Git-Mirrors/backend-and-orchestration-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/backend-and-orchestration-toolkit.git synced 2025-06-24 06:34:06 -04:00
Code Issues Projects Releases Packages Wiki Activity
backend-and-orchestration-t.../code/chef/templates/centos/compromised.rules.erb
autistic-symposium-helper 2a6449bb85
merge files from the blockchain infra repo (#59)
2024-11-17 17:03:20 -08:00

86 lines
No EOL
29 KiB
Text
Executable file
Raw Blame History

#
# $Id: emerging-compromised.rules
# Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources
#
#Sources include:
#
# Daniel Gerzo's BruteForceBlocker
# http://danger.rulez.sk/projects/bruteforceblocker/
#
# The OpenBL
# http://www.openbl.org/ (formerly sshbl.org)
#
# And the Emerging Threats Sandnet and SidReporter Projects
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
# Copyright (c) 2003-2017, Emerging Threats
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
# following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
# disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
# following disclaimer in the documentation and/or other materials provided with the distribution.
# * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# VERSION 4467
# Generated 2017-09-22 00:30:02 EDT
alert ip [101.132.70.58,101.226.164.254,101.230.200.173,101.231.117.54,101.236.51.134,101.251.201.246,101.64.237.31,101.79.44.115,103.17.51.78,103.207.36.217,103.207.36.220,103.207.36.225,103.207.36.226,103.207.36.246,103.207.36.251,103.207.36.84,103.207.37.200,103.207.38.144,103.207.38.178,103.207.38.202,103.207.38.86,103.207.39.125,103.207.39.203,103.210.239.167,103.212.222.16,103.212.223.150,103.212.223.42,103.217.152.20,103.228.152.141,103.237.56.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 1"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500000; rev:4467;)
alert ip [103.27.239.143,103.28.38.74,103.45.5.85,103.53.77.118,103.69.219.46,103.71.255.27,103.73.86.76,103.79.142.18,103.89.88.138,103.89.88.147,103.89.88.168,103.89.88.64,103.89.88.86,103.89.88.95,103.89.88.98,103.89.90.28,103.90.226.162,103.9.156.251,104.130.138.184,104.131.40.115,104.131.41.77,104.131.73.27,104.154.89.43,104.168.235.233,104.192.3.34,104.192.3.46,104.193.10.228,104.198.193.205,104.203.45.174,104.211.183.174] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 2"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500002; rev:4467;)
alert ip [104.218.140.228,104.223.123.98,104.238.95.233,104.244.77.64,104.244.78.156,104.37.214.97,104.42.197.23,105.209.67.118,105.225.167.218,106.112.59.106,106.172.82.195,106.247.22.57,106.254.62.123,106.38.252.50,106.39.70.232,106.39.93.84,106.51.1.164,106.51.44.4,106.57.168.64,106.75.134.62,106.75.143.3,106.75.48.185,106.75.71.224,107.132.53.129,107.167.184.140,107.175.145.42,108.14.52.60,108.162.151.203,108.172.246.196,108.172.71.183] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 3"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500004; rev:4467;)
alert ip [108.173.38.92,108.180.129.213,108.208.120.134,108.48.123.223,108.58.41.139,108.61.166.208,109.110.63.131,109.171.3.184,109.195.1.224,109.204.44.230,109.205.136.10,109.206.50.173,109.230.0.69,109.30.27.127,109.98.100.108,110.200.221.235,110.20.113.244,110.228.34.174,110.45.165.12,110.45.244.113,110.8.188.38,111.119.197.73,111.122.211.147,111.125.89.10,111.127.116.215,111.194.196.27,111.204.175.228,111.205.121.92,111.206.115.107,111.231.194.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 4"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500006; rev:4467;)
alert ip [111.26.139.65,111.26.182.3,111.39.46.47,111.89.5.185,112.101.172.18,112.148.101.13,112.161.232.55,112.4.81.93,112.5.140.230,112.64.33.92,112.81.182.17,112.82.237.169,113.105.152.226,113.116.60.141,113.122.140.67,113.124.141.122,113.124.141.48,113.141.70.163,113.178.66.10,113.179.135.18,113.195.226.160,113.200.203.102,113.201.169.192,113.247.233.90,113.252.218.53,113.252.222.216,113.57.160.51,113.77.11.29,114.112.65.226,114.113.101.107] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 5"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500008; rev:4467;)
alert ip [114.207.102.52,114.34.101.101,115.159.152.47,115.195.208.191,115.209.180.49,115.213.144.133,115.231.8.12,115.231.94.238,115.236.47.25,115.236.47.27,115.249.75.29,115.25.138.222,115.68.3.153,116.101.123.47,116.101.17.10,116.107.220.24,116.107.221.141,116.107.223.107,116.15.8.12,116.196.108.252,116.196.84.88,116.231.57.98,116.246.11.101,1.164.9.109,116.62.155.36,117.107.159.144,117.146.60.13,117.18.105.172,117.2.123.42,117.48.194.129] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 6"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500010; rev:4467;)
alert ip [117.79.147.217,118.140.111.22,118.144.138.200,118.144.138.203,118.151.209.235,118.165.126.206,118.179.220.203,118.180.18.102,118.186.21.234,118.186.36.50,118.221.123.174,118.221.201.81,118.244.238.14,118.244.238.18,118.244.238.19,118.244.238.4,118.26.170.129,118.32.27.85,118.34.18.148,118.89.239.137,119.14.160.126,119.146.201.177,119.192.239.231,119.195.208.150,119.197.4.164,119.236.181.148,119.254.153.43,119.44.217.220,119.52.229.151,120.132.113.76] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 7"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500012; rev:4467;)
alert ip [120.132.113.82,120.132.113.84,120.132.113.85,120.132.14.35,120.132.30.150,1.202.166.74,120.234.5.228,120.237.101.134,120.52.118.33,120.52.56.152,120.77.204.253,120.83.5.28,120.89.29.132,1.209.148.74,120.92.74.178,120.92.85.3,121.12.120.171,121.129.186.183,121.159.89.132,121.160.21.13,121.177.23.189,121.194.2.248,121.201.18.228,121.35.209.94,121.46.31.50,121.56.147.48,121.78.87.138,121.8.107.234,121.96.57.204,122.114.213.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 8"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500014; rev:4467;)
alert ip [122.117.90.221,122.146.46.145,122.207.17.20,122.224.144.131,122.228.196.166,122.228.249.84,122.243.182.219,122.46.210.188,122.72.22.132,123.122.123.172,123.132.243.89,123.134.87.51,123.150.101.229,123.150.108.238,123.16.84.49,123.169.170.158,123.169.192.151,123.169.192.77,123.169.200.247,123.171.114.246,123.184.35.48,123.196.120.135,123.207.236.127,123.207.242.81,123.247.9.244,123.249.20.27,123.249.20.31,1.234.4.14,123.96.186.129,123.96.49.127] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 9"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500016; rev:4467;)
alert ip [124.117.241.152,1.241.184.143,124.135.31.202,124.205.195.3,124.207.190.60,124.251.36.75,124.42.66.91,124.61.247.61,124.67.81.2,124.90.206.204,125.100.114.3,125.121.111.64,125.123.155.119,125.130.103.130,125.208.29.140,125.212.253.176,125.34.210.238,125.75.207.25,126.25.84.195,128.199.112.13,128.199.62.192,1.28.86.194,129.121.178.56,129.125.75.199,131.255.6.32,132.148.133.186,133.232.74.108,134.19.181.20,13.54.136.89,13.59.109.162] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 10"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500018; rev:4467;)
alert ip [136.144.156.254,137.186.227.52,137.44.3.243,13.75.158.218,13.76.245.100,137.74.6.238,13.81.217.61,138.197.101.38,138.197.103.4,13.84.188.226,138.68.239.21,138.68.5.130,139.159.220.163,139.219.103.115,139.219.190.2,139.219.70.7,139.255.93.122,139.5.71.112,139.59.123.240,139.59.123.37,139.59.18.218,139.99.104.118,140.114.75.64,140.207.213.31,140.207.2.182,140.255.69.150,140.255.99.4,141.105.69.248,14.163.184.137,14.166.71.61] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 11"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500020; rev:4467;)
alert ip [14.169.1.86,14.177.68.22,14.198.124.91,14.204.87.108,14.228.254.184,14.235.138.51,14.29.118.197,14.34.27.163,144.0.242.178,144.217.128.26,144.217.146.49,144.48.168.8,145.249.106.104,14.58.109.187,14.58.118.69,146.148.108.195,14.63.165.247,147.135.136.81,147.135.226.50,147.178.194.71,149.56.128.14,149.56.180.126,149.56.223.104,151.84.133.210,152.149.59.147,152.204.2.160,153.127.194.180,153.166.65.77,154.0.165.125,154.0.169.254] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 12"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500022; rev:4467;)
alert ip [155.133.82.12,156.67.106.30,157.7.137.248,159.203.102.134,159.203.104.139,159.203.66.209,159.203.68.222,159.203.90.141,159.203.93.23,159.224.62.130,159.226.162.195,160.202.161.28,160.202.161.30,160.3.126.165,162.223.162.11,162.223.162.62,162.243.170.180,162.253.41.66,162.253.42.106,163.172.118.208,163.172.119.32,163.172.125.238,163.172.135.37,163.172.167.129,163.172.170.212,163.172.174.231,163.172.200.128,163.172.223.87,163.172.48.201,163.172.67.180] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 13"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500024; rev:4467;)
alert ip [164.132.51.91,164.177.113.231,165.227.109.171,165.227.124.196,165.227.124.86,165.227.144.103,166.111.131.71,166.62.40.246,167.114.61.195,167.250.73.80,168.1.128.133,168.235.102.145,168.235.89.230,168.70.82.160,169.50.107.11,169.50.86.185,169.50.86.187,169.50.86.188,169.50.86.190,169.50.86.191,170.250.90.139,171.234.231.115,171.245.13.106,171.25.165.26,173.0.52.106,173.16.233.5,173.166.99.116,173.198.206.107,173.212.222.115,173.214.175.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 14"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500026; rev:4467;)
alert ip [173.254.233.195,173.63.215.158,174.100.60.23,174.138.80.41,175.125.93.32,175.126.232.29,175.139.173.1,175.156.152.231,175.207.20.177,175.99.86.177,176.105.180.147,176.126.252.11,176.162.154.1,176.9.156.75,177.11.50.67,177.155.104.44,177.182.109.43,177.201.127.209,177.240.165.184,177.55.160.207,177.55.98.244,177.67.82.109,177.99.236.237,178.124.171.187,178.159.36.6,178.159.37.11,178.170.172.85,178.17.173.74,178.238.239.123,178.239.62.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 15"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500028; rev:4467;)
alert ip [178.62.34.57,178.62.95.5,178.73.195.109,178.93.174.229,179.159.163.243,179.198.1.41,179.41.195.194,180.101.143.2,180.150.224.2,180.150.224.4,180.153.151.93,180.153.19.139,180.166.22.98,180.168.166.121,180.168.76.230,180.169.129.228,180.175.55.213,180.76.140.154,180.76.150.192,180.76.165.244,181.168.78.160,181.214.205.130,181.214.87.4,181.26.141.193,182.126.102.242,182.163.126.241,182.18.153.206,182.245.29.89,182.253.226.82,182.253.66.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 16"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500030; rev:4467;)
alert ip [182.36.201.180,182.38.118.131,182.45.108.45,182.45.43.33,182.45.45.24,18.248.2.85,183.136.188.116,183.152.50.38,183.152.95.93,183.214.148.89,183.239.228.51,183.87.56.75,183.91.0.68,184.149.38.74,185.100.84.108,185.107.94.40,185.140.120.153,185.156.173.106,185.165.29.111,185.165.29.116,185.165.29.122,185.165.29.128,185.165.29.23,185.165.29.50,185.165.29.69,185.165.29.77,185.165.29.78,185.168.242.215,185.200.35.233,185.200.35.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 17"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500032; rev:4467;)
alert ip [185.2.82.45,185.48.207.32,185.55.218.100,185.55.218.34,185.55.218.95,185.56.81.2,185.67.3.144,185.74.36.30,185.8.50.36,186.227.226.158,186.227.234.116,186.4.156.124,187.177.120.75,187.18.54.167,187.18.58.193,187.189.153.69,187.22.231.227,187.84.3.188,188.0.67.184,188.120.254.159,188.121.2.243,188.121.26.102,188.152.201.116,188.165.230.6,188.166.175.211,188.166.34.129,188.187.121.39,188.190.59.137,188.243.168.56,189.114.229.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 18"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500034; rev:4467;)
alert ip [189.169.197.102,189.224.143.228,189.28.12.34,189.39.120.230,189.55.139.237,190.107.225.54,190.107.81.2,190.110.88.164,190.110.89.82,190.110.90.118,190.110.91.217,190.110.94.208,190.110.94.97,190.116.182.154,190.174.203.127,190.196.156.134,190.197.53.146,190.205.38.222,190.210.244.236,190.215.115.50,190.45.3.201,190.48.135.240,190.85.6.90,190.97.205.89,190.98.207.226,191.101.235.232,191.96.112.105,191.96.112.106,191.96.112.107,191.96.112.111] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 19"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500036; rev:4467;)
alert ip [191.96.112.112,191.96.249.114,191.96.249.145,191.96.249.156,191.96.249.38,191.96.249.82,192.129.162.2,192.241.225.16,192.248.87.22,193.104.205.177,193.111.63.192,193.201.224.208,193.201.224.212,193.201.224.214,193.201.224.216,193.201.224.218,193.201.224.232,193.34.144.30,193.40.7.6,193.93.217.142,194.105.205.42,194.213.34.106,194.2.209.2,194.33.76.162,195.154.255.158,195.154.34.127,195.154.37.186,195.154.55.131,195.171.242.187,195.22.126.177] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 20"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500038; rev:4467;)
alert ip [195.225.224.38,195.62.53.126,196.52.32.17,197.231.221.211,198.12.152.136,198.167.136.101,198.199.112.44,198.199.113.122,198.211.121.75,198.24.186.34,198.255.146.211,198.98.50.113,198.98.51.117,198.98.57.188,198.98.57.32,198.98.59.151,198.98.60.112,198.98.60.239,198.98.60.72,198.98.61.180,198.98.61.33,199.168.100.164,199.195.248.31,199.195.249.132,199.195.250.64,199.27.250.119,199.76.14.51,200.17.252.12,200.56.109.119,200.68.66.165] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 21"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500040; rev:4467;)
alert ip [201.144.84.82,201.178.158.127,201.178.184.127,201.193.197.106,201.232.89.209,201.249.207.212,201.48.226.19,202.107.104.119,202.108.199.14,202.129.207.109,202.131.237.149,202.201.64.102,202.29.153.142,202.55.93.98,202.73.50.214,202.80.184.2,202.85.222.225,203.126.140.172,203.128.73.185,203.174.85.138,203.195.160.105,203.215.172.170,203.254.127.19,203.80.94.137,203.86.69.132,204.152.209.14,204.188.251.130,205.185.113.181,207.138.132.44,207.195.19.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 22"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500042; rev:4467;)
alert ip [207.81.165.45,208.66.77.245,208.98.22.130,209.10.82.200,209.15.218.187,209.188.19.226,209.213.170.114,209.239.114.231,209.239.123.90,209.243.10.198,209.92.176.105,209.92.176.114,210.140.10.72,210.212.210.86,210.245.32.72,210.84.44.200,210.94.133.8,211.110.139.215,211.168.232.5,211.195.14.39,211.215.174.144,211.216.123.97,211.226.176.47,211.249.35.203,211.249.35.205,211.57.201.184,211.64.35.129,212.109.221.169,212.129.13.232,212.129.59.195] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 23"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500044; rev:4467;)
alert ip [212.143.128.139,212.159.139.204,212.237.37.123,212.237.40.247,212.237.40.48,212.237.41.114,212.237.42.218,212.237.42.252,212.237.42.61,212.237.43.138,212.237.43.44,212.237.44.26,212.237.45.105,212.237.45.188,212.237.45.212,212.237.45.84,212.237.46.210,212.47.243.174,212.47.250.7,212.51.189.201,212.83.136.196,212.83.141.81,212.83.147.105,212.85.202.67,213.113.215.115,213.136.81.74,213.136.94.221,213.149.105.28,213.32.69.137,213.74.201.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 24"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500046; rev:4467;)
alert ip [213.74.55.250,213.78.109.14,216.168.110.244,216.223.112.22,216.245.209.78,216.98.212.11,217.111.170.195,217.170.205.103,217.23.138.22,217.23.15.165,217.46.196.74,217.57.147.180,217.61.18.106,217.65.2.116,218.103.98.209,218.106.244.93,218.108.206.56,218.148.4.24,218.15.163.100,218.156.193.236,218.2.15.138,218.28.55.134,218.29.188.109,218.32.45.19,218.52.219.225,218.5.76.147,218.63.248.173,218.79.14.243,218.9.118.187,219.116.11.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 25"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500048; rev:4467;)
alert ip [219.159.249.219,219.221.10.99,219.239.227.252,219.239.227.253,220.130.148.106,220.149.235.114,220.72.146.117,220.85.152.96,221.135.104.112,221.145.110.21,221.148.106.180,221.163.191.92,221.192.4.18,222.107.38.1,222.161.37.110,222.220.93.11,222.237.36.38,222.38.230.2,222.73.12.22,2.228.167.211,222.84.159.196,222.91.125.174,222.99.52.246,223.112.4.242,223.112.77.186,223.112.87.85,223.166.92.4,223.30.251.140,223.68.134.29,2.24.131.203] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 26"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500050; rev:4467;)
alert ip [23.129.64.12,23.30.57.83,24.119.126.64,24.46.10.22,24.80.229.169,24.87.106.109,2.50.47.6,27.118.21.218,27.16.159.23,27.19.1.251,27.210.14.232,27.219.169.241,27.255.65.189,27.255.79.21,27.255.79.7,27.54.162.253,27.64.38.194,27.73.14.63,27.73.87.164,31.172.247.106,31.172.80.188,31.173.128.149,31.207.47.53,31.37.37.187,35.162.178.210,35.190.149.252,35.193.213.56,35.193.231.245,35.199.187.166,36.67.37.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 27"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500052; rev:4467;)
alert ip [36.7.87.34,37.221.242.40,37.49.224.119,37.49.225.93,37.57.17.101,39.108.169.46,40.113.22.5,40.121.158.5,40.121.221.115,40.69.164.199,40.71.206.237,40.71.222.21,40.71.82.183,40.83.253.82,40.83.255.188,40.86.186.117,41.190.93.225,41.210.160.3,41.76.226.88,41.77.222.57,41.78.78.66,42.112.26.24,42.115.138.8,42.159.204.117,42.159.249.108,42.159.250.5,42.55.73.197,42.62.73.85,42.93.81.115,42.94.140.79] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 28"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500054; rev:4467;)
alert ip [45.116.80.242,45.249.247.80,45.251.43.189,45.32.236.123,45.32.39.134,45.32.47.58,45.32.60.87,45.55.186.166,45.55.216.145,45.55.4.137,45.56.30.99,45.63.104.148,45.63.35.50,45.76.104.223,45.76.186.62,45.76.198.131,45.76.216.217,45.76.218.238,45.76.220.58,45.76.221.116,45.76.223.152,45.76.53.82,45.79.200.100,46.101.9.80,46.148.20.25,46.164.186.33,46.165.223.217,46.166.185.14,46.17.44.94,46.183.217.165] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 29"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500056; rev:4467;)
alert ip [46.18.3.47,46.188.19.235,46.39.222.2,46.41.134.10,46.4.71.142,46.6.48.15,47.154.229.1,47.22.51.154,47.90.201.99,47.90.202.171,47.90.204.225,47.92.158.26,47.93.223.84,49.116.146.210,49.176.210.112,49.177.224.46,49.207.182.120,49.236.203.74,49.248.152.178,49.51.37.225,50.115.166.21,50.115.166.22,50.116.55.19,50.117.38.106,50.117.86.160,50.118.255.159,50.19.160.96,50.226.124.68,50.247.173.145,50.248.163.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 30"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500058; rev:4467;)
alert ip [50.62.56.171,5.101.40.37,5.101.40.38,5.101.40.62,5.102.224.212,51.15.141.220,51.15.39.26,51.15.64.212,51.254.101.200,51.254.34.30,51.255.202.66,5.135.21.155,5.135.212.153,5.188.10.156,5.188.10.175,5.188.10.176,5.188.10.178,5.188.10.179,5.188.10.180,5.188.10.182,5.189.153.129,52.124.71.138,52.144.39.97,52.165.220.242,52.166.112.31,52.168.179.155,52.168.180.139,52.187.131.166,5.226.174.124,5.249.146.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 31"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500060; rev:4467;)
alert ip [52.64.87.237,52.88.81.95,5.39.217.25,54.245.26.231,5.79.105.11,5.8.18.184,5.8.18.190,58.187.120.180,58.218.213.65,58.221.249.102,58.227.192.158,58.241.120.6,58.242.74.231,58.246.118.252,58.249.54.22,58.30.96.130,58.30.96.133,58.30.96.143,58.46.245.50,58.62.144.229,59.12.201.230,59.13.69.5,59.15.95.50,59.16.74.234,59.175.153.94,59.19.177.128,59.27.218.55,59.49.46.60,59.56.69.126,60.12.229.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 32"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500062; rev:4467;)
