en-us Copyright 2008 by Bleeding Edge Threats BE Doc Team [doc@bleedingthreats.net] Bleeding Edge Threats TWiki http://doc.bleedingthreats.net/bin/view/Main http://doc.bleedingthreats.net/pub/TWiki/TWikiLogos/T-logo-140x40-t.gif http://doc.bleedingthreats.net/bin/view/Main/2003394 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"BLEEDING EDGE MALWARE User Agent Containing http\:// Suspicious Likely Spyware/Trojan"; flow:to server ... (last changed by PaulJohnson) 2008-08-12T03:22:37Z PaulJohnson http://doc.bleedingthreats.net/bin/view/Main/SnortConfSamples Snort.Conf Samples The goal of this project is to make a set of sample snort.conf files. These will represent different size and goal installs of snort. We do not ... (last changed by JamesMcQuaid) 2008-07-14T11:06:25Z JamesMcQuaid http://doc.bleedingthreats.net/bin/view/Main/FastFluxDNSResponseDetection JohnMcCash 10 Jan 2008 I have a question for the BleedingThreats audience at large. I was just reading up a bit on Fast Flux DNS configurations, which are being ... (last changed by CurtWilson) 2008-03-05T20:50:22Z CurtWilson http://doc.bleedingthreats.net/bin/view/Main/2007634 alert udp $HOME NET 1024:65535 $EXTERNAL NET 1024:65535 (msg:"BLEEDING EDGE TROJAN Storm Worm Encrypted Traffic Outbound Likely Search by md5"; dsize:25; threshold ... (last changed by MikeSchroll) 2008-02-20T19:43:17Z MikeSchroll http://doc.bleedingthreats.net/bin/view/Main/DilipPatel My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ... (last changed by TWikiRegistrationAgent) 2008-01-11T12:12:02Z TWikiRegistrationAgent http://doc.bleedingthreats.net/bin/view/Main/TestTest123 My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ... (last changed by TWikiRegistrationAgent) 2008-01-11T08:36:34Z TWikiRegistrationAgent http://doc.bleedingthreats.net/bin/view/Main/2003642 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"BLEEDING EDGE TROJAN Downloader.Affill User Agent Detected (lol)"; flow:established,to server; content: ... (last changed by RegQuinton) 2007-12-21T19:41:55Z RegQuinton http://doc.bleedingthreats.net/bin/view/Main/2007588 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"BLEEDING EDGE TROJAN Win32 ALT C C Initial Infection Checkin"; flow:established,to server; dsize:18; content ... (last changed by TomH) 2007-12-20T20:39:01Z TomH http://doc.bleedingthreats.net/bin/view/Main/2007688 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"BLEEDING EDGE TROJAN Prg Trojan HTTP POST"; flow:established,to server; content:"POST "; depth:5; uricontent ... (last changed by TWikiGuest) 2007-12-18T00:01:37Z guest http://doc.bleedingthreats.net/bin/view/Main/2007706 alert udp $HOME NET 1024: $EXTERNAL NET 4099 (msg:"BLEEDING EDGE TROJAN Srizbi registering with controller"; dsize:20; content:" 2d "; offset:6; content:" 2d ... (last changed by TWikiGuest) 2007-12-13T17:01:25Z guest http://doc.bleedingthreats.net/bin/view/Main/2007707 alert udp $HOME NET any $DNS SERVERS 53 (msg:"BLEEDING EDGE DNS Possible MITM lookup for WPAD.com"; content:" 04 wpad 03 com 02 "; nocase; reference:url,support ... (last changed by TWikiGuest) 2007-12-13T05:46:02Z guest http://doc.bleedingthreats.net/bin/view/Main/2007709 alert udp $HOME NET any $DNS SERVERS 53 (msg:"BLEEDING EDGE DNS Possible MITM lookup for WPAD.net"; content:" 04 wpad 03 net 02 "; nocase; reference:url,support ... (last changed by TWikiGuest) 2007-12-13T05:46:02Z guest http://doc.bleedingthreats.net/bin/view/Main/2007710 alert udp $HOME NET any $DNS SERVERS 53 (msg:"BLEEDING EDGE DNS Possible MITM lookup for WPAD.org"; content:" 04 wpad 03 org 02 "; nocase; reference:url,support ... (last changed by TWikiGuest) 2007-12-13T05:46:02Z guest http://doc.bleedingthreats.net/bin/view/Main/2007708 alert udp $HOME NET any $DNS SERVERS 53 (msg:"BLEEDING EDGE DNS Possible MITM lookup for WPAD.co"; content:" 04 wpad 02 co 02 "; nocase; reference:url,support.microsoft ... (last changed by TWikiGuest) 2007-12-13T05:46:02Z guest http://doc.bleedingthreats.net/bin/view/Main/2007705 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"BLEEDING EDGE WEB Neosploit 1.5.x URL Loader"; flow:to server,established; content:"GET "; depth:4; nocase ... (last changed by TWikiGuest) 2007-12-13T05:31:05Z guest http://doc.bleedingthreats.net/bin/view/Main/AllProjects Bleeding Edge Threats Projects This page indexes the projects hosted at or closely connected and supported by the Bleeding Edge Threats Community. We highly encourage ... (last changed by DavidTaylor) 2007-12-06T23:35:07Z DavidTaylor http://doc.bleedingthreats.net/bin/view/Main/2003484 alert tcp any any any $HTTP PORTS (msg:"BLEEDING EDGE WORM Allaple Unique HTTP Request Possibly part of DDOS"; flow:established,to server; content:"GET / HTTP ... (last changed by TrinidadMontano) 2007-12-06T15:55:04Z TrinidadMontano http://doc.bleedingthreats.net/bin/view/Main/2007703 alert tcp $EXTERNAL NET any $HOME NET any (msg: "BLEEDING EDGE WEB CLIENT Apple Quicktime RTSP Content Type overflow attempt"; flow:established,from server; content ... (last changed by TWikiGuest) 2007-12-04T00:16:47Z guest http://doc.bleedingthreats.net/bin/view/Main/2007704 alert udp $EXTERNAL NET any $HOME NET any (msg: "BLEEDING EDGE WEB CLIENT Apple Quicktime RTSP Content Type overflow attempt"; content:"RTSP/"; nocase; depth:5 ... (last changed by TWikiGuest) 2007-12-04T00:16:47Z guest http://doc.bleedingthreats.net/bin/view/Main/2003174 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"BLEEDING EDGE EXPLOIT Possible UTF 16 encoded Shellcode Detected";flow:from server,established;pcre:"/( ... (last changed by TWikiGuest) 2007-11-28T23:31:07Z guest