[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] update for bogon nets (sids 2002749, 2002750)
From: jonkman () jonkmans ! com (Matt Jonkman)
Date: 2008-05-19 0:38:33
Message-ID: 4830CC09.1070306 () jonkmans ! com
[Download RAW message or body]
Got it, thanks Markus. Updating momentarily.
(Glad you're keeping an eye on these :) )
Matt
Markus Lude wrote:
> Hello,
> some updates for rules concerning bogon nets. Also see
>
> http://www.iana.org/assignments/ipv4-address-space
>
> add: 14/8
> remove: 114/8, 115/8, 173/8, 174/8, 186/8, 187/8
>
> alert ip [0.0.0.0/7,2.0.0.0/8,5.0.0.0/8,14.0.0.0/8,23.0.0.0/8,27.0.0.0/8,31.0.0.0/8,36.0.0.0/7,39.0.0.0/8,42.0.0.0/8,46.0.0.0/8,49.0.0.0/8] \
> any -> $REAL_HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets \
> 1"; classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; \
> threshold: type limit, track by_src, count 1, seconds 360; sid:2002749; rev:5;)
> alert ip [50.0.0.0/8,100.0.0.0/6,104.0.0.0/5,112.0.0.0/7,175.0.0.0/8,176.0.0.0/5,184.0.0.0/7] \
> any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 2"; \
> classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; \
> threshold: type limit, track by_src, count 1, seconds 360; sid:2002750; rev:11;)
> Regards,
> Markus
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic