Home | About Us | FAQ | Signature Downloads | All Projects | Submit a Signature | Mailing Lists | Feeds | Open Job Board | Sponsors | Documentation

  • RSS Latest Docs

    • 2003394
    • SnortConfSamples
    • FastFluxDNSResponseDetection
    • 2007634
    • DilipPatel
    • TestTest123
    • 2003642
    • 2007588
    • 2007688
    • 2007706

  • RSS Latest Sigs

    • VIRUS/TROJAN_PRG
    • VIRUS/TROJAN_Win32.Pakes
    • current-sids.txt
    • CURRENT_EVENTS/CURRENT_WPAD
    • current-sids.txt
    • CURRENT_EVENTS/CURRENT_WPAD
    • current-sids.txt
    • WEB/WEB_Neosploit
    • current-sids.txt
    • VIRUS/TROJAN_Win32.Pakes

  • Recent Comments

    • gabrix on I’m Leaving Bleeding Threats!
    • Buck on Guard.zip Phish, Very targeted, Sig Available
    • Lance on Guard.zip Phish, Very targeted, Sig Available
    • akgunk on Guard.zip Phish, Very targeted, Sig Available
    • Bill475382635','199440348billy@msn.com','','20.134.10.131','2008-05-20 20:38:34','2008-05-20 20:38:34','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-05-21 20:38:34', '2008-05-21 20:38:34', '', 'spam', '', 'comment', '0','0' ) /* on How to Integrate/Use Bleeding Snort Rules

  • Recent Posts

    • Rule & Firewall Updates Re-enabled
    • I’m Leaving Bleeding Threats!
    • Encrypted Storm Sigs
    • Windows 98 Snort Signature
    • E-Jihad Tool Sigs
    • « IDS Policy Manager 2.1 Released!
    CCProxy in use by Malware »

    New Ruleset: Compromised Hosts

    One last new ruleset to add this week. I promise no more for a bit.

    http://docs.bleedingthreats.net/bin/view/Main/CompromisedHost

    This is a compilation of several very reliable sources of hosts that are compromised. Not your everyday compromised spewing a little spam kind of hosts. These are significantly hostile.

    These are updated daily or better, so be sure you’re updating as well.

    If you have an intelligence source to add to the list please let me know.

    http://www.bleedingthreats.net/rules/bleeding-compromised.rules
    http://www.bleedingthreats.net/rules/bleeding-compromised-BLOCK.rules

    Matt

    This entry was posted on Friday, August 24th, 2007 at 2:57 am and is filed under Documentation, General, New Rules. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    One Response to “New Ruleset: Compromised Hosts”

    1. jonkman Says:
      August 24th, 2007 at 2:39 pm

      Point of clarification: Once Storm passes (as it will, as they all do), this ruleset will be the future home for the threat of the week.

    Leave a Reply

    You must be logged in to post a comment.

    Entries (RSS) and Comments (RSS)
    Copyright © 2007 Bleeding Edge Threats.
    All trademarks and copyrights on this page are owned by their respective owners. Snort® is a registered trademark of Sourcefire, Inc.