***]
[+++] Added rules: [+++]
2008092 - ET SCAN Internal to Internal UPnP Request tcp port 2555 (bleeding-scan.rules)
2008093 - ET SCAN External to Internal UPnP Request tcp port 2555 (bleeding-scan.rules)
2008094 - ET SCAN External to Internal UPnP Request udp port 1900 (bleeding-scan.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-scan.rules (4):
#by matt jonkman
#intended to catch internal hosts doing upnp requests that maybe shouldn't be
#and external hosts making internal requests.
#have seen some malware samples looking for upnp hosts
-> Added to bleeding-sid-msg.map (3):
2008092 || ET SCAN Internal to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
2008093 || ET SCAN External to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
2008094 || ET SCAN External to Internal UPnP Request udp port 1900 || url,www.upnp-hacks.org/upnp.html
-> Added to bleeding-sid-msg.map.txt (3):
2008092 || ET SCAN Internal to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
2008093 || ET SCAN External to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
2008094 || ET SCAN External to Internal UPnP Request udp port 1900 || url,www.upnp-hacks.org/upnp.html
More information about the Emerging-updates
mailing list