Main WebLast 50 Site Changes
Results from Main web retrieved at 10:25 (GMT)
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN AZG Checkin"; flow:established,to server; content:"GET "; depth:4; nocase; content:" 0d 0a User ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (AVP2006IE)"; flow:established,to server; content:" 0d 0a User Agent\: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (msIE 7.0)"; flow:established,to server; content:" 0d 0a User Agent\: msIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (C\:\\)"; flow:established,to server; content:" 0d 0a User Agent\: C\: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32/Antivirus2008 Fake AV Install Report"; flow:established,to server; uricontent:"?type scanner ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent Possible Trojan Downloader (\xa2\xa2HttpClient)"; flow:established,to ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET TROJAN Themida Packed Binary Likely Hostile"; flow:established,from server; content:" 2E 69 64 61 74 61 20 ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS Iframe in Purported Image Download (png) Likely SQL Injection Attacks Related"; flow ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS Iframe in Purported Image Download (gif) Likely SQL Injection Attacks Related"; flow ...
alert tcp $HOME NET any $EXTERNAL NET 53 (msg:"ET TROJAN HTTP POST Request on port 53 Very Likely Hostile"; flow:established,to server; content:"POST "; nocase ...
alert tcp $HOME NET any $EXTERNAL NET 53 (msg:"ET TROJAN HTTP GET Request on port 53 Very Likely Hostile"; flow:established,to server; content:"GET "; nocase ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET TROJAN VirtualProtect Packed Binary Likely Hostile"; flow:established,from server; content:" 2E 72 73 72 63 ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS Iframe in Purported Image Download (jpeg) Likely SQL Injection Attacks Related"; flow ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS Internal User may have Visited an ASPROX Infected Site"; content:""; within:40; nocase ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
Emerging Threats Russian Business Network (RBN) Snort Intrusion Detection Rules : http://www.emergingthreats.net/rules/emerging rbn.rules http://www.emergingthreats ...
Honeywall and Smoothwall Configuration Samples UsingHoneywall.pdf: UsingHoneywall.pdf (as presented at Berkman Center, Harvard Law School, May 16th) ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Backdoor.Win32.VB.fdi Bot Reporting to Controller"; flow:established,to server; content:"state\: 0 ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Trojan PWS.Win32.VB.tr Checkin Detected"; flow:established,to server; content:"POST"; depth:5 ...
alert tcp $EXTERNAL NET any $HTTP SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (admin)"; flow:to server,established; content:"Authorization\: Basic ...
alert tcp $EXTERNAL NET any $HTTP SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (tomcat)"; flow:to server,established; content:"Authorization\: Basic ...
alert tcp $EXTERNAL NET any $HTTP SERVERS 8080 (msg:"ET SCAN Tomcat Auth Brute Force attempt (manager)"; flow:to server,established; content:"Authorization\: Basic ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (SUiCiDE/1.5)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE BarACE Checkin and Update"; flow:established,to server; content:"GET "; depth:4; uricontent: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE ZCOM Adware/Spyware User Agent (ZCOM Software)"; flow:established,to server; content:" 0d 0a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Antispywareexpert.com Fake AS Install Checkin"; flow:established,to server; uricontent:"/?action ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE ZenoSearch Spyware User Agent"; flow:to server,established; content:" 0d 0a User Agent\: "; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Peed Report to Controller"; flow:established,to server; uricontent:"/controller.php?action "; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Sogoul.com Spyware User Agent (SogouIMEMiniSetup)"; flow:established,to server; content:" 0d ...
Ever have issues trying to get management to try and understand log files from your proxy server, showing inappropriate user activity? As they say a picture is worth ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Fake CNN alert Malware download (adobe flash.exe)"; flow:to server,established; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Likely Facebook Malware Download (picture dl.exe)"; flow:to server,established; content ...
Snort.Conf Samples The goal of this page is to make a set of sample snort.conf files, and some samples for using other common tools with data from Emerging Threats ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Unknown Checkin"; flowbits:isset,ET.unknid; flow:established,to server; dsize:100200; content:" idate ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Unknown Initial Checkin"; flow:established,to server; dsize: Added 2008 08 07 10:00:21 UTC
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
SidReporter Install Instructions SidReporter Readme INTRODUCTION SidReporter is a tool that will help feedback information to the community about a number of things ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (antispyprogram)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ieagent)"; flow:established,to server; content:" 0d 0a User Agent\: ieagent ...
SidReporter SidReporter is the Emerging Threats Data Sharing Tool that allows users to report anonymously their local IDS/IPS event data. In return you will (soon ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Cutwail/W32.Small.avu Dropper"; flow:established,to server; content:"GET "; depth:4; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Possible Storm Worm EXE Request (postcard.exe)"; flow:established,to server; content: ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32.Downloader.pgp Checkin"; flow:established,to server; uricontent:"?id "; uricontent:" e ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Banker.OT Checkin (2 packet)"; flow:established,to server; content:"praquem "; depth:8; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Dialer.Win32.E Group.n Checkin"; flow:to server,established; uricontent:"login "; nocase; uricontent ...
alert tcp $EXTERNAL NET any $HOME NET 25 (msg:"CURRENT EVENTS Fake Airline E ticket Email Inbound"; flow:established,to server; content:" 0d 0a Subject\: E Ticket ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (dwplayer)"; flow:established,to server; content:" 0d 0a User Agent\: dwplayer ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (NULL)"; flow:established,to server; content:" 0d 0a User Agent\: NULL ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Trojan Downloader.Win32.Delf.bsy Checkin"; flow:established,to server; uricontent:"dn "; nocase ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Searchtool.co.kr Fake Product User Agent (searchtoolup)"; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32/Antivirus2008"; flow:established,to server; uricontent:" nick "; nocase; uricontent:" group ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Cleancop.co.kr Fake AV User Agent (CleancopUpdate)"; flow:established,to server; content:" 0d ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET EXPLOIT WEB PHP remote file include exploit attempt"; flow: to server,established; content:"GET ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN thespybot.com installation download detected"; flow:established,to server; content:"GET "; depth ...
alert tcp $HOME NET any $EXTERNAL NET 2227 (msg:"ET TROJAN Trojan PSW.Win32.Nilage.crg Checkin"; flow:established,to server; dsize:32; content:" 00 c0 a8 01 f4 ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB convert SQL Injection Attempt"; flow:established,to server; uricontent:"1 convert("; nocase; ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB query information schema SQL Injection Attempt"; flow:established,to server; uricontent:"information ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32.Adload.agq Checkin"; flow:established,to server; uricontent:"pubid "; nocase; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Banload POST Checkin (dados)";flow:established,to server; content: "POST "; depth:5; content: ...
alert tcp $HOME NET any $EXTERNAL NET 25 (msg:"ET TROJAN LDPinch SMTP Password Report"; flow:established,to server; content:"Subject 3a Passes from "; depth:21 ...
alert tcp $HOME NET any $EXTERNAL NET 25 (msg:"ET TROJAN LDPinch SMTP Password Report with mail client The Bat!"; flow:established,to server; content:"X Mailer ...
alert udp any 53 $HOME NET any (msg:"ET CURRENT EVENTS DNS Query Responses with 3 RR's set (50 in 2 seconds) possible NS RR Cache Poisoning Attempt"; content ...
alert udp any 53 $HOME NET any (msg:"ET CURRENT EVENTS DNS Query Responses with 3 RR's set (50 in 2 seconds) possible A RR Cache Poisoning Attempt"; content ...
alert tcp any any $HOME NET 139:445 (msg:"ET EXPLOIT Foofus.net Password dumping, dll injection"; flow:to server,established; content:" 6c 00 73 00 72 00 65 00 ...
#alert udp any 53 $HOME NET any (msg:"ET CURRENT EVENTS Excessive NXDOMAIN responses Possible DNS Poisoning Attempt Backscatter"; byte test:1, ,128,2; byte test ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET TROJAN HotLan.C Spambot C C download command"; flow:established,from server; content:" 3B URL 3A http 3A 2F 2F ...
alert tcp $HOME NET 1024: $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN HotLan.C Spambot Trojan Activity"; flow:to server,established; content:"GET 20 "; offset:0; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Look2Me Activity"; flow:established,to server; uricontent:"?B "; uricontent:" V "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET POLICY Netviewer.com Remote Control Proxy Test"; flow:established,to server; content:"POST /nvserver ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN LDPinch Checkin Flowbit set"; flow:established,to server; content:"POST "; depth:5; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN LDPinch Checkin v2"; flowbits:isset,ET.PINCH; flow:established,to server; content:"a "; nocase ...
alert udp any 53 $DNS SERVERS any (msg:"ET CURRENT EVENTS Excessive DNS Responses with 1 or more RR's (100 in 10 seconds) possible Cache Poisoning Attempt"; ...
alert udp any 53 $HOME NET any (msg:"ET CURRENT EVENTS Excessive NXDOMAIN Responses (not authoritative)"; byte test:1, ,128,2; byte test:1, ,3, 1,relative; threshold ...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORTS (msg:"ET WEB Possible SQL Injection Attempt Danmec related (declare)"; flow:established,to server; uricontent ...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORTS (msg:"ET WEB Possible SQL Injection (exec)"; flow:established,to server; uricontent:"exec("; nocase; classtype ...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORTS (msg:"ET WEB Possible SQL Injection (varchar)"; flow:established,to server; uricontent:"varchar("; nocase; classtype ...
alert udp $HOME NET 1024: $EXTERNAL NET 1024: (msg:"ET TROJAN Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C C traffic"; content:" 6C 3C " ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE EZULA Spyware User Agent"; flow: established,to server; content:"User Agent\: ezula"; classtype ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Adsincontext.com Related Spyware User Agent (Connector v1.2)"; flow: established; content:"User ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE 404Search Spyware User Agent"; flow:established,to server; content:"User Agent\: 404search"; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Deepdo Toolbar User Agent (FavUpdate)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Likely Ad ware installation phoning home (success and NSISDL User Agent)"; flow: established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (CFS Agent)"; flow:established,to server; content:" 0d 0a User Agent\: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Download App)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (HTTP Downloader)"; flow: established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Inet read)"; flow:established,to server; content:" 0d 0a User Agent\: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Easy Search Bar Spyware User Agent"; flow: established,to server; content:"User Agent\: ESB" ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (InetURL)"; flow:established,to server; content:!"www.dell.com"; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (hacker)"; flow:established,to server; content:" 0d 0a User Agent\: hacker ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (HttpDownload)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Sidesearch Spyware User Agent"; flow: established,to server; content:"User Agent\: Sidesearch ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (PcPcUpdater)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (CFS DOWNLOAD)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ReadFileURL)"; flow:established,to server; content:" 0d 0a User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ieguideupdate)"; flow:established,to server; content:" 0d 0a User Agent ...
Number of topics: 100
-- MattJonkman - 28 Feb 2007
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback