#
# $Id: emerging-compromised.rules
# Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources
#
#Sources include:
#
#  Daniel Gerzo's BruteForceBlocker
#  http://danger.rulez.sk/projects/bruteforceblocker/
#
#  Abuse.ch's Zeus Tracker (aka WNSPoem, etc)
#  https://zeustracker.abuse.ch/faq.php
#
#  The CZ Honeynet Project
#  http://www.honeynet.cz
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2010, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 1830

#  Generated 2010-03-11 00:03:02 EDT

alert tcp [109.104.175.43,109.104.180.209,109.123.70.97,109.123.78.47,109.123.80.245,109.196.143.48,109.239.138.2,109.74.205.226,109.82.169.80,109.82.89.41,109.87.68.183,109.95.115.18,109.95.115.19,109.95.115.35,109.95.115.36,110.11.171.73,110.12.19.27,110.12.2.196,110.13.54.19,110.188.0.123,110.232.235.168,110.3.196.187,110.45.144.72,110.45.152.32,110.54.61.44,110.54.84.69,110.55.15.177,110.55.230.82,110.55.40.44,110.67.66.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (1)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510000; rev:1830; fwsam: src, 24 hours;)
alert udp [109.104.175.43,109.104.180.209,109.123.70.97,109.123.78.47,109.123.80.245,109.196.143.48,109.239.138.2,109.74.205.226,109.82.169.80,109.82.89.41,109.87.68.183,109.95.115.18,109.95.115.19,109.95.115.35,109.95.115.36,110.11.171.73,110.12.19.27,110.12.2.196,110.13.54.19,110.188.0.123,110.232.235.168,110.3.196.187,110.45.144.72,110.45.152.32,110.54.61.44,110.54.84.69,110.55.15.177,110.55.230.82,110.55.40.44,110.67.66.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (1)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510001; rev:1830; fwsam: src, 24 hours;)
alert tcp [110.67.87.249,110.8.253.2,110.9.0.39,110.9.194.37,111.125.250.85,111.235.157.154,111.255.192.245,111.73.45.201,111.92.238.15,112.104.208.177,112.110.215.135,112.121.165.235,112.122.9.105,112.140.18.102,112.140.185.159,112.140.185.182,112.148.46.34,112.149.17.110,112.179.62.17,112.199.204.84,112.199.241.105,112.200.133.135,112.200.195.151,112.200.205.45,112.200.221.214,112.200.28.39,112.200.33.220,112.200.44.191,112.200.61.37,112.201.109.111] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (2)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510002; rev:1830; fwsam: src, 24 hours;)
alert udp [110.67.87.249,110.8.253.2,110.9.0.39,110.9.194.37,111.125.250.85,111.235.157.154,111.255.192.245,111.73.45.201,111.92.238.15,112.104.208.177,112.110.215.135,112.121.165.235,112.122.9.105,112.140.18.102,112.140.185.159,112.140.185.182,112.148.46.34,112.149.17.110,112.179.62.17,112.199.204.84,112.199.241.105,112.200.133.135,112.200.195.151,112.200.205.45,112.200.221.214,112.200.28.39,112.200.33.220,112.200.44.191,112.200.61.37,112.201.109.111] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (2)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510003; rev:1830; fwsam: src, 24 hours;)
alert tcp [112.201.181.184,112.201.181.195,112.202.11.129,112.202.170.100,112.202.18.182,112.202.191.141,112.202.228.1,112.202.236.33,112.202.245.90,112.202.74.209,112.202.87.194,112.203.29.188,112.206.128.174,112.216.57.254,112.216.83.178,112.4.93.8,112.65.244.85,112.65.246.49,112.72.163.100,112.78.196.157,112.78.200.144,113.10.92.91,113.105.131.130,113.105.135.116,113.105.169.131,113.108.150.148,113.108.150.149,113.108.72.35,113.11.194.251,113.130.70.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (3)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510004; rev:1830; fwsam: src, 24 hours;)
alert udp [112.201.181.184,112.201.181.195,112.202.11.129,112.202.170.100,112.202.18.182,112.202.191.141,112.202.228.1,112.202.236.33,112.202.245.90,112.202.74.209,112.202.87.194,112.203.29.188,112.206.128.174,112.216.57.254,112.216.83.178,112.4.93.8,112.65.244.85,112.65.246.49,112.72.163.100,112.78.196.157,112.78.200.144,113.10.92.91,113.105.131.130,113.105.135.116,113.105.169.131,113.108.150.148,113.108.150.149,113.108.72.35,113.11.194.251,113.130.70.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (3)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510005; rev:1830; fwsam: src, 24 hours;)
alert tcp [113.19.18.136,113.192.0.75,113.193.104.37,113.237.78.44,113.252.50.242,113.254.83.84,113.57.252.34,113.59.255.6,114.108.178.61,114.113.158.5,114.113.158.66,114.113.158.67,114.121.120.154,114.123.116.198,114.127.246.36,114.130.15.210,114.130.30.8,114.143.68.9,114.143.73.48,114.143.8.3,114.146.220.48,114.180.180.209,114.180.180.6,114.200.199.106,114.200.199.107,114.201.136.251,114.202.247.53,114.203.35.2,114.203.87.101,114.205.59.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (4)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510006; rev:1830; fwsam: src, 24 hours;)
alert udp [113.19.18.136,113.192.0.75,113.193.104.37,113.237.78.44,113.252.50.242,113.254.83.84,113.57.252.34,113.59.255.6,114.108.178.61,114.113.158.5,114.113.158.66,114.113.158.67,114.121.120.154,114.123.116.198,114.127.246.36,114.130.15.210,114.130.30.8,114.143.68.9,114.143.73.48,114.143.8.3,114.146.220.48,114.180.180.209,114.180.180.6,114.200.199.106,114.200.199.107,114.201.136.251,114.202.247.53,114.203.35.2,114.203.87.101,114.205.59.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (4)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510007; rev:1830; fwsam: src, 24 hours;)
alert tcp [114.206.15.239,114.207.244.143,114.207.244.144,114.207.244.145,114.207.244.146,114.207.245.217,114.255.161.58,114.255.171.227,114.32.10.175,114.33.242.164,114.36.146.9,114.36.234.18,114.37.98.105,114.41.128.197,114.45.187.88,114.48.215.202,114.51.133.194,114.51.138.231,114.51.17.29,114.58.65.68,114.58.91.18,114.80.100.104,114.80.94.183,114.80.96.82,115.100.249.75,115.100.250.104,115.100.250.105,115.100.250.107,115.100.250.110,115.100.250.114] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (5)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510008; rev:1830; fwsam: src, 24 hours;)
alert udp [114.206.15.239,114.207.244.143,114.207.244.144,114.207.244.145,114.207.244.146,114.207.245.217,114.255.161.58,114.255.171.227,114.32.10.175,114.33.242.164,114.36.146.9,114.36.234.18,114.37.98.105,114.41.128.197,114.45.187.88,114.48.215.202,114.51.133.194,114.51.138.231,114.51.17.29,114.58.65.68,114.58.91.18,114.80.100.104,114.80.94.183,114.80.96.82,115.100.249.75,115.100.250.104,115.100.250.105,115.100.250.107,115.100.250.110,115.100.250.114] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (5)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510009; rev:1830; fwsam: src, 24 hours;)
alert tcp [115.100.250.115,115.100.250.119,115.100.250.122,115.100.250.75,115.100.250.81,115.100.250.82,115.100.250.86,115.100.250.87,115.100.250.88,115.108.126.229,115.113.152.194,115.117.158.226,115.117.159.164,115.117.213.220,115.118.247.177,115.124.189.101,115.133.111.20,115.135.157.166,115.135.249.123,115.139.112.188,115.144.153.5,115.168.84.132,115.182.34.34,115.184.133.166,115.184.190.109,115.184.229.232,115.184.233.24,115.184.249.22,115.184.8.216,115.184.9.199] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (6)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510010; rev:1830; fwsam: src, 24 hours;)
alert udp [115.100.250.115,115.100.250.119,115.100.250.122,115.100.250.75,115.100.250.81,115.100.250.82,115.100.250.86,115.100.250.87,115.100.250.88,115.108.126.229,115.113.152.194,115.117.158.226,115.117.159.164,115.117.213.220,115.118.247.177,115.124.189.101,115.133.111.20,115.135.157.166,115.135.249.123,115.139.112.188,115.144.153.5,115.168.84.132,115.182.34.34,115.184.133.166,115.184.190.109,115.184.229.232,115.184.233.24,115.184.249.22,115.184.8.216,115.184.9.199] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (6)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510011; rev:1830; fwsam: src, 24 hours;)
alert tcp [115.186.102.94,115.186.123.232,115.22.11.185,115.22.198.125,115.22.198.59,115.23.173.166,115.23.6.100,115.238.54.247,115.238.93.147,115.240.127.31,115.240.142.110,115.240.199.99,115.240.245.124,115.240.85.92,115.240.90.132,115.252.34.129,115.252.34.230,115.252.36.67,115.252.47.133,115.30.144.47,115.30.194.145,115.31.136.250,115.31.160.27,115.43.170.154,115.68.14.26,115.68.20.126,115.68.62.94,115.86.36.214,116.12.78.74,116.120.144.78] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (7)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510012; rev:1830; fwsam: src, 24 hours;)
alert udp [115.186.102.94,115.186.123.232,115.22.11.185,115.22.198.125,115.22.198.59,115.23.173.166,115.23.6.100,115.238.54.247,115.238.93.147,115.240.127.31,115.240.142.110,115.240.199.99,115.240.245.124,115.240.85.92,115.240.90.132,115.252.34.129,115.252.34.230,115.252.36.67,115.252.47.133,115.30.144.47,115.30.194.145,115.31.136.250,115.31.160.27,115.43.170.154,115.68.14.26,115.68.20.126,115.68.62.94,115.86.36.214,116.12.78.74,116.120.144.78] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (7)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510013; rev:1830; fwsam: src, 24 hours;)
alert tcp [116.120.72.180,116.122.168.105,116.124.155.199,116.126.87.162,116.127.93.167,116.214.25.66,116.228.193.71,116.236.180.2,116.236.224.82,116.28.64.181,116.28.64.186,116.65.199.39,116.71.246.149,116.74.92.100,116.74.98.160,116.80.229.232,116.82.187.236,117.102.33.24,117.103.192.29,117.103.194.104,117.103.194.105,117.193.141.156,117.195.201.76,117.195.231.65,117.195.33.19,117.196.212.196,117.196.239.156,117.197.24.8,117.198.168.225,117.198.205.117] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (8)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510014; rev:1830; fwsam: src, 24 hours;)
alert udp [116.120.72.180,116.122.168.105,116.124.155.199,116.126.87.162,116.127.93.167,116.214.25.66,116.228.193.71,116.236.180.2,116.236.224.82,116.28.64.181,116.28.64.186,116.65.199.39,116.71.246.149,116.74.92.100,116.74.98.160,116.80.229.232,116.82.187.236,117.102.33.24,117.103.192.29,117.103.194.104,117.103.194.105,117.193.141.156,117.195.201.76,117.195.231.65,117.195.33.19,117.196.212.196,117.196.239.156,117.197.24.8,117.198.168.225,117.198.205.117] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (8)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510015; rev:1830; fwsam: src, 24 hours;)