alert ip [60.124.22.115,60.13.74.216,60.176.158.242,60.206.137.145,60.208.139.180,60.222.116.99,61.147.68.166,61.161.143.179,61.164.46.188,61.176.218.19,61.197.164.161,61.216.155.200,61.216.38.102,61.219.149.59,61.240.159.244,61.8.249.89,62.152.32.179,62.164.145.253,62.210.130.150,62.210.15.114,62.210.169.48,62.210.97.105,62.219.209.70,62.64.154.18,62.76.177.98,62.76.185.15,62.76.187.122,62.76.191.87,62.76.42.249,62.76.42.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 33"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500064; rev:4467;)
alert ip [62.76.42.99,62.76.44.35,63.135.10.242,64.113.32.29,64.137.192.185,64.50.176.226,64.59.144.120,64.66.226.188,64.71.135.233,65.130.73.219,66.201.100.124,66.35.51.195,66.35.51.198,66.58.155.50,66.58.199.149,66.76.143.225,66.96.203.242,67.205.138.240,67.205.185.191,69.131.92.126,71.230.124.219,72.34.55.130,72.35.252.25,73.207.67.124,73.223.158.230,73.231.34.71,73.235.81.87,73.32.240.93,74.208.155.102,74.208.45.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 34"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500066; rev:4467;)
alert ip [74.52.53.204,76.164.197.48,76.191.17.120,76.74.219.170,76.8.60.134,77.105.1.80,77.123.76.69,77.242.132.150,77.72.82.171,77.72.82.199,77.72.83.249,77.72.85.100,77.81.226.157,78.113.206.194,78.129.10.146,78.138.91.6,78.146.59.79,78.188.21.107,78.195.178.119,78.203.141.125,78.203.248.197,78.211.73.147,78.224.40.128,78.245.236.138,78.43.104.193,78.47.64.211,79.106.161.36,79.137.39.158,79.143.191.24,79.148.105.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 35"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500068; rev:4467;)
alert ip [79.46.205.166,80.11.28.58,80.14.151.90,80.211.226.174,80.211.231.211,80.211.232.174,80.216.42.120,80.243.184.26,80.26.255.232,80.77.43.49,80.82.64.203,80.98.98.181,81.137.199.29,81.143.231.26,81.167.233.182,81.169.143.207,81.171.24.61,81.171.58.49,81.171.85.84,81.17.30.208,81.17.31.250,81.57.126.72,81.95.140.244,82.102.216.128,82.127.48.23,82.185.231.221,82.193.124.36,82.202.245.51,82.211.49.197,82.213.2.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 36"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500070; rev:4467;)
alert ip [82.228.240.199,82.246.170.196,82.6.131.182,82.98.139.229,83.209.114.167,83.220.169.203,83.246.164.83,84.105.201.12,84.107.154.75,84.200.7.180,84.237.16.110,84.55.161.158,85.195.226.180,85.195.48.166,85.230.149.52,85.247.95.85,85.90.210.87,86.109.170.96,86.164.122.219,86.57.164.109,86.57.168.86,86.88.141.158,87.106.71.197,87.126.129.215,87.85.170.35,88.127.227.155,88.147.17.251,88.212.206.44,88.99.38.116,89.108.109.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 37"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500072; rev:4467;)
alert ip [89.108.87.179,89.212.50.176,89.216.97.113,89.225.201.101,89.239.24.62,89.250.84.2,89.251.98.4,89.38.98.6,89.38.98.66,89.87.178.129,90.137.13.61,90.176.140.1,90.84.45.108,91.121.117.6,91.121.14.122,91.134.133.251,91.134.214.132,91.197.232.103,91.197.232.109,92.113.108.27,92.177.78.25,92.220.16.32,92.222.77.85,92.87.236.139,92.87.236.17,92.87.236.189,93.103.212.84,93.170.190.94,93.171.247.91,93.174.89.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 38"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500074; rev:4467;)
alert ip [93.174.93.10,93.174.93.71,93.174.94.253,93.190.140.112,93.212.109.60,93.42.185.41,94.102.51.26,94.177.207.42,94.177.217.169,94.177.218.163,94.177.244.134,94.200.147.213,94.231.4.132,94.231.82.19,94.23.210.41,94.23.59.133,94.74.81.29,95.110.224.97,95.169.50.213,95.179.32.4,95.213.202.178,95.215.62.242,95.240.135.79,95.85.25.122,96.22.196.161,96.231.43.95,96.239.59.131,96.33.76.87,98.110.245.232,98.160.239.31] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 39"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500076; rev:4467;)
Reference in a new issue View git blame Copy permalink