[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] bogon nets (sid 2002750)
From: markus.lude () gmx ! de (Markus Lude)
Date: 2009-02-22 8:08:49
Message-ID: 20090222080849.GA17335 () fuseki ! my ! domain
[Download RAW message or body]
On Sat, Feb 14, 2009 at 04:30:58AM -0500, Matt Jonkman wrote:
Hello,
> Thanks Markus. They updated the ranges on 1/31 so we were due to update.
>
> Fixed up and committed.
somehow the rule wasn't updated, only the revision number.
Regards,
Markus
> Markus Lude wrote:
> > Hello,
> > sid 2002750 looks strange and is a bit outdated.
> >
> > 104.0.0.0/6 does already cover 107.0.0.0/8. Don't know why the second
> > one in is listed additionally. Same with 176.0.0.0/5 and 183.0.0.0/8.
> > 175.0.0.0/8 appears twice.
> >
> > 109/8 and 178/8 are now allocated.
> >
> > proposed new version:
> >
> > alert ip [50.0.0.0/8,100.0.0.0/6,104.0.0.0/6,175.0.0.0/8,176.0.0.0/7,179.0.0.0/8,180.0.0.0/6,185.0.0.0/8] \
> > any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets 2"; \
> > classtype:bad-unknown; reference:url,www.cymru.com/Documents/bogon-list.html; \
> > threshold: type limit, track by_src, count 1, seconds 360; sid:2002750; rev:15;)
> > Regards,
> > Markus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic