-
Notifications
You must be signed in to change notification settings - Fork 0
/
drop.rules
73 lines (69 loc) · 26.3 KB
/
drop.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#
# $Id: emerging-drop.rules $
# Emerging Threats Spamhaus DROP List rules.
#
# Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to [email protected] or the emerging-sigs mailing list
#
#*************************************************************
#
# Copyright (c) 2003-2019, Emerging Threats
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
# following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
# disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
# following disclaimer in the documentation and/or other materials provided with the distribution.
# * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# VERSION 2755
# Generated 2020-04-19 00:05:01 EDT
alert ip [5.134.128.0/19,5.183.60.0/22,5.188.10.0/23,23.92.80.0/20,23.239.64.0/19,24.233.0.0/19,27.126.160.0/20,27.146.0.0/16,36.0.8.0/21,36.37.48.0/20,36.116.0.0/16,36.119.0.0/16,37.252.220.0/22,41.77.240.0/21,41.93.128.0/17,42.0.32.0/19,42.1.128.0/17,42.96.0.0/18,42.128.0.0/12,42.160.0.0/12] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 1"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400000; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [43.252.80.0/22,45.4.128.0/22,45.4.136.0/22,45.6.48.0/22,45.9.156.0/22,45.11.184.0/22,45.11.188.0/22,45.41.0.0/18,45.41.192.0/18,45.43.128.0/18,45.59.128.0/18,45.65.32.0/22,45.65.112.0/22,45.65.188.0/22,45.95.40.0/22,45.114.240.0/22,45.117.52.0/22,45.117.208.0/22,45.117.232.0/22,45.121.204.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 2"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400001; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [46.232.192.0/21,49.156.160.0/19,49.238.64.0/18,58.14.0.0/15,58.145.176.0/21,59.153.60.0/22,60.233.0.0/16,61.11.224.0/19,61.45.251.0/24,63.141.34.0/23,63.141.36.0/23,67.213.112.0/20,74.114.148.0/22,83.175.0.0/18,84.238.160.0/22,85.121.39.0/24,85.209.4.0/22,86.55.40.0/23,86.55.42.0/23,86.104.222.0/23] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 3"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400002; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [89.39.69.0/24,89.40.207.0/24,89.41.50.0/23,91.197.196.0/22,91.200.12.0/22,91.200.248.0/22,91.209.12.0/24,91.218.236.0/22,91.220.163.0/24,91.240.165.0/24,93.114.51.0/24,93.114.52.0/23,93.114.54.0/24,101.42.0.0/16,101.134.0.0/15,101.192.0.0/14,101.202.0.0/16,101.203.128.0/19,101.248.0.0/15,101.252.0.0/15] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 4"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400003; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [102.196.96.0/19,102.211.224.0/19,102.212.224.0/19,102.228.0.0/16,102.232.0.0/16,102.240.0.0/16,103.14.208.0/22,103.16.76.0/24,103.23.8.0/22,103.23.124.0/22,103.24.232.0/22,103.30.12.0/22,103.32.0.0/16,103.32.132.0/22,103.34.0.0/16,103.35.160.0/22,103.36.64.0/22,103.57.248.0/22,103.73.172.0/22,103.75.36.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 5"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400004; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [103.135.144.0/24,103.155.224.0/19,103.158.224.0/19,103.167.224.0/19,103.171.224.0/19,103.174.224.0/19,103.180.224.0/19,103.189.224.0/19,103.197.8.0/22,103.197.240.0/22,103.199.88.0/22,103.205.84.0/22,103.207.160.0/22,103.210.244.0/22,103.215.80.0/22,103.225.72.0/22,103.225.128.0/22,103.226.192.0/22,103.228.60.0/22,103.229.36.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 6"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400005; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [103.239.56.0/22,103.243.8.0/22,103.243.124.0/22,104.143.16.0/20,104.153.244.0/22,104.166.96.0/19,104.207.64.0/19,104.222.160.0/19,104.233.0.0/18,104.239.0.0/17,104.243.192.0/20,104.247.96.0/19,104.250.192.0/19,104.250.224.0/19,106.95.0.0/16,107.155.128.0/18,107.182.112.0/20,107.182.240.0/20,107.190.160.0/20,110.41.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 7"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400006; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [117.58.0.0/17,117.120.64.0/18,119.58.0.0/16,119.232.0.0/16,120.48.0.0/15,121.46.124.0/22,122.8.0.0/16,122.129.0.0/18,122.185.0.0/16,123.136.80.0/20,123.249.0.0/16,124.20.0.0/16,124.68.0.0/15,124.157.0.0/18,124.242.0.0/16,125.31.192.0/18,125.58.0.0/18,125.169.0.0/16,128.24.0.0/16,128.85.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 8"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400007; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [131.108.16.0/22,131.143.0.0/16,131.200.0.0/16,132.255.132.0/22,134.18.0.0/16,134.22.0.0/16,134.23.0.0/16,134.33.0.0/16,134.127.0.0/16,134.172.0.0/16,137.19.0.0/16,137.31.0.0/16,137.33.0.0/16,137.55.0.0/16,137.72.0.0/16,137.76.0.0/16,137.105.0.0/16,137.114.0.0/16,137.218.0.0/16,138.31.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 9"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400008; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [138.94.120.0/22,138.94.144.0/22,138.94.216.0/22,138.97.156.0/22,138.122.192.0/22,138.125.0.0/16,138.186.208.0/22,138.216.0.0/16,138.219.172.0/22,138.249.0.0/16,139.44.0.0/16,139.81.0.0/16,139.188.0.0/16,140.167.0.0/16,141.136.22.0/24,141.178.0.0/16,141.253.0.0/16,142.102.0.0/16,143.0.236.0/22,143.49.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 10"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400009; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [146.51.0.0/16,146.183.0.0/16,146.202.0.0/16,146.252.0.0/16,147.7.0.0/16,147.16.0.0/14,147.78.224.0/22,147.119.0.0/16,148.148.0.0/16,148.154.0.0/16,148.178.0.0/16,148.185.0.0/16,148.248.0.0/16,149.118.0.0/16,149.143.64.0/18,149.207.0.0/16,150.10.0.0/16,150.22.128.0/17,150.25.0.0/16,150.40.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 11"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400010; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [150.141.0.0/16,150.242.100.0/22,150.242.120.0/22,150.242.144.0/22,151.212.0.0/16,152.109.0.0/16,152.147.0.0/16,153.14.0.0/16,153.52.0.0/14,153.93.0.0/16,154.65.96.0/20,154.65.112.0/20,155.11.0.0/16,155.40.0.0/16,155.66.0.0/16,155.71.0.0/16,155.73.0.0/16,155.94.64.0/19,155.94.96.0/20,155.108.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 12"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400011; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [157.115.0.0/16,157.162.0.0/16,157.186.0.0/16,157.195.0.0/16,158.54.0.0/16,158.90.0.0/17,158.249.0.0/16,159.80.0.0/16,159.85.0.0/16,159.151.0.0/16,159.174.0.0/16,159.219.0.0/16,159.223.0.0/16,159.229.0.0/16,160.14.0.0/16,160.21.0.0/16,160.115.0.0/16,160.116.0.0/16,160.117.0.0/16,160.121.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 13"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400012; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [160.235.0.0/16,160.240.0.0/16,160.255.0.0/16,161.0.0.0/19,161.0.68.0/22,161.1.0.0/16,162.208.124.0/22,162.212.188.0/22,162.216.0.0/22,162.216.152.0/21,162.222.128.0/21,163.47.19.0/24,163.50.0.0/16,163.53.247.0/24,163.59.0.0/16,163.127.224.0/19,163.128.224.0/19,163.198.0.0/16,163.216.0.0/19,163.250.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 14"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400013; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [164.155.0.0/16,165.3.0.0/16,165.25.0.0/16,165.52.0.0/14,165.102.0.0/16,165.205.0.0/16,165.209.0.0/16,166.93.0.0/16,166.117.0.0/16,167.74.0.0/18,167.97.0.0/16,167.103.0.0/16,167.158.0.0/16,167.160.96.0/19,167.162.0.0/16,167.175.0.0/16,167.224.0.0/19,167.249.200.0/22,168.0.212.0/22,168.64.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 15"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400014; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [168.151.4.0/23,168.151.6.0/24,168.151.32.0/21,168.151.43.0/24,168.151.44.0/22,168.151.48.0/22,168.151.52.0/23,168.151.54.0/24,168.151.56.0/21,168.151.64.0/22,168.151.68.0/23,168.151.72.0/21,168.151.80.0/20,168.151.96.0/19,168.151.128.0/20,168.151.145.0/24,168.151.146.0/23,168.151.148.0/22,168.151.152.0/22,168.151.157.