[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-sigs
Subject:    [Emerging-Sigs] bogon nets (sid 2002750)
From:       markus.lude () gmx ! de (Markus Lude)
Date:       2009-02-22 8:08:49
Message-ID: 20090222080849.GA17335 () fuseki ! my ! domain
[Download RAW message or body]

On Sat, Feb 14, 2009 at 04:30:58AM -0500, Matt Jonkman wrote:

Hello,

> Thanks Markus. They updated the ranges on 1/31 so we were due to update.
> 
> Fixed up and committed.

somehow the rule wasn't updated, only the revision number.

Regards,
Markus



> Markus Lude wrote:
> > Hello,
> > sid 2002750 looks strange and is a bit outdated.
> > 
> > 104.0.0.0/6 does already cover 107.0.0.0/8. Don't know why the second
> > one in is listed additionally. Same with 176.0.0.0/5 and 183.0.0.0/8.
> > 175.0.0.0/8 appears twice.
> > 
> > 109/8 and 178/8 are now allocated.
> > 
> > proposed new version:
> > 
> > alert ip [50.0.0.0/8,100.0.0.0/6,104.0.0.0/6,175.0.0.0/8,176.0.0.0/7,179.0.0.0/8,180.0.0.0/6,185.0.0.0/8] \
> > any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 2"; \
> > classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; \
> > threshold: type limit, track by_src, count 1, seconds 360; sid:2002750; rev:15;) 
> > Regards,
> > Markus


[prev in list] [next in list] [prev in thread] [next in thread]