Home | About Us | FAQ | Signature Downloads | All Projects | Submit a Signature | Mailing Lists | Feeds | Open Job Board | Sponsors | Documentation

  • RSS Latest Docs

    • 2003394
    • SnortConfSamples
    • FastFluxDNSResponseDetection
    • 2007634
    • DilipPatel
    • TestTest123
    • 2003642
    • 2007588
    • 2007688
    • 2007706

  • RSS Latest Sigs

    • VIRUS/TROJAN_PRG
    • VIRUS/TROJAN_Win32.Pakes
    • current-sids.txt
    • CURRENT_EVENTS/CURRENT_WPAD
    • current-sids.txt
    • CURRENT_EVENTS/CURRENT_WPAD
    • current-sids.txt
    • WEB/WEB_Neosploit
    • current-sids.txt
    • VIRUS/TROJAN_Win32.Pakes

  • Recent Comments

    • Buck on Guard.zip Phish, Very targeted, Sig Available
    • Lance on Guard.zip Phish, Very targeted, Sig Available
    • akgunk on Guard.zip Phish, Very targeted, Sig Available
    • Bill475382635','199440348billy@msn.com','','20.134.10.131','2008-05-20 20:38:34','2008-05-20 20:38:34','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-05-21 20:38:34', '2008-05-21 20:38:34', '', 'spam', '', 'comment', '0','0' ) /* on How to Integrate/Use Bleeding Snort Rules
    • Bill370791230','617930106billy@msn.com','','104.199.69.73','2008-05-20 20:03:22','2008-05-20 20:03:22','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-05-21 20:03:22', '2008-05-21 20:03:22', '', 'spam', '', 'comment', '0','0' ) /* on How to Integrate/Use Bleeding Snort Rules

  • Recent Posts

    • Rule & Firewall Updates Re-enabled
    • I’m Leaving Bleeding Threats!
    • Encrypted Storm Sigs
    • Windows 98 Snort Signature
    • E-Jihad Tool Sigs
    • « Snortsam Patch for Snort 2.8 Available
    OSSEC 1.4 Released »

    New RBN Rulesets

    By popular demand we’ve pulled the Russian Business Network rules out of the compromised hosts list and into it’s own separate ruleset.

    More information here:

    http://doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork

    These have proven quite valuable to many users, I highly recommend tracking any traffic to/from these nets.

    Don’t forget to add something like this to your snort.conf if you would like to use them:

    include $RULE_PATH/bleeding-rbn.rules

    or

    include $RULE_PATH/bleeding-rbn-BLOCK.rules

    if you’re a Snortsam user.

    Matt

    This entry was posted on Tuesday, October 30th, 2007 at 1:50 am and is filed under About Bleeding Edge Threats, New Rules. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Leave a Reply

    You must be logged in to post a comment.

    Entries (RSS) and Comments (RSS)
    Copyright © 2007 Bleeding Edge Threats.
    All trademarks and copyrights on this page are owned by their respective owners. Snort® is a registered trademark of Sourcefire, Inc.