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 16"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400015; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [168.151.208.0/21,168.151.216.0/22,168.151.220.0/23,168.151.232.0/21,168.151.240.0/21,168.151.248.0/22,168.151.254.0/24,168.181.52.0/22,168.195.76.0/22,168.196.236.0/22,168.196.240.0/22,168.198.0.0/16,168.205.72.0/22,168.206.0.0/16,168.211.0.0/16,168.227.128.0/22,168.227.140.0/22,169.239.152.0/22,170.67.0.0/16,170.83.232.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 17"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400016; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [170.244.240.0/22,170.245.40.0/22,170.247.220.0/22,171.25.0.0/17,171.25.212.0/22,171.26.0.0/16,172.98.0.0/18,174.136.192.0/18,175.103.64.0/18,176.56.192.0/19,177.234.136.0/21,179.63.0.0/17,180.178.192.0/18,180.236.0.0/14,181.177.64.0/18,184.175.192.0/22,185.0.96.0/19,185.21.8.0/22,185.30.168.0/22,185.35.136.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 18"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400017; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [185.116.175.0/24,185.122.128.0/22,185.123.144.0/20,185.123.248.0/21,185.124.0.0/22,185.124.56.0/21,185.126.136.0/22,185.126.148.0/22,185.126.160.0/22,185.126.224.0/22,185.126.236.0/22,185.126.248.0/22,185.127.44.0/22,185.127.56.0/22,185.127.92.0/22,185.129.8.0/22,185.129.208.0/22,185.130.36.0/22,185.130.40.0/22,185.132.8.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 19"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400018; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [185.159.68.0/22,185.161.148.0/22,185.165.24.0/22,185.167.116.0/22,185.175.140.0/22,185.180.192.0/22,185.184.192.0/22,185.185.48.0/22,185.187.236.0/22,185.194.100.0/22,185.199.240.0/22,185.203.64.0/22,185.205.180.0/22,185.212.56.0/22,185.215.132.0/22,185.227.200.0/22,185.238.176.0/22,185.248.132.0/22,186.65.112.0/20,186.179.0.0/18] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 20"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400019; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [188.214.94.0/24,188.247.230.0/24,190.123.208.0/20,190.185.108.0/22,191.101.167.0/24,192.5.103.0/24,192.12.131.0/24,192.22.0.0/16,192.26.25.0/24,192.31.212.0/23,192.40.29.0/24,192.43.160.0/24,192.43.175.0/24,192.43.176.0/21,192.43.184.0/24,192.46.192.0/18,192.54.110.0/24,192.67.16.0/24,192.96.146.0/24,192.101.44.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 21"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400020; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [192.152.194.0/24,192.154.11.0/24,192.160.44.0/24,192.161.80.0/20,192.190.49.0/24,192.190.97.0/24,192.195.150.0/24,192.197.87.0/24,192.203.252.0/24,192.206.114.0/24,192.219.120.0/21,192.219.128.0/18,192.219.192.0/20,192.219.208.0/21,192.226.16.0/20,192.229.32.0/19,192.231.66.0/24,192.234.189.0/24,192.245.101.0/24,192.251.231.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 22"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400021; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [193.139.0.0/16,193.201.232.0/22,193.243.0.0/17,194.169.172.0/22,195.182.57.0/24,195.210.96.0/19,196.1.109.0/24,196.10.64.0/19,196.15.64.0/18,196.16.0.0/14,196.42.128.0/17,196.61.192.0/20,196.62.0.0/16,196.192.192.0/18,196.193.0.0/16,196.194.0.0/15,196.207.64.0/18,196.246.0.0/16,197.154.0.0/16,197.231.208.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 23"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400022; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [198.56.64.0/18,198.57.64.0/20,198.62.70.0/24,198.62.76.0/24,198.96.224.0/20,198.99.117.0/24,198.102.222.0/24,198.148.212.0/24,198.151.16.0/20,198.151.64.0/18,198.151.152.0/22,198.160.205.0/24,198.169.201.0/24,198.177.175.0/24,198.177.176.0/22,198.177.180.0/24,198.177.214.0/24,198.178.64.0/19,198.179.22.0/24,198.181.64.0/19] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 24"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400023; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [198.187.64.0/18,198.187.192.0/24,198.190.173.0/24,198.199.212.0/24,198.200.0.0/21,198.200.8.0/23,198.202.237.0/24,198.204.0.0/21,198.206.140.0/24,198.212.132.0/24,199.5.152.0/23,199.5.229.0/24,199.26.137.0/24,199.26.207.0/24,199.26.251.0/24,199.33.222.0/24,199.34.128.0/18,199.46.32.0/19,199.48.160.0/21,199.60.102.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 25"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400024; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [199.88.32.0/20,199.88.48.0/22,199.89.16.0/20,199.89.198.0/24,199.120.163.0/24,199.165.32.0/19,199.166.200.0/22,199.184.82.0/24,199.185.192.0/20,199.196.192.0/19,199.198.160.0/20,199.198.176.0/21,199.198.184.0/23,199.198.188.0/22,199.200.64.0/19,199.212.96.0/20,199.223.0.0/20,199.230.64.0/19,199.230.96.0/21,199.233.85.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 26"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400025; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [199.246.213.0/24,199.246.215.0/24,199.248.64.0/18,199.249.64.0/19,199.253.32.0/20,199.253.48.0/21,199.253.224.0/20,199.254.32.0/20,200.0.60.0/23,200.22.0.0/16,200.71.124.0/22,200.189.44.0/22,200.234.128.0/18,201.148.168.0/22,201.169.0.0/16,202.0.192.0/18,202.20.32.0/19,202.21.64.0/19,202.27.96.0/23,202.27.98.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 27"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400026; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [202.27.164.0/22,202.27.168.0/24,202.39.112.0/20,202.40.32.0/19,202.40.64.0/18,202.68.0.0/18,202.86.0.0/22,202.148.32.0/20,202.148.176.0/20,202.183.0.0/19,202.189.80.0/20,203.2.200.0/22,203.9.0.0/19,203.31.88.0/23,203.34.70.0/23,203.86.252.0/22,203.169.0.0/22,203.191.64.0/18,203.195.0.0/18,204.19.38.0/23] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 28"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400027; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [204.75.147.0/24,204.75.228.0/24,204.80.198.0/24,204.86.16.0/20,204.87.199.0/24,204.89.224.0/24,204.106.128.0/18,204.106.192.0/19,204.107.208.0/24,204.126.244.0/23,204.128.151.0/24,204.128.180.0/24,204.130.16.0/20,204.130.167.0/24,204.147.64.0/21,204.194.64.0/21,204.225.16.0/20,204.225.159.0/24,204.225.210.0/24,204.232.0.0/18] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 29"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400028; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [205.144.0.0/20,205.144.176.0/20,205.148.128.0/18,205.148.192.0/18,205.151.128.0/19,205.159.45.0/24,205.159.174.0/24,205.159.180.0/24,205.166.77.0/24,205.166.84.0/24,205.166.130.0/24,205.166.168.0/24,205.166.211.0/24,205.172.244.0/22,205.175.160.0/19,205.189.71.0/24,205.189.72.0/23,205.203.0.0/19,205.203.224.0/19,205.207.134.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 30"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400029; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [205.214.128.0/19,205.233.224.0/20,205.236.185.0/24,205.236.189.0/24,205.237.88.0/21,206.41.160.0/19,206.51.29.0/24,206.124.104.0/21,206.130.188.0/24,206.143.128.0/17,206.195.224.0/19,206.197.28.0/24,206.197.29.0/24,206.197.77.0/24,206.197.165.0/24,206.209.80.0/20,206.224.160.0/19,206.226.0.0/19,206.226.32.0/19,206.227.64.0/18] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 31"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400030; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [207.110.128.0/18,207.183.192.0/19,208.84.132.0/22,208.93.4.0/22,209.66.128.0/19,209.95.192.0/19,209.99.128.0/18,209.145.0.0/19,209.161.96.0/20,209.182.64.0/19,209.242.192.0/19,212.146.180.0/24,213.173.36.0/22,213.247.0.0/19,216.83.208.0/20,216.137.176.0/20,216.179.128.0/17,220.154.0.0/16,221.132.192.0/18,223.0.0.0/15] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 32"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400031; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)
alert ip [223.169.0.0/16,223.173.0.0/16,223.254.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 33"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400032; rev:2755; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2020_04_19;)