alert tcp [117.200.62.152,117.200.66.194,117.204.160.238,117.204.165.68,117.204.227.119,117.205.16.98,117.205.20.191,117.21.241.10,117.21.250.175,117.21.253.156,117.241.218.231,117.241.224.125,117.242.42.171,117.254.0.232,117.254.115.122,117.254.131.253,117.254.144.225,117.254.204.253,117.254.211.118,117.254.23.27,117.254.7.29,117.40.83.27,117.41.228.195,117.55.237.193,117.59.39.116,117.74.36.98,117.96.106.124,117.98.189.148,117.98.47.91,117.98.95.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (9)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510016; rev:1830; fwsam: src, 24 hours;)
alert udp [117.200.62.152,117.200.66.194,117.204.160.238,117.204.165.68,117.204.227.119,117.205.16.98,117.205.20.191,117.21.241.10,117.21.250.175,117.21.253.156,117.241.218.231,117.241.224.125,117.242.42.171,117.254.0.232,117.254.115.122,117.254.131.253,117.254.144.225,117.254.204.253,117.254.211.118,117.254.23.27,117.254.7.29,117.40.83.27,117.41.228.195,117.55.237.193,117.59.39.116,117.74.36.98,117.96.106.124,117.98.189.148,117.98.47.91,117.98.95.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (9)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510017; rev:1830; fwsam: src, 24 hours;)
alert tcp [118.100.9.56,118.101.67.149,118.123.114.63,118.123.213.165,118.123.96.89,118.123.96.91,118.129.141.198,118.129.153.43,118.129.166.12,118.129.166.120,118.129.166.213,118.129.170.35,118.130.201.106,118.142.43.195,118.142.9.236,118.160.164.111,118.166.216.65,118.216.246.242,118.217.12.34,118.218.159.237,118.219.109.106,118.219.230.182,118.223.196.160,118.223.52.170,118.236.188.134,118.32.193.250,118.32.3.41,118.33.110.52,118.36.240.236,118.36.254.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (10)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510018; rev:1830; fwsam: src, 24 hours;)
alert udp [118.100.9.56,118.101.67.149,118.123.114.63,118.123.213.165,118.123.96.89,118.123.96.91,118.129.141.198,118.129.153.43,118.129.166.12,118.129.166.120,118.129.166.213,118.129.170.35,118.130.201.106,118.142.43.195,118.142.9.236,118.160.164.111,118.166.216.65,118.216.246.242,118.217.12.34,118.218.159.237,118.219.109.106,118.219.230.182,118.223.196.160,118.223.52.170,118.236.188.134,118.32.193.250,118.32.3.41,118.33.110.52,118.36.240.236,118.36.254.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (10)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510019; rev:1830; fwsam: src, 24 hours;)
alert tcp [118.38.75.57,118.40.5.66,118.42.94.196,118.44.182.195,118.47.18.131,118.5.13.50,118.70.241.51,118.8.21.218,118.87.20.81,118.91.80.229,118.96.175.141,118.97.168.13,119.12.115.120,119.12.148.148,119.139.128.123,119.145.100.215,119.145.138.53,119.149.189.199,119.154.26.15,119.159.255.25,119.161.224.112,119.192.139.158,119.192.234.213,119.193.114.207,119.193.14.122,119.193.60.103,119.194.235.252,119.195.74.3,119.196.189.105,119.197.174.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (11)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510020; rev:1830; fwsam: src, 24 hours;)
alert udp [118.38.75.57,118.40.5.66,118.42.94.196,118.44.182.195,118.47.18.131,118.5.13.50,118.70.241.51,118.8.21.218,118.87.20.81,118.91.80.229,118.96.175.141,118.97.168.13,119.12.115.120,119.12.148.148,119.139.128.123,119.145.100.215,119.145.138.53,119.149.189.199,119.154.26.15,119.159.255.25,119.161.224.112,119.192.139.158,119.192.234.213,119.193.114.207,119.193.14.122,119.193.60.103,119.194.235.252,119.195.74.3,119.196.189.105,119.197.174.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (11)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510021; rev:1830; fwsam: src, 24 hours;)
alert tcp [119.197.203.43,119.200.94.240,119.201.184.155,119.203.105.235,119.205.195.205,119.205.6.66,119.207.156.75,119.228.174.140,119.228.52.154,119.230.65.17,119.242.28.182,119.246.27.232,119.254.1.188,119.254.1.189,119.254.2.170,119.42.150.43,119.62.128.113,119.64.6.19,119.69.134.121,119.7.13.199,119.73.249.177,119.83.184.139,119.92.126.7,119.92.54.34,119.95.238.224,12.129.106.91,12.152.124.2,12.153.32.76,12.183.200.133,12.222.235.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (12)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510022; rev:1830; fwsam: src, 24 hours;)
alert udp [119.197.203.43,119.200.94.240,119.201.184.155,119.203.105.235,119.205.195.205,119.205.6.66,119.207.156.75,119.228.174.140,119.228.52.154,119.230.65.17,119.242.28.182,119.246.27.232,119.254.1.188,119.254.1.189,119.254.2.170,119.42.150.43,119.62.128.113,119.64.6.19,119.69.134.121,119.7.13.199,119.73.249.177,119.83.184.139,119.92.126.7,119.92.54.34,119.95.238.224,12.129.106.91,12.152.124.2,12.153.32.76,12.183.200.133,12.222.235.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (12)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510023; rev:1830; fwsam: src, 24 hours;)
alert tcp [12.24.11.5,12.27.222.183,12.4.20.250,12.44.168.109,12.53.74.70,12.69.202.8,12.70.214.201,12.74.133.128,12.96.142.78,120.107.152.3,120.192.164.30,120.36.154.234,120.42.36.237,120.72.43.43,120.88.39.20,120.88.39.71,121.10.107.22,121.10.107.23,121.10.141.249,121.100.48.130,121.101.209.103,121.101.227.144,121.101.227.178,121.11.66.70,121.115.109.100,121.116.147.158,121.116.181.121,121.119.164.56,121.12.119.121,121.12.172.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (13)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510024; rev:1830; fwsam: src, 24 hours;)
alert udp [12.24.11.5,12.27.222.183,12.4.20.250,12.44.168.109,12.53.74.70,12.69.202.8,12.70.214.201,12.74.133.128,12.96.142.78,120.107.152.3,120.192.164.30,120.36.154.234,120.42.36.237,120.72.43.43,120.88.39.20,120.88.39.71,121.10.107.22,121.10.107.23,121.10.141.249,121.100.48.130,121.101.209.103,121.101.227.144,121.101.227.178,121.11.66.70,121.115.109.100,121.116.147.158,121.116.181.121,121.119.164.56,121.12.119.121,121.12.172.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (13)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510025; rev:1830; fwsam: src, 24 hours;)
alert tcp [121.121.136.243,121.121.39.170,121.125.49.20,121.127.66.229,121.131.210.100,121.131.210.83,121.131.210.92,121.131.232.95,121.132.168.196,121.134.202.108,121.134.235.152,121.135.117.158,121.138.102.239,121.138.195.221,121.138.219.131,121.138.219.132,121.139.107.98,121.14.38.136,121.140.168.231,121.142.170.221,121.144.11.225,121.146.156.219,121.146.207.33,121.149.167.20,121.15.136.115,121.15.166.27,121.15.220.105,121.15.226.226,121.158.38.102,121.160.23.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (14)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510026; rev:1830; fwsam: src, 24 hours;)
alert udp [121.121.136.243,121.121.39.170,121.125.49.20,121.127.66.229,121.131.210.100,121.131.210.83,121.131.210.92,121.131.232.95,121.132.168.196,121.134.202.108,121.134.235.152,121.135.117.158,121.138.102.239,121.138.195.221,121.138.219.131,121.138.219.132,121.139.107.98,121.14.38.136,121.140.168.231,121.142.170.221,121.144.11.225,121.146.156.219,121.146.207.33,121.149.167.20,121.15.136.115,121.15.166.27,121.15.220.105,121.15.226.226,121.158.38.102,121.160.23.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (14)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510027; rev:1830; fwsam: src, 24 hours;)
alert tcp [121.161.131.108,121.162.21.166,121.166.150.170,121.167.118.181,121.167.224.13,121.169.151.5,121.172.206.196,121.174.179.100,121.174.2.70,121.175.16.41,121.177.11.106,121.177.184.65,121.177.253.53,121.180.238.38,121.183.6.137,121.188.4.179,121.191.48.155,121.2.64.1,121.204.0.2,121.22.127.49,121.222.1.35,121.242.15.135,121.242.23.212,121.242.65.131,121.243.34.24,121.245.101.62,121.247.80.83,121.254.173.211,121.32.151.43,121.33.253.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (15)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510028; rev:1830; fwsam: src, 24 hours;)
alert udp [121.161.131.108,121.162.21.166,121.166.150.170,121.167.118.181,121.167.224.13,121.169.151.5,121.172.206.196,121.174.179.100,121.174.2.70,121.175.16.41,121.177.11.106,121.177.184.65,121.177.253.53,121.180.238.38,121.183.6.137,121.188.4.179,121.191.48.155,121.2.64.1,121.204.0.2,121.22.127.49,121.222.1.35,121.242.15.135,121.242.23.212,121.242.65.131,121.243.34.24,121.245.101.62,121.247.80.83,121.254.173.211,121.32.151.43,121.33.253.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (15)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510029; rev:1830; fwsam: src, 24 hours;)
alert tcp [121.34.248.1,121.34.248.2,121.37.58.49,121.50.42.143,121.52.148.66,121.58.248.14,121.83.103.85,121.9.210.245,121.9.210.247,121.9.221.126,121.9.233.77,121.9.242.84,121.92.166.52,121.94.253.93,121.96.145.70,122.103.92.4,122.115.63.11,122.115.63.24,122.115.63.27,122.115.63.30,122.115.63.32,122.115.63.37,122.115.63.4,122.115.63.46,122.115.63.50,122.115.63.6,122.115.63.8,122.115.63.9,122.116.167.214,122.116.179.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (16)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510030; rev:1830; fwsam: src, 24 hours;)
alert udp [121.34.248.1,121.34.248.2,121.37.58.49,121.50.42.143,121.52.148.66,121.58.248.14,121.83.103.85,121.9.210.245,121.9.210.247,121.9.221.126,121.9.233.77,121.9.242.84,121.92.166.52,121.94.253.93,121.96.145.70,122.103.92.4,122.115.63.11,122.115.63.24,122.115.63.27,122.115.63.30,122.115.63.32,122.115.63.37,122.115.63.4,122.115.63.46,122.115.63.50,122.115.63.6,122.115.63.8,122.115.63.9,122.116.167.214,122.116.179.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (16)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510031; rev:1830; fwsam: src, 24 hours;)
alert tcp [122.125.129.160,122.132.54.12,122.132.9.107,122.133.7.7,122.134.49.254,122.144.4.34,122.154.18.68,122.155.0.176,122.155.10.191,122.155.5.132,122.155.5.192,122.160.17.11,122.160.237.142,122.163.104.72,122.164.25.111,122.165.64.67,122.165.9.200,122.166.106.135,122.166.20.176,122.166.52.164,122.167.191.4,122.169.113.31,122.169.115.210,122.170.12.77,122.172.148.71,122.183.202.72,122.183.219.6,122.183.227.6,122.183.227.7,122.183.233.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (17)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510032; rev:1830; fwsam: src, 24 hours;)
alert udp [122.125.129.160,122.132.54.12,122.132.9.107,122.133.7.7,122.134.49.254,122.144.4.34,122.154.18.68,122.155.0.176,122.155.10.191,122.155.5.132,122.155.5.192,122.160.17.11,122.160.237.142,122.163.104.72,122.164.25.111,122.165.64.67,122.165.9.200,122.166.106.135,122.166.20.176,122.166.52.164,122.167.191.4,122.169.113.31,122.169.115.210,122.170.12.77,122.172.148.71,122.183.202.72,122.183.219.6,122.183.227.6,122.183.227.7,122.183.233.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (17)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510033; rev:1830; fwsam: src, 24 hours;)
alert tcp [122.183.80.82,122.193.248.8,122.194.21.12,122.194.5.60,122.197.245.154,122.199.140.158,122.199.179.229,122.200.71.158,122.200.87.60,122.203.68.34,122.212.176.252,122.224.20.102,122.224.223.22,122.224.232.187,122.224.95.229,122.225.0.155,122.225.117.144,122.225.29.42,122.225.29.7,122.227.30.35,122.252.223.100,122.252.251.150,122.255.32.165,122.27.18.24,122.37.125.92,122.50.128.179,122.50.141.65,122.50.143.195,122.53.117.252,122.53.54.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (18)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510034; rev:1830; fwsam: src, 24 hours;)
alert udp [122.183.80.82,122.193.248.8,122.194.21.12,122.194.5.60,122.197.245.154,122.199.140.158,122.199.179.229,122.200.71.158,122.200.87.60,122.203.68.34,122.212.176.252,122.224.20.102,122.224.223.22,122.224.232.187,122.224.95.229,122.225.0.155,122.225.117.144,122.225.29.42,122.225.29.7,122.227.30.35,122.252.223.100,122.252.251.150,122.255.32.165,122.27.18.24,122.37.125.92,122.50.128.179,122.50.141.65,122.50.143.195,122.53.117.252,122.53.54.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (18)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510035; rev:1830; fwsam: src, 24 hours;)
alert tcp [122.70.144.206,122.70.147.103,122.70.151.63,123.103.168.59,123.108.108.147,123.108.208.67,123.114.170.157,123.119.187.137,123.125.127.207,123.127.164.252,123.127.5.143,123.145.169.88,123.15.41.98,123.176.41.150,123.195.226.68,123.196.117.99,123.199.111.77,123.199.111.78,123.201.169.18,123.201.169.37,123.201.188.85,123.201.242.133,123.201.25.103,123.201.55.162,123.201.82.183,123.203.190.215,123.212.42.166,123.213.158.2,123.218.174.63,123.218.25.174] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (19)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510036; rev:1830; fwsam: src, 24 hours;)
alert udp [122.70.144.206,122.70.147.103,122.70.151.63,123.103.168.59,123.108.108.147,123.108.208.67,123.114.170.157,123.119.187.137,123.125.127.207,123.127.164.252,123.127.5.143,123.145.169.88,123.15.41.98,123.176.41.150,123.195.226.68,123.196.117.99,123.199.111.77,123.199.111.78,123.201.169.18,123.201.169.37,123.201.188.85,123.201.242.133,123.201.25.103,123.201.55.162,123.201.82.183,123.203.190.215,123.212.42.166,123.213.158.2,123.218.174.63,123.218.25.174] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (19)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510037; rev:1830; fwsam: src, 24 hours;)
alert tcp [123.225.166.209,123.232.43.68,123.233.113.118,123.236.174.253,123.236.191.224,123.236.191.229,123.236.197.63,123.236.220.199,123.236.27.78,123.236.58.221,123.236.9.74,123.237.118.115,123.237.161.1,123.237.199.227,123.237.58.107,123.237.97.216,123.238.14.244,123.238.59.18,123.242.162.6,123.244.27.231,123.248.155.191,123.248.54.114,123.30.98.50,123.48.123.91,123.49.32.76,123.49.46.3,124.0.103.2,124.104.115.97,124.104.121.248,124.105.170.117] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (20)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510038; rev:1830; fwsam: src, 24 hours;)
alert udp [123.225.166.209,123.232.43.68,123.233.113.118,123.236.174.253,123.236.191.224,123.236.191.229,123.236.197.63,123.236.220.199,123.236.27.78,123.236.58.221,123.236.9.74,123.237.118.115,123.237.161.1,123.237.199.227,123.237.58.107,123.237.97.216,123.238.14.244,123.238.59.18,123.242.162.6,123.244.27.231,123.248.155.191,123.248.54.114,123.30.98.50,123.48.123.91,123.49.32.76,123.49.46.3,124.0.103.2,124.104.115.97,124.104.121.248,124.105.170.117] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (20)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510039; rev:1830; fwsam: src, 24 hours;)
alert tcp [124.107.80.196,124.110.219.45,124.115.17.35,124.120.166.190,124.120.245.138,124.121.246.133,124.121.39.14,124.121.40.22,124.122.154.49,124.124.209.130,124.125.15.135,124.125.81.123,124.127.93.156,124.130.178.225,124.137.4.142,124.179.111.79,124.18.167.71,124.192.56.201,124.193.189.146,124.205.71.147,124.207.168.42,124.207.243.10,124.207.98.90,124.212.184.173,124.216.133.68,124.217.230.39,124.217.239.158,124.225.122.163,124.227.189.18,124.227.192.149] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (21)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510040; rev:1830; fwsam: src, 24 hours;)
alert udp [124.107.80.196,124.110.219.45,124.115.17.35,124.120.166.190,124.120.245.138,124.121.246.133,124.121.39.14,124.121.40.22,124.122.154.49,124.124.209.130,124.125.15.135,124.125.81.123,124.127.93.156,124.130.178.225,124.137.4.142,124.179.111.79,124.18.167.71,124.192.56.201,124.193.189.146,124.205.71.147,124.207.168.42,124.207.243.10,124.207.98.90,124.212.184.173,124.216.133.68,124.217.230.39,124.217.239.158,124.225.122.163,124.227.189.18,124.227.192.149] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (21)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510041; rev:1830; fwsam: src, 24 hours;)
alert tcp [124.232.135.15,124.244.251.180,124.28.100.245,124.28.121.150,124.28.177.17,124.29.246.82,124.38.211.67,124.39.127.134,124.41.64.37,124.42.6.71,124.42.77.85,124.47.118.156,124.47.242.200,124.49.63.185,124.5.193.10,124.54.71.244,124.61.199.41,124.74.243.79,124.74.45.122,124.8.105.142,124.82.137.197,124.82.221.194,124.83.18.117,124.83.26.55,124.85.80.92,124.86.227.61,125.128.109.201,125.128.26.220,125.129.144.113,125.134.55.113] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (22)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510042; rev:1830; fwsam: src, 24 hours;)
alert udp [124.232.135.15,124.244.251.180,124.28.100.245,124.28.121.150,124.28.177.17,124.29.246.82,124.38.211.67,124.39.127.134,124.41.64.37,124.42.6.71,124.42.77.85,124.47.118.156,124.47.242.200,124.49.63.185,124.5.193.10,124.54.71.244,124.61.199.41,124.74.243.79,124.74.45.122,124.8.105.142,124.82.137.197,124.82.221.194,124.83.18.117,124.83.26.55,124.85.80.92,124.86.227.61,125.128.109.201,125.128.26.220,125.129.144.113,125.134.55.113] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (22)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510043; rev:1830; fwsam: src, 24 hours;)
alert tcp [125.137.152.58,125.137.227.195,125.139.10.52,125.139.169.21,125.141.199.213,125.141.237.100,125.142.179.83,125.143.86.51,125.15.46.105,125.160.17.33,125.163.1.71,125.168.55.4,125.170.185.128,125.177.225.135,125.178.188.17,125.184.157.247,125.185.123.95,125.186.131.64,125.187.143.28,125.200.175.213,125.203.8.228,125.206.243.126,125.208.81.28,125.209.104.202,125.209.110.109,125.21.209.2,125.210.253.164,125.210.34.228,125.211.200.32,125.211.221.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (23)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510044; rev:1830; fwsam: src, 24 hours;)
alert udp [125.137.152.58,125.137.227.195,125.139.10.52,125.139.169.21,125.141.199.213,125.141.237.100,125.142.179.83,125.143.86.51,125.15.46.105,125.160.17.33,125.163.1.71,125.168.55.4,125.170.185.128,125.177.225.135,125.178.188.17,125.184.157.247,125.185.123.95,125.186.131.64,125.187.143.28,125.200.175.213,125.203.8.228,125.206.243.126,125.208.81.28,125.209.104.202,125.209.110.109,125.21.209.2,125.210.253.164,125.210.34.228,125.211.200.32,125.211.221.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (23)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510045; rev:1830; fwsam: src, 24 hours;)
alert tcp [125.211.221.146,125.22.105.254,125.22.255.122,125.225.7.152,125.39.114.158,125.63.88.210,125.64.12.30,125.7.209.4,125.7.229.86,125.75.28.30,125.76.215.84,125.77.254.51,125.88.123.220,125.88.128.8,125.88.96.21,125.99.121.26,125.99.252.234,128.118.169.130,128.169.253.179,128.173.54.42,128.210.135.176,128.210.135.177,128.235.211.19,128.30.52.70,128.30.52.71,128.46.115.59,129.174.93.17,129.21.110.201,129.215.136.245,129.24.28.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (24)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510046; rev:1830; fwsam: src, 24 hours;)
alert udp [125.211.221.146,125.22.105.254,125.22.255.122,125.225.7.152,125.39.114.158,125.63.88.210,125.64.12.30,125.7.209.4,125.7.229.86,125.75.28.30,125.76.215.84,125.77.254.51,125.88.123.220,125.88.128.8,125.88.96.21,125.99.121.26,125.99.252.234,128.118.169.130,128.169.253.179,128.173.54.42,128.210.135.176,128.210.135.177,128.235.211.19,128.30.52.70,128.30.52.71,128.46.115.59,129.174.93.17,129.21.110.201,129.215.136.245,129.24.28.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (24)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510047; rev:1830; fwsam: src, 24 hours;)
alert tcp [129.241.142.109,130.111.16.117,130.88.196.231,131.130.241.83,131.178.6.7,132.248.111.115,133.1.243.110,133.1.243.111,133.37.216.56,133.86.88.111,133.86.88.112,133.98.13.52,134.106.80.198,134.114.55.27,134.159.114.6,137.132.165.78,137.132.199.137,138.210.154.36,139.53.16.133,140.109.1.100,140.112.28.143,140.113.228.212,140.114.18.223,140.117.43.1,140.119.65.100,140.121.196.99,140.128.169.6,140.174.118.252,141.213.40.131,141.223.61.228] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (25)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510048; rev:1830; fwsam: src, 24 hours;)
alert udp [129.241.142.109,130.111.16.117,130.88.196.231,131.130.241.83,131.178.6.7,132.248.111.115,133.1.243.110,133.1.243.111,133.37.216.56,133.86.88.111,133.86.88.112,133.98.13.52,134.106.80.198,134.114.55.27,134.159.114.6,137.132.165.78,137.132.199.137,138.210.154.36,139.53.16.133,140.109.1.100,140.112.28.143,140.113.228.212,140.114.18.223,140.117.43.1,140.119.65.100,140.121.196.99,140.128.169.6,140.174.118.252,141.213.40.131,141.223.61.228] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (25)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510049; rev:1830; fwsam: src, 24 hours;)
alert tcp [141.85.252.210,142.161.163.45,142.68.27.238,143.106.1.196,143.225.229.216,144.138.21.42,144.139.79.46,144.16.66.130,145.236.131.251,146.164.20.136,146.164.9.130,147.197.215.124,148.204.59.156,148.207.98.21,148.208.234.6,148.240.164.122,148.244.171.68,148.244.98.137,149.156.233.9,149.75.196.41,150.146.139.141,150.156.193.20,150.185.75.39,150.186.61.4,150.214.234.151,150.244.56.96,151.100.152.12,151.12.60.130,151.13.197.78,151.15.58.223] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (26)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510050; rev:1830; fwsam: src, 24 hours;)
alert udp [141.85.252.210,142.161.163.45,142.68.27.238,143.106.1.196,143.225.229.216,144.138.21.42,144.139.79.46,144.16.66.130,145.236.131.251,146.164.20.136,146.164.9.130,147.197.215.124,148.204.59.156,148.207.98.21,148.208.234.6,148.240.164.122,148.244.171.68,148.244.98.137,149.156.233.9,149.75.196.41,150.146.139.141,150.156.193.20,150.185.75.39,150.186.61.4,150.214.234.151,150.244.56.96,151.100.152.12,151.12.60.130,151.13.197.78,151.15.58.223] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (26)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510051; rev:1830; fwsam: src, 24 hours;)
alert tcp [151.16.152.52,151.201.22.120,151.23.57.72,151.32.43.30,151.59.103.234,151.80.81.209,151.82.149.250,152.23.231.120,152.92.175.150,155.230.154.2,157.100.129.203,157.100.195.134,157.99.64.62,158.142.160.217,159.148.178.133,159.226.170.61,159.226.3.122,159.226.7.162,160.193.152.137,160.217.6.5,160.36.8.210,160.79.78.53,160.80.97.45,162.105.156.243,162.105.21.139,163.13.111.26,163.13.196.104,163.27.136.4,163.27.149.2,163.27.214.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (27)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510052; rev:1830; fwsam: src, 24 hours;)
alert udp [151.16.152.52,151.201.22.120,151.23.57.72,151.32.43.30,151.59.103.234,151.80.81.209,151.82.149.250,152.23.231.120,152.92.175.150,155.230.154.2,157.100.129.203,157.100.195.134,157.99.64.62,158.142.160.217,159.148.178.133,159.226.170.61,159.226.3.122,159.226.7.162,160.193.152.137,160.217.6.5,160.36.8.210,160.79.78.53,160.80.97.45,162.105.156.243,162.105.21.139,163.13.111.26,163.13.196.104,163.27.136.4,163.27.149.2,163.27.214.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (27)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510053; rev:1830; fwsam: src, 24 hours;)
alert tcp [163.27.214.66,163.27.216.2,163.27.5.4,163.32.48.10,164.41.25.120,164.67.186.62,164.77.170.66,164.77.201.50,164.78.248.57,164.82.144.3,165.132.160.14,165.132.169.86,165.247.0.179,166.82.96.9,168.126.28.24,168.188.48.249,168.8.27.4,170.51.11.196,173.1.10.77,173.1.4.196,173.10.106.225,173.15.228.2,173.15.29.61,173.161.142.141,173.163.193.213,173.168.184.193,173.17.99.170,173.19.26.252,173.192.40.12,173.201.97.128] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (28)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510054; rev:1830; fwsam: src, 24 hours;)
alert udp [163.27.214.66,163.27.216.2,163.27.5.4,163.32.48.10,164.41.25.120,164.67.186.62,164.77.170.66,164.77.201.50,164.78.248.57,164.82.144.3,165.132.160.14,165.132.169.86,165.247.0.179,166.82.96.9,168.126.28.24,168.188.48.249,168.8.27.4,170.51.11.196,173.1.10.77,173.1.4.196,173.10.106.225,173.15.228.2,173.15.29.61,173.161.142.141,173.163.193.213,173.168.184.193,173.17.99.170,173.19.26.252,173.192.40.12,173.201.97.128] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (28)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510055; rev:1830; fwsam: src, 24 hours;)
alert tcp [173.203.201.71,173.203.203.122,173.203.204.21,173.203.207.191,173.212.209.29,173.212.247.106,173.45.114.146,173.45.99.100,173.51.127.37,173.61.109.180,173.67.143.141,173.75.65.102,173.89.243.231,173.9.102.81,173.93.196.201,174.0.148.183,174.101.136.135,174.102.235.106,174.120.154.6,174.120.208.50,174.120.224.131,174.120.228.194,174.121.100.195,174.121.16.9,174.123.100.66,174.123.217.34,174.123.79.34,174.124.7.144,174.129.222.176,174.142.104.57] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (29)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510056; rev:1830; fwsam: src, 24 hours;)
alert udp [173.203.201.71,173.203.203.122,173.203.204.21,173.203.207.191,173.212.209.29,173.212.247.106,173.45.114.146,173.45.99.100,173.51.127.37,173.61.109.180,173.67.143.141,173.75.65.102,173.89.243.231,173.9.102.81,173.93.196.201,174.0.148.183,174.101.136.135,174.102.235.106,174.120.154.6,174.120.208.50,174.120.224.131,174.120.228.194,174.121.100.195,174.121.16.9,174.123.100.66,174.123.217.34,174.123.79.34,174.124.7.144,174.129.222.176,174.142.104.57] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (29)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510057; rev:1830; fwsam: src, 24 hours;)
alert tcp [174.142.149.158,174.142.75.39,174.143.128.106,174.143.169.14,174.143.202.123,174.143.232.220,174.33.77.123,174.37.136.126,174.39.191.34,174.46.192.99,174.51.134.206,174.51.152.195,174.99.68.181,178.124.129.20,178.93.121.94,18.203.0.51,18.239.6.7,180.1.42.132,180.150.228.66,180.188.200.74,180.218.62.18,180.67.41.4,180.68.206.31,183.81.173.3,184.73.20.216,186.104.234.147,186.125.18.135,186.136.179.165,186.136.180.210,186.136.187.100] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (30)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510058; rev:1830; fwsam: src, 24 hours;)
alert udp [174.142.149.158,174.142.75.39,174.143.128.106,174.143.169.14,174.143.202.123,174.143.232.220,174.33.77.123,174.37.136.126,174.39.191.34,174.46.192.99,174.51.134.206,174.51.152.195,174.99.68.181,178.124.129.20,178.93.121.94,18.203.0.51,18.239.6.7,180.1.42.132,180.150.228.66,180.188.200.74,180.218.62.18,180.67.41.4,180.68.206.31,183.81.173.3,184.73.20.216,186.104.234.147,186.125.18.135,186.136.179.165,186.136.180.210,186.136.187.100] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (30)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510059; rev:1830; fwsam: src, 24 hours;)
alert tcp [186.14.106.141,186.141.33.225,186.15.30.115,186.28.229.17,186.3.14.82,186.40.14.131,186.59.130.20,186.81.116.3,186.81.140.237,186.81.150.123,186.81.218.127,186.81.5.127,186.82.22.248,186.82.62.47,186.82.82.19,186.83.184.55,186.84.171.20,186.84.5.90,186.9.156.43,186.9.214.153,186.9.32.231,186.9.66.48,186.9.92.217,186.97.2.140,186.97.25.79,187.1.231.176,187.10.108.52,187.10.125.74,187.10.131.173,187.10.204.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (31)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510060; rev:1830; fwsam: src, 24 hours;)
alert udp [186.14.106.141,186.141.33.225,186.15.30.115,186.28.229.17,186.3.14.82,186.40.14.131,186.59.130.20,186.81.116.3,186.81.140.237,186.81.150.123,186.81.218.127,186.81.5.127,186.82.22.248,186.82.62.47,186.82.82.19,186.83.184.55,186.84.171.20,186.84.5.90,186.9.156.43,186.9.214.153,186.9.32.231,186.9.66.48,186.9.92.217,186.97.2.140,186.97.25.79,187.1.231.176,187.10.108.52,187.10.125.74,187.10.131.173,187.10.204.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (31)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510061; rev:1830; fwsam: src, 24 hours;)
alert tcp [187.10.95.192,187.11.47.50,187.11.66.94,187.13.148.122,187.142.73.149,187.15.26.201,187.16.19.59,187.160.14.65,187.17.161.219,187.17.225.2,187.2.114.45,187.2.118.223,187.21.26.109,187.22.180.93,187.22.182.167,187.32.3.63,187.33.1.7,187.34.130.56,187.34.134.105,187.34.168.96,187.34.234.202,187.34.253.68,187.34.33.234,187.34.40.37,187.34.41.166,187.35.45.233,187.35.58.25,187.36.103.47,187.37.142.244,187.37.97.17] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (32)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510062; rev:1830; fwsam: src, 24 hours;)
alert udp [187.10.95.192,187.11.47.50,187.11.66.94,187.13.148.122,187.142.73.149,187.15.26.201,187.16.19.59,187.160.14.65,187.17.161.219,187.17.225.2,187.2.114.45,187.2.118.223,187.21.26.109,187.22.180.93,187.22.182.167,187.32.3.63,187.33.1.7,187.34.130.56,187.34.134.105,187.34.168.96,187.34.234.202,187.34.253.68,187.34.33.234,187.34.40.37,187.34.41.166,187.35.45.233,187.35.58.25,187.36.103.47,187.37.142.244,187.37.97.17] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (32)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510063; rev:1830; fwsam: src, 24 hours;)
alert tcp [187.39.214.254,187.4.115.236,187.4.23.193,187.4.67.74,187.40.0.210,187.45.219.202,187.46.171.130,187.49.169.31,187.5.107.180,187.52.203.121,187.56.221.219,187.57.72.79,187.6.109.114,187.6.17.243,187.6.81.72,187.60.247.119,187.64.32.165,187.7.109.48,187.7.160.67,187.7.6.51,187.75.142.85,187.78.186.248,187.8.155.138,187.88.139.66,187.88.3.157,187.89.116.132,187.89.33.57,187.89.51.131,188.120.221.206,188.121.136.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (33)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510064; rev:1830; fwsam: src, 24 hours;)
alert udp [187.39.214.254,187.4.115.236,187.4.23.193,187.4.67.74,187.40.0.210,187.45.219.202,187.46.171.130,187.49.169.31,187.5.107.180,187.52.203.121,187.56.221.219,187.57.72.79,187.6.109.114,187.6.17.243,187.6.81.72,187.60.247.119,187.64.32.165,187.7.109.48,187.7.160.67,187.7.6.51,187.75.142.85,187.78.186.248,187.8.155.138,187.88.139.66,187.88.3.157,187.89.116.132,187.89.33.57,187.89.51.131,188.120.221.206,188.121.136.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (33)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510065; rev:1830; fwsam: src, 24 hours;)
alert tcp [188.124.15.179,188.124.15.244,188.124.3.225,188.124.5.106,188.124.5.118,188.124.5.123,188.124.7.247,188.124.97.198,188.125.138.197,188.127.241.143,188.132.210.210,188.138.40.190,188.148.42.99,188.17.66.127,188.173.152.100,188.177.17.216,188.18.122.123,188.18.99.241,188.2.205.120,188.2.222.182,188.20.73.10,188.24.41.217,188.24.43.37,188.25.36.198,188.26.144.21,188.26.144.31,188.26.185.134,188.26.244.113,188.26.55.29,188.36.132.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (34)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510066; rev:1830; fwsam: src, 24 hours;)
alert udp [188.124.15.179,188.124.15.244,188.124.3.225,188.124.5.106,188.124.5.118,188.124.5.123,188.124.7.247,188.124.97.198,188.125.138.197,188.127.241.143,188.132.210.210,188.138.40.190,188.148.42.99,188.17.66.127,188.173.152.100,188.177.17.216,188.18.122.123,188.18.99.241,188.2.205.120,188.2.222.182,188.20.73.10,188.24.41.217,188.24.43.37,188.25.36.198,188.26.144.21,188.26.144.31,188.26.185.134,188.26.244.113,188.26.55.29,188.36.132.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (34)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510067; rev:1830; fwsam: src, 24 hours;)
alert tcp [188.36.156.115,188.36.176.99,188.40.153.167,188.58.131.21,188.58.182.125,188.58.38.187,188.65.51.246,188.72.216.254,188.72.220.181,188.72.225.219,188.72.238.69,188.72.243.79,188.72.250.194,188.73.230.89,188.73.235.88,188.93.212.39,188.93.212.50,188.93.230.247,188.95.48.57,188.95.48.64,188.97.14.146,189.0.249.85,189.1.162.180,189.1.17.125,189.10.232.130,189.100.16.134,189.100.203.160,189.101.154.249,189.102.119.149,189.102.240.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (35)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510068; rev:1830; fwsam: src, 24 hours;)
alert udp [188.36.156.115,188.36.176.99,188.40.153.167,188.58.131.21,188.58.182.125,188.58.38.187,188.65.51.246,188.72.216.254,188.72.220.181,188.72.225.219,188.72.238.69,188.72.243.79,188.72.250.194,188.73.230.89,188.73.235.88,188.93.212.39,188.93.212.50,188.93.230.247,188.95.48.57,188.95.48.64,188.97.14.146,189.0.249.85,189.1.162.180,189.1.17.125,189.10.232.130,189.100.16.134,189.100.203.160,189.101.154.249,189.102.119.149,189.102.240.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (35)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510069; rev:1830; fwsam: src, 24 hours;)
alert tcp [189.102.56.52,189.103.150.32,189.103.253.196,189.104.83.116,189.105.106.180,189.105.175.35,189.105.176.234,189.108.104.194,189.108.123.58,189.108.172.26,189.109.121.59,189.110.0.60,189.110.103.90,189.110.106.197,189.110.159.198,189.110.225.165,189.110.250.212,189.110.35.80,189.110.4.82,189.110.69.173,189.111.75.236,189.117.178.248,189.118.112.165,189.118.44.209,189.12.55.205,189.120.1.233,189.126.119.15,189.126.22.48,189.126.24.17,189.127.51.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (36)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510070; rev:1830; fwsam: src, 24 hours;)
alert udp [189.102.56.52,189.103.150.32,189.103.253.196,189.104.83.116,189.105.106.180,189.105.175.35,189.105.176.234,189.108.104.194,189.108.123.58,189.108.172.26,189.109.121.59,189.110.0.60,189.110.103.90,189.110.106.197,189.110.159.198,189.110.225.165,189.110.250.212,189.110.35.80,189.110.4.82,189.110.69.173,189.111.75.236,189.117.178.248,189.118.112.165,189.118.44.209,189.12.55.205,189.120.1.233,189.126.119.15,189.126.22.48,189.126.24.17,189.127.51.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (36)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510071; rev:1830; fwsam: src, 24 hours;)
alert tcp [189.13.141.18,189.13.151.205,189.131.65.221,189.15.164.127,189.15.234.207,189.15.65.110,189.15.81.143,189.16.92.8,189.17.122.197,189.17.197.130,189.18.111.29,189.18.149.72,189.18.255.61,189.18.54.221,189.18.93.223,189.19.152.173,189.19.242.38,189.19.51.178,189.2.193.142,189.20.206.222,189.201.5.117,189.202.63.168,189.204.47.183,189.22.131.162,189.220.108.92,189.220.40.59,189.220.45.115,189.220.46.23,189.220.62.35,189.221.35.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (37)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510072; rev:1830; fwsam: src, 24 hours;)
alert udp [189.13.141.18,189.13.151.205,189.131.65.221,189.15.164.127,189.15.234.207,189.15.65.110,189.15.81.143,189.16.92.8,189.17.122.197,189.17.197.130,189.18.111.29,189.18.149.72,189.18.255.61,189.18.54.221,189.18.93.223,189.19.152.173,189.19.242.38,189.19.51.178,189.2.193.142,189.20.206.222,189.201.5.117,189.202.63.168,189.204.47.183,189.22.131.162,189.220.108.92,189.220.40.59,189.220.45.115,189.220.46.23,189.220.62.35,189.221.35.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (37)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510073; rev:1830; fwsam: src, 24 hours;)
alert tcp [189.3.182.122,189.3.210.230,189.3.236.155,189.35.56.77,189.37.66.203,189.37.71.11,189.38.229.230,189.38.23.131,189.38.250.13,189.4.65.54,189.41.179.12,189.42.162.2,189.44.27.194,189.45.37.101,189.46.101.193,189.46.149.189,189.46.187.107,189.46.189.114,189.46.197.172,189.46.204.28,189.46.239.253,189.46.42.3,189.47.18.11,189.47.19.150,189.5.118.192,189.50.198.250,189.50.80.19,189.53.205.211,189.53.46.2,189.53.47.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (38)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510074; rev:1830; fwsam: src, 24 hours;)
alert udp [189.3.182.122,189.3.210.230,189.3.236.155,189.35.56.77,189.37.66.203,189.37.71.11,189.38.229.230,189.38.23.131,189.38.250.13,189.4.65.54,189.41.179.12,189.42.162.2,189.44.27.194,189.45.37.101,189.46.101.193,189.46.149.189,189.46.187.107,189.46.189.114,189.46.197.172,189.46.204.28,189.46.239.253,189.46.42.3,189.47.18.11,189.47.19.150,189.5.118.192,189.50.198.250,189.50.80.19,189.53.205.211,189.53.46.2,189.53.47.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (38)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510075; rev:1830; fwsam: src, 24 hours;)
alert tcp [189.55.108.181,189.56.48.170,189.58.102.55,189.59.73.178,189.62.11.88,189.62.250.154,189.63.202.240,189.64.155.236,189.65.58.28,189.66.171.56,189.68.200.140,189.68.209.116,189.68.30.157,189.69.133.60,189.7.160.30,189.71.172.18,189.73.194.130,189.74.122.146,189.75.217.128,189.77.142.150,189.78.12.149,189.78.2.6,189.78.24.197,189.81.144.209,189.83.85.177,189.99.74.245,190.0.167.245,190.0.167.248,190.102.216.141,190.105.42.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (39)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510076; rev:1830; fwsam: src, 24 hours;)
alert udp [189.55.108.181,189.56.48.170,189.58.102.55,189.59.73.178,189.62.11.88,189.62.250.154,189.63.202.240,189.64.155.236,189.65.58.28,189.66.171.56,189.68.200.140,189.68.209.116,189.68.30.157,189.69.133.60,189.7.160.30,189.71.172.18,189.73.194.130,189.74.122.146,189.75.217.128,189.77.142.150,189.78.12.149,189.78.2.6,189.78.24.197,189.81.144.209,189.83.85.177,189.99.74.245,190.0.167.245,190.0.167.248,190.102.216.141,190.105.42.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (39)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510077; rev:1830; fwsam: src, 24 hours;)
alert tcp [190.109.192.131,190.11.10.5,190.120.226.187,190.120.228.44,190.120.238.7,190.128.51.86,190.131.29.124,190.134.130.184,190.134.168.173,190.134.177.81,190.135.71.241,190.136.127.192,190.136.217.83,190.137.178.63,190.137.190.212,190.139.68.214,190.14.229.34,190.14.244.222,190.140.56.226,190.142.127.254,190.142.169.10,190.142.54.244,190.146.247.15,190.147.23.8,190.147.33.33,190.152.182.163,190.152.217.250,190.152.60.246,190.152.99.19,190.153.35.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (40)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510078; rev:1830; fwsam: src, 24 hours;)
alert udp [190.109.192.131,190.11.10.5,190.120.226.187,190.120.228.44,190.120.238.7,190.128.51.86,190.131.29.124,190.134.130.184,190.134.168.173,190.134.177.81,190.135.71.241,190.136.127.192,190.136.217.83,190.137.178.63,190.137.190.212,190.139.68.214,190.14.229.34,190.14.244.222,190.140.56.226,190.142.127.254,190.142.169.10,190.142.54.244,190.146.247.15,190.147.23.8,190.147.33.33,190.152.182.163,190.152.217.250,190.152.60.246,190.152.99.19,190.153.35.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (40)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510079; rev:1830; fwsam: src, 24 hours;)
alert tcp [190.158.230.33,190.159.135.221,190.159.69.235,190.160.160.174,190.161.182.186,190.161.66.86,190.162.41.163,190.163.190.127,190.164.40.10,190.164.99.33,190.173.14.241,190.173.198.161,190.173.204.167,190.173.205.225,190.174.174.207,190.174.218.79,190.176.49.140,190.178.147.232,190.179.140.96,190.179.220.205,190.179.7.181,190.18.154.160,190.18.173.60,190.18.83.204,190.187.66.170,190.189.120.102,190.189.123.32,190.19.122.247,190.19.61.158,190.190.100.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (41)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510080; rev:1830; fwsam: src, 24 hours;)
alert udp [190.158.230.33,190.159.135.221,190.159.69.235,190.160.160.174,190.161.182.186,190.161.66.86,190.162.41.163,190.163.190.127,190.164.40.10,190.164.99.33,190.173.14.241,190.173.198.161,190.173.204.167,190.173.205.225,190.174.174.207,190.174.218.79,190.176.49.140,190.178.147.232,190.179.140.96,190.179.220.205,190.179.7.181,190.18.154.160,190.18.173.60,190.18.83.204,190.187.66.170,190.189.120.102,190.189.123.32,190.19.122.247,190.19.61.158,190.190.100.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (41)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510081; rev:1830; fwsam: src, 24 hours;)
alert tcp [190.190.166.31,190.190.236.204,190.191.147.230,190.191.38.197,190.192.34.188,190.193.111.243,190.2.24.237,190.20.10.14,190.20.49.7,190.20.76.145,190.20.81.196,190.200.226.168,190.204.187.244,190.208.19.228,190.209.165.193,190.21.230.185,190.210.58.154,190.210.58.155,190.22.219.209,190.22.235.50,190.22.3.12,190.220.137.10,190.220.14.195,190.220.99.27,190.223.40.154,190.226.45.34,190.226.92.222,190.227.68.98,190.228.155.76,190.231.57.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (42)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510082; rev:1830; fwsam: src, 24 hours;)
alert udp [190.190.166.31,190.190.236.204,190.191.147.230,190.191.38.197,190.192.34.188,190.193.111.243,190.2.24.237,190.20.10.14,190.20.49.7,190.20.76.145,190.20.81.196,190.200.226.168,190.204.187.244,190.208.19.228,190.209.165.193,190.21.230.185,190.210.58.154,190.210.58.155,190.22.219.209,190.22.235.50,190.22.3.12,190.220.137.10,190.220.14.195,190.220.99.27,190.223.40.154,190.226.45.34,190.226.92.222,190.227.68.98,190.228.155.76,190.231.57.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (42)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510083; rev:1830; fwsam: src, 24 hours;)
alert tcp [190.24.129.8,190.24.138.26,190.24.96.167,190.240.24.152,190.240.80.70,190.241.78.193,190.245.16.36,190.246.150.26,190.246.74.97,190.248.128.94,190.25.151.231,190.25.168.56,190.25.61.138,190.253.78.170,190.26.212.4,190.27.194.90,190.30.36.187,190.30.58.131,190.31.175.34,190.34.126.79,190.36.154.179,190.37.133.113,190.45.21.49,190.45.3.80,190.46.124.55,190.46.144.230,190.46.201.103,190.46.231.230,190.46.93.230,190.48.7.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (43)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510084; rev:1830; fwsam: src, 24 hours;)
alert udp [190.24.129.8,190.24.138.26,190.24.96.167,190.240.24.152,190.240.80.70,190.241.78.193,190.245.16.36,190.246.150.26,190.246.74.97,190.248.128.94,190.25.151.231,190.25.168.56,190.25.61.138,190.253.78.170,190.26.212.4,190.27.194.90,190.30.36.187,190.30.58.131,190.31.175.34,190.34.126.79,190.36.154.179,190.37.133.113,190.45.21.49,190.45.3.80,190.46.124.55,190.46.144.230,190.46.201.103,190.46.231.230,190.46.93.230,190.48.7.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (43)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510085; rev:1830; fwsam: src, 24 hours;)
alert tcp [190.48.8.194,190.49.117.98,190.49.99.41,190.5.192.59,190.50.173.149,190.50.227.1,190.50.60.247,190.51.140.43,190.51.160.147,190.51.184.83,190.51.214.52,190.51.54.26,190.55.22.134,190.55.229.32,190.60.114.27,190.64.5.245,190.68.110.213,190.69.1.14,190.73.110.116,190.73.128.83,190.76.13.237,190.79.48.197,190.81.104.28,190.81.186.6,190.82.191.229,190.82.34.61,190.82.46.176,190.82.5.177,190.95.116.40,190.95.18.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (44)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510086; rev:1830; fwsam: src, 24 hours;)
alert udp [190.48.8.194,190.49.117.98,190.49.99.41,190.5.192.59,190.50.173.149,190.50.227.1,190.50.60.247,190.51.140.43,190.51.160.147,190.51.184.83,190.51.214.52,190.51.54.26,190.55.22.134,190.55.229.32,190.60.114.27,190.64.5.245,190.68.110.213,190.69.1.14,190.73.110.116,190.73.128.83,190.76.13.237,190.79.48.197,190.81.104.28,190.81.186.6,190.82.191.229,190.82.34.61,190.82.46.176,190.82.5.177,190.95.116.40,190.95.18.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (44)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510087; rev:1830; fwsam: src, 24 hours;)
alert tcp [190.95.19.189,190.95.30.174,190.95.34.24,190.95.58.168,190.95.67.104,190.99.214.161,190.99.217.182,190.99.220.250,192.116.243.195,192.68.1.94,192.93.248.66,193.0.225.49,193.104.106.62,193.104.22.100,193.104.22.71,193.104.22.90,193.104.27.109,193.104.27.11,193.104.27.110,193.104.27.139,193.104.27.171,193.104.27.211,193.104.27.212,193.104.27.218,193.104.27.227,193.104.27.54,193.104.27.82,193.104.27.86,193.104.27.90,193.104.27.91] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (45)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510088; rev:1830; fwsam: src, 24 hours;)
alert udp [190.95.19.189,190.95.30.174,190.95.34.24,190.95.58.168,190.95.67.104,190.99.214.161,190.99.217.182,190.99.220.250,192.116.243.195,192.68.1.94,192.93.248.66,193.0.225.49,193.104.106.62,193.104.22.100,193.104.22.71,193.104.22.90,193.104.27.109,193.104.27.11,193.104.27.110,193.104.27.139,193.104.27.171,193.104.27.211,193.104.27.212,193.104.27.218,193.104.27.227,193.104.27.54,193.104.27.82,193.104.27.86,193.104.27.90,193.104.27.91] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (45)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510089; rev:1830; fwsam: src, 24 hours;)
alert tcp [193.104.27.98,193.104.41.132,193.104.41.134,193.104.41.138,193.104.41.254,193.104.41.5,193.104.41.68,193.104.41.69,193.104.41.75,193.104.94.15,193.104.94.2,193.104.94.34,193.104.94.56,193.104.94.60,193.104.94.66,193.104.94.81,193.104.94.96,193.105.0.101,193.105.0.11,193.105.0.130,193.105.0.131,193.105.0.14,193.105.0.15,193.105.0.16,193.105.0.17,193.105.0.201,193.105.0.202,193.105.0.21,193.105.0.210,193.105.0.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (46)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510090; rev:1830; fwsam: src, 24 hours;)
alert udp [193.104.27.98,193.104.41.132,193.104.41.134,193.104.41.138,193.104.41.254,193.104.41.5,193.104.41.68,193.104.41.69,193.104.41.75,193.104.94.15,193.104.94.2,193.104.94.34,193.104.94.56,193.104.94.60,193.104.94.66,193.104.94.81,193.104.94.96,193.105.0.101,193.105.0.11,193.105.0.130,193.105.0.131,193.105.0.14,193.105.0.15,193.105.0.16,193.105.0.17,193.105.0.201,193.105.0.202,193.105.0.21,193.105.0.210,193.105.0.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (46)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510091; rev:1830; fwsam: src, 24 hours;)
alert tcp [193.105.0.22,193.105.0.23,193.105.0.31,193.105.0.32,193.105.0.33,193.105.0.41,193.105.0.42,193.105.0.43,193.105.0.44,193.105.0.51,193.105.0.52,193.105.0.54,193.105.0.61,193.105.0.62,193.105.0.70,193.105.0.71,193.105.0.81,193.105.0.82,193.105.0.83,193.105.0.84,193.105.0.85,193.105.0.91,193.105.0.92,193.105.0.93,193.105.0.94,193.105.0.95,193.105.0.96,193.108.128.232,193.108.170.241,193.136.19.141] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (47)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510092; rev:1830; fwsam: src, 24 hours;)
alert udp [193.105.0.22,193.105.0.23,193.105.0.31,193.105.0.32,193.105.0.33,193.105.0.41,193.105.0.42,193.105.0.43,193.105.0.44,193.105.0.51,193.105.0.52,193.105.0.54,193.105.0.61,193.105.0.62,193.105.0.70,193.105.0.71,193.105.0.81,193.105.0.82,193.105.0.83,193.105.0.84,193.105.0.85,193.105.0.91,193.105.0.92,193.105.0.93,193.105.0.94,193.105.0.95,193.105.0.96,193.108.128.232,193.108.170.241,193.136.19.141] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (47)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510093; rev:1830; fwsam: src, 24 hours;)
alert tcp [193.136.230.12,193.142.30.141,193.145.216.240,193.148.47.4,193.151.104.219,193.164.132.178,193.169.13.250,193.169.219.25,193.171.32.6,193.178.146.243,193.178.147.136,193.178.147.249,193.188.73.22,193.19.240.234,193.192.58.76,193.193.201.25,193.194.84.215,193.194.91.132,193.198.63.24,193.200.164.40,193.200.178.251,193.200.255.10,193.202.110.140,193.204.16.216,193.206.109.3,193.219.5.200,193.224.41.157,193.227.209.122,193.23.53.206,193.232.159.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (48)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510094; rev:1830; fwsam: src, 24 hours;)
alert udp [193.136.230.12,193.142.30.141,193.145.216.240,193.148.47.4,193.151.104.219,193.164.132.178,193.169.13.250,193.169.219.25,193.171.32.6,193.178.146.243,193.178.147.136,193.178.147.249,193.188.73.22,193.19.240.234,193.192.58.76,193.193.201.25,193.194.84.215,193.194.91.132,193.198.63.24,193.200.164.40,193.200.178.251,193.200.255.10,193.202.110.140,193.204.16.216,193.206.109.3,193.219.5.200,193.224.41.157,193.227.209.122,193.23.53.206,193.232.159.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (48)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510095; rev:1830; fwsam: src, 24 hours;)
alert tcp [193.235.148.17,193.238.28.221,193.243.159.109,193.250.169.94,193.254.196.6,193.34.73.7,193.41.142.104,193.46.46.245,193.46.80.186,193.77.169.108,193.77.212.241,193.86.230.30,193.86.5.103,193.87.65.6,193.9.59.12,193.93.186.163,193.93.236.11,193.93.48.195,193.93.50.115,194.0.252.231,194.1.149.226,194.105.129.10,194.105.144.236,194.105.9.87,194.106.203.100,194.108.45.195,194.117.43.226,194.126.180.54,194.126.184.254,194.126.224.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (49)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510096; rev:1830; fwsam: src, 24 hours;)
alert udp [193.235.148.17,193.238.28.221,193.243.159.109,193.250.169.94,193.254.196.6,193.34.73.7,193.41.142.104,193.46.46.245,193.46.80.186,193.77.169.108,193.77.212.241,193.86.230.30,193.86.5.103,193.87.65.6,193.9.59.12,193.93.186.163,193.93.236.11,193.93.48.195,193.93.50.115,194.0.252.231,194.1.149.226,194.105.129.10,194.105.144.236,194.105.9.87,194.106.203.100,194.108.45.195,194.117.43.226,194.126.180.54,194.126.184.254,194.126.224.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (49)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510097; rev:1830; fwsam: src, 24 hours;)
alert tcp [194.143.147.10,194.143.227.13,194.150.92.6,194.169.206.4,194.170.32.253,194.170.32.254,194.177.250.149,194.185.200.156,194.187.74.233,194.190.139.249,194.206.28.10,194.237.103.17,194.239.103.134,194.247.214.1,194.30.168.146,194.44.240.74,194.44.72.35,194.44.94.71,194.44.96.162,194.54.81.194,194.79.9.42,194.85.61.78,194.88.106.4,194.98.36.5,195.11.217.102,195.110.8.244,195.114.7.41,195.116.254.135,195.117.92.20,195.122.241.236] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (50)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510098; rev:1830; fwsam: src, 24 hours;)
alert udp [194.143.147.10,194.143.227.13,194.150.92.6,194.169.206.4,194.170.32.253,194.170.32.254,194.177.250.149,194.185.200.156,194.187.74.233,194.190.139.249,194.206.28.10,194.237.103.17,194.239.103.134,194.247.214.1,194.30.168.146,194.44.240.74,194.44.72.35,194.44.94.71,194.44.96.162,194.54.81.194,194.79.9.42,194.85.61.78,194.88.106.4,194.98.36.5,195.11.217.102,195.110.8.244,195.114.7.41,195.116.254.135,195.117.92.20,195.122.241.236] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (50)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510099; rev:1830; fwsam: src, 24 hours;)
alert tcp [195.128.158.108,195.13.190.7,195.137.30.127,195.138.168.18,195.138.73.114,195.138.81.135,195.146.151.177,195.151.248.197,195.154.158.18,195.168.103.138,195.182.194.63,195.20.102.10,195.20.102.2,195.20.194.137,195.208.10.194,195.211.212.34,195.218.255.30,195.218.31.37,195.22.238.45,195.222.7.218,195.228.0.186,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.230.94.2,195.238.112.214,195.239.226.76,195.242.161.111] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (51)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510100; rev:1830; fwsam: src, 24 hours;)
alert udp [195.128.158.108,195.13.190.7,195.137.30.127,195.138.168.18,195.138.73.114,195.138.81.135,195.146.151.177,195.151.248.197,195.154.158.18,195.168.103.138,195.182.194.63,195.20.102.10,195.20.102.2,195.20.194.137,195.208.10.194,195.211.212.34,195.218.255.30,195.218.31.37,195.22.238.45,195.222.7.218,195.228.0.186,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.230.94.2,195.238.112.214,195.239.226.76,195.242.161.111] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (51)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510101; rev:1830; fwsam: src, 24 hours;)
alert tcp [195.242.161.190,195.244.128.195,195.244.132.148,195.245.194.22,195.250.39.66,195.26.74.167,195.3.151.250,195.34.107.23,195.42.130.220,195.47.247.177,195.5.41.190,195.50.198.86,195.50.222.83,195.50.69.84,195.56.207.106,195.60.71.153,195.62.175.249,195.66.157.210,195.69.251.131,195.74.130.71,195.77.254.106,195.78.108.150,195.78.108.22,195.78.108.221,195.78.108.70,195.78.94.62,195.8.39.199,195.88.124.210,195.88.208.8,195.88.209.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (52)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510102; rev:1830; fwsam: src, 24 hours;)
alert udp [195.242.161.190,195.244.128.195,195.244.132.148,195.245.194.22,195.250.39.66,195.26.74.167,195.3.151.250,195.34.107.23,195.42.130.220,195.47.247.177,195.5.41.190,195.50.198.86,195.50.222.83,195.50.69.84,195.56.207.106,195.60.71.153,195.62.175.249,195.66.157.210,195.69.251.131,195.74.130.71,195.77.254.106,195.78.108.150,195.78.108.22,195.78.108.221,195.78.108.70,195.78.94.62,195.8.39.199,195.88.124.210,195.88.208.8,195.88.209.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (52)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510103; rev:1830; fwsam: src, 24 hours;)
alert tcp [195.88.209.24,195.88.33.102,195.90.106.212,195.93.153.47,195.94.143.126,195.98.167.198,196.1.217.227,196.12.157.28,196.12.36.225,196.12.44.215,196.15.143.106,196.2.128.19,196.200.176.98,196.207.22.98,196.210.35.226,196.213.43.246,196.216.82.106,196.23.50.9,196.25.173.7,196.25.29.206,196.3.98.136,196.30.80.34,196.35.158.183,196.41.3.197,198.211.205.219,198.3.68.101,198.64.45.52,198.66.210.22,199.166.26.51,199.166.26.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (53)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510104; rev:1830; fwsam: src, 24 hours;)
alert udp [195.88.209.24,195.88.33.102,195.90.106.212,195.93.153.47,195.94.143.126,195.98.167.198,196.1.217.227,196.12.157.28,196.12.36.225,196.12.44.215,196.15.143.106,196.2.128.19,196.200.176.98,196.207.22.98,196.210.35.226,196.213.43.246,196.216.82.106,196.23.50.9,196.25.173.7,196.25.29.206,196.3.98.136,196.30.80.34,196.35.158.183,196.41.3.197,198.211.205.219,198.3.68.101,198.64.45.52,198.66.210.22,199.166.26.51,199.166.26.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (53)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510105; rev:1830; fwsam: src, 24 hours;)
alert tcp [199.34.121.68,199.34.125.43,199.71.213.3,199.76.166.241,200.100.147.120,200.100.170.228,200.100.82.224,200.101.252.120,200.104.41.147,200.106.149.171,200.106.149.172,200.106.183.151,200.110.130.210,200.111.166.170,200.111.177.117,200.111.39.34,200.111.63.246,200.114.4.231,200.120.237.63,200.120.47.115,200.123.110.118,200.123.156.201,200.126.123.135,200.126.175.118,200.126.95.21,200.127.3.90,200.129.189.65,200.13.244.211,200.13.254.183,200.14.86.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (54)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510106; rev:1830; fwsam: src, 24 hours;)
alert udp [199.34.121.68,199.34.125.43,199.71.213.3,199.76.166.241,200.100.147.120,200.100.170.228,200.100.82.224,200.101.252.120,200.104.41.147,200.106.149.171,200.106.149.172,200.106.183.151,200.110.130.210,200.111.166.170,200.111.177.117,200.111.39.34,200.111.63.246,200.114.4.231,200.120.237.63,200.120.47.115,200.123.110.118,200.123.156.201,200.126.123.135,200.126.175.118,200.126.95.21,200.127.3.90,200.129.189.65,200.13.244.211,200.13.254.183,200.14.86.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (54)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510107; rev:1830; fwsam: src, 24 hours;)
alert tcp [200.141.76.155,200.143.10.231,200.145.119.56,200.145.200.28,200.146.37.29,200.149.76.67,200.150.29.203,200.151.0.186,200.155.24.85,200.155.24.86,200.156.99.118,200.158.172.244,200.158.192.201,200.158.194.235,200.161.164.250,200.163.37.27,200.164.137.102,200.165.67.250,200.166.248.82,200.168.82.82,200.175.100.61,200.175.226.217,200.179.33.122,200.189.54.85,200.190.60.147,200.193.51.25,200.195.127.215,200.195.184.11,200.20.3.175,200.201.180.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (55)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510108; rev:1830; fwsam: src, 24 hours;)
alert udp [200.141.76.155,200.143.10.231,200.145.119.56,200.145.200.28,200.146.37.29,200.149.76.67,200.150.29.203,200.151.0.186,200.155.24.85,200.155.24.86,200.156.99.118,200.158.172.244,200.158.192.201,200.158.194.235,200.161.164.250,200.163.37.27,200.164.137.102,200.165.67.250,200.166.248.82,200.168.82.82,200.175.100.61,200.175.226.217,200.179.33.122,200.189.54.85,200.190.60.147,200.193.51.25,200.195.127.215,200.195.184.11,200.20.3.175,200.201.180.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (55)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510109; rev:1830; fwsam: src, 24 hours;)
alert tcp [200.201.183.52,200.204.150.216,200.204.237.252,200.206.63.110,200.207.121.107,200.21.174.52,200.21.228.84,200.212.27.200,200.212.95.134,200.215.210.210,200.219.163.116,200.219.231.123,200.219.71.247,200.223.181.58,200.231.59.9,200.234.100.57,200.24.221.83,200.242.107.66,200.243.59.195,200.244.89.2,200.248.115.130,200.248.9.195,200.251.137.5,200.253.149.19,200.29.161.89,200.30.226.180,200.30.78.233,200.31.42.3,200.35.145.170,200.35.150.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (56)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510110; rev:1830; fwsam: src, 24 hours;)
alert udp [200.201.183.52,200.204.150.216,200.204.237.252,200.206.63.110,200.207.121.107,200.21.174.52,200.21.228.84,200.212.27.200,200.212.95.134,200.215.210.210,200.219.163.116,200.219.231.123,200.219.71.247,200.223.181.58,200.231.59.9,200.234.100.57,200.24.221.83,200.242.107.66,200.243.59.195,200.244.89.2,200.248.115.130,200.248.9.195,200.251.137.5,200.253.149.19,200.29.161.89,200.30.226.180,200.30.78.233,200.31.42.3,200.35.145.170,200.35.150.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (56)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510111; rev:1830; fwsam: src, 24 hours;)
alert tcp [200.35.150.42,200.35.151.101,200.39.246.106,200.41.66.66,200.42.170.187,200.42.211.5,200.42.240.114,200.44.179.90,200.45.103.248,200.46.247.78,200.46.47.130,200.59.229.9,200.6.162.31,200.6.216.83,200.60.82.82,200.61.165.65,200.61.189.164,200.62.141.58,200.62.213.11,200.63.46.116,200.63.46.131,200.69.103.60,200.69.106.147,200.69.135.43,200.72.23.227,200.75.112.8,200.76.17.194,200.79.214.231,200.79.230.232,200.8.189.166] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (57)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510112; rev:1830; fwsam: src, 24 hours;)
alert udp [200.35.150.42,200.35.151.101,200.39.246.106,200.41.66.66,200.42.170.187,200.42.211.5,200.42.240.114,200.44.179.90,200.45.103.248,200.46.247.78,200.46.47.130,200.59.229.9,200.6.162.31,200.6.216.83,200.60.82.82,200.61.165.65,200.61.189.164,200.62.141.58,200.62.213.11,200.63.46.116,200.63.46.131,200.69.103.60,200.69.106.147,200.69.135.43,200.72.23.227,200.75.112.8,200.76.17.194,200.79.214.231,200.79.230.232,200.8.189.166] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (57)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510113; rev:1830; fwsam: src, 24 hours;)
alert tcp [200.8.89.190,200.80.13.209,200.82.202.7,200.83.234.22,200.83.95.226,200.85.20.52,200.85.210.140,200.85.58.218,200.86.146.98,200.86.155.28,200.86.176.102,200.86.3.86,200.86.30.21,200.88.114.181,200.88.48.140,200.91.200.115,200.94.17.250,201.0.145.106,201.1.0.144,201.1.21.105,201.1.28.129,201.1.35.227,201.116.234.201,201.12.149.228,201.13.162.201,201.13.164.100,201.13.179.241,201.13.183.76,201.13.197.183,201.13.62.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (58)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510114; rev:1830; fwsam: src, 24 hours;)
alert udp [200.8.89.190,200.80.13.209,200.82.202.7,200.83.234.22,200.83.95.226,200.85.20.52,200.85.210.140,200.85.58.218,200.86.146.98,200.86.155.28,200.86.176.102,200.86.3.86,200.86.30.21,200.88.114.181,200.88.48.140,200.91.200.115,200.94.17.250,201.0.145.106,201.1.0.144,201.1.21.105,201.1.28.129,201.1.35.227,201.116.234.201,201.12.149.228,201.13.162.201,201.13.164.100,201.13.179.241,201.13.183.76,201.13.197.183,201.13.62.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (58)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510115; rev:1830; fwsam: src, 24 hours;)
alert tcp [201.130.192.141,201.144.41.51,201.147.150.80,201.147.189.115,201.148.157.151,201.149.158.145,201.15.240.2,201.15.62.241,201.158.74.152,201.16.201.74,201.160.111.56,201.160.130.123,201.160.160.165,201.160.186.99,201.160.89.59,201.161.9.118,201.166.100.234,201.166.61.60,201.192.85.210,201.20.13.226,201.20.160.6,201.20.186.222,201.212.118.167,201.213.230.83,201.214.158.109,201.215.168.141,201.216.201.130,201.217.200.90,201.219.132.2,201.219.3.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (59)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510116; rev:1830; fwsam: src, 24 hours;)
alert udp [201.130.192.141,201.144.41.51,201.147.150.80,201.147.189.115,201.148.157.151,201.149.158.145,201.15.240.2,201.15.62.241,201.158.74.152,201.16.201.74,201.160.111.56,201.160.130.123,201.160.160.165,201.160.186.99,201.160.89.59,201.161.9.118,201.166.100.234,201.166.61.60,201.192.85.210,201.20.13.226,201.20.160.6,201.20.186.222,201.212.118.167,201.213.230.83,201.214.158.109,201.215.168.141,201.216.201.130,201.217.200.90,201.219.132.2,201.219.3.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (59)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510117; rev:1830; fwsam: src, 24 hours;)
alert tcp [201.22.7.195,201.222.179.128,201.225.226.68,201.23.79.162,201.230.33.210,201.231.58.187,201.231.78.83,201.232.147.37,201.232.191.18,201.232.213.254,201.233.205.224,201.233.226.144,201.233.55.121,201.234.87.86,201.236.6.34,201.238.168.38,201.238.213.51,201.238.77.226,201.241.113.68,201.241.172.135,201.241.18.177,201.241.38.122,201.244.224.129,201.246.194.108,201.246.224.54,201.250.212.80,201.255.102.11,201.255.106.65,201.255.190.132,201.255.253.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (60)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510118; rev:1830; fwsam: src, 24 hours;)
alert udp [201.22.7.195,201.222.179.128,201.225.226.68,201.23.79.162,201.230.33.210,201.231.58.187,201.231.78.83,201.232.147.37,201.232.191.18,201.232.213.254,201.233.205.224,201.233.226.144,201.233.55.121,201.234.87.86,201.236.6.34,201.238.168.38,201.238.213.51,201.238.77.226,201.241.113.68,201.241.172.135,201.241.18.177,201.241.38.122,201.244.224.129,201.246.194.108,201.246.224.54,201.250.212.80,201.255.102.11,201.255.106.65,201.255.190.132,201.255.253.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (60)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510119; rev:1830; fwsam: src, 24 hours;)
alert tcp [201.255.29.199,201.26.10.83,201.26.125.105,201.26.14.16,201.26.55.25,201.27.185.14,201.27.197.120,201.27.83.44,201.28.119.58,201.30.221.242,201.30.52.162,201.30.62.170,201.32.125.110,201.33.24.105,201.34.142.38,201.34.36.170,201.34.42.1,201.34.47.174,201.38.138.2,201.41.59.70,201.41.60.133,201.41.61.79,201.42.137.145,201.42.146.129,201.42.161.8,201.42.170.122,201.42.70.237,201.43.135.26,201.43.180.189,201.43.237.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (61)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510120; rev:1830; fwsam: src, 24 hours;)
alert udp [201.255.29.199,201.26.10.83,201.26.125.105,201.26.14.16,201.26.55.25,201.27.185.14,201.27.197.120,201.27.83.44,201.28.119.58,201.30.221.242,201.30.52.162,201.30.62.170,201.32.125.110,201.33.24.105,201.34.142.38,201.34.36.170,201.34.42.1,201.34.47.174,201.38.138.2,201.41.59.70,201.41.60.133,201.41.61.79,201.42.137.145,201.42.146.129,201.42.161.8,201.42.170.122,201.42.70.237,201.43.135.26,201.43.180.189,201.43.237.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (61)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510121; rev:1830; fwsam: src, 24 hours;)
alert tcp [201.43.28.132,201.46.43.33,201.47.190.138,201.5.25.252,201.52.135.142,201.54.226.85,201.57.117.2,201.59.159.53,201.6.123.99,201.62.132.93,201.62.155.100,201.63.227.167,201.65.116.2,201.65.116.6,201.65.22.18,201.65.8.82,201.68.124.6,201.68.140.253,201.68.143.10,201.68.171.10,201.73.187.100,201.77.211.52,201.77.72.157,201.78.236.203,201.79.57.12,201.81.168.246,201.81.23.57,201.83.172.137,201.87.155.130,201.9.81.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (62)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510122; rev:1830; fwsam: src, 24 hours;)
alert udp [201.43.28.132,201.46.43.33,201.47.190.138,201.5.25.252,201.52.135.142,201.54.226.85,201.57.117.2,201.59.159.53,201.6.123.99,201.62.132.93,201.62.155.100,201.63.227.167,201.65.116.2,201.65.116.6,201.65.22.18,201.65.8.82,201.68.124.6,201.68.140.253,201.68.143.10,201.68.171.10,201.73.187.100,201.77.211.52,201.77.72.157,201.78.236.203,201.79.57.12,201.81.168.246,201.81.23.57,201.83.172.137,201.87.155.130,201.9.81.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (62)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510123; rev:1830; fwsam: src, 24 hours;)
alert tcp [201.90.236.218,201.90.55.82,201.92.120.193,201.92.152.228,201.92.44.180,201.92.71.62,201.93.226.229,201.93.232.128,201.93.245.5,201.95.176.87,201.95.189.202,201.95.219.107,202.10.72.154,202.10.72.155,202.100.108.25,202.101.202.20,202.103.24.34,202.104.149.32,202.106.15.210,202.106.162.227,202.106.185.227,202.106.62.33,202.106.62.37,202.106.63.120,202.107.209.33,202.107.226.176,202.107.226.177,202.107.228.179,202.108.100.196,202.108.16.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (63)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510124; rev:1830; fwsam: src, 24 hours;)
alert udp [201.90.236.218,201.90.55.82,201.92.120.193,201.92.152.228,201.92.44.180,201.92.71.62,201.93.226.229,201.93.232.128,201.93.245.5,201.95.176.87,201.95.189.202,201.95.219.107,202.10.72.154,202.10.72.155,202.100.108.25,202.101.202.20,202.103.24.34,202.104.149.32,202.106.15.210,202.106.162.227,202.106.185.227,202.106.62.33,202.106.62.37,202.106.63.120,202.107.209.33,202.107.226.176,202.107.226.177,202.107.228.179,202.108.100.196,202.108.16.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (63)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510125; rev:1830; fwsam: src, 24 hours;)
alert tcp [202.108.39.26,202.108.49.149,202.108.77.139,202.109.121.2,202.110.133.42,202.112.20.185,202.113.13.71,202.113.16.118,202.113.168.77,202.117.10.244,202.117.54.134,202.118.166.56,202.120.111.80,202.120.76.233,202.121.59.251,202.123.82.7,202.124.146.34,202.125.143.201,202.129.16.24,202.129.197.58,202.129.35.98,202.131.68.52,202.131.99.43,202.133.102.196,202.133.246.252,202.133.61.134,202.140.41.206,202.141.132.50,202.141.142.7,202.141.148.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (64)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510126; rev:1830; fwsam: src, 24 hours;)
alert udp [202.108.39.26,202.108.49.149,202.108.77.139,202.109.121.2,202.110.133.42,202.112.20.185,202.113.13.71,202.113.16.118,202.113.168.77,202.117.10.244,202.117.54.134,202.118.166.56,202.120.111.80,202.120.76.233,202.121.59.251,202.123.82.7,202.124.146.34,202.125.143.201,202.129.16.24,202.129.197.58,202.129.35.98,202.131.68.52,202.131.99.43,202.133.102.196,202.133.246.252,202.133.61.134,202.140.41.206,202.141.132.50,202.141.142.7,202.141.148.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (64)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510127; rev:1830; fwsam: src, 24 hours;)
alert tcp [202.141.157.92,202.141.75.6,202.142.163.61,202.142.223.170,202.143.130.210,202.143.142.198,202.143.148.12,202.143.156.162,202.143.159.117,202.143.160.103,202.143.164.34,202.143.173.163,202.145.76.142,202.147.28.42,202.149.115.126,202.151.12.2,202.151.42.15,202.153.39.67,202.158.150.120,202.159.213.47,202.159.220.214,202.160.121.80,202.161.45.162,202.162.219.219,202.162.220.53,202.165.177.130,202.165.177.203,202.165.224.103,202.165.224.108,202.166.199.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (65)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510128; rev:1830; fwsam: src, 24 hours;)
alert udp [202.141.157.92,202.141.75.6,202.142.163.61,202.142.223.170,202.143.130.210,202.143.142.198,202.143.148.12,202.143.156.162,202.143.159.117,202.143.160.103,202.143.164.34,202.143.173.163,202.145.76.142,202.147.28.42,202.149.115.126,202.151.12.2,202.151.42.15,202.153.39.67,202.158.150.120,202.159.213.47,202.159.220.214,202.160.121.80,202.161.45.162,202.162.219.219,202.162.220.53,202.165.177.130,202.165.177.203,202.165.224.103,202.165.224.108,202.166.199.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (65)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510129; rev:1830; fwsam: src, 24 hours;)
alert tcp [202.166.221.97,202.169.54.157,202.171.129.58,202.175.125.155,202.181.203.146,202.183.164.205,202.188.160.32,202.196.160.16,202.198.8.40,202.199.158.6,202.199.64.17,202.201.14.252,202.202.43.18,202.212.120.105,202.22.199.22,202.229.84.1,202.232.164.20,202.247.120.132,202.28.32.115,202.29.15.11,202.29.30.241,202.3.217.125,202.38.140.20,202.39.12.242,202.39.17.50,202.39.75.16,202.43.155.68,202.43.169.11,202.43.177.78,202.44.102.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (66)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510130; rev:1830; fwsam: src, 24 hours;)
alert udp [202.166.221.97,202.169.54.157,202.171.129.58,202.175.125.155,202.181.203.146,202.183.164.205,202.188.160.32,202.196.160.16,202.198.8.40,202.199.158.6,202.199.64.17,202.201.14.252,202.202.43.18,202.212.120.105,202.22.199.22,202.229.84.1,202.232.164.20,202.247.120.132,202.28.32.115,202.29.15.11,202.29.30.241,202.3.217.125,202.38.140.20,202.39.12.242,202.39.17.50,202.39.75.16,202.43.155.68,202.43.169.11,202.43.177.78,202.44.102.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (66)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510131; rev:1830; fwsam: src, 24 hours;)
alert tcp [202.44.11.60,202.44.37.162,202.47.224.163,202.48.53.19,202.5.95.205,202.51.180.6,202.53.70.18,202.54.61.99,202.55.180.37,202.56.176.25,202.57.132.39,202.57.142.37,202.58.98.98,202.6.235.164,202.60.70.41,202.63.106.190,202.65.210.61,202.65.244.14,202.70.36.242,202.70.45.226,202.71.251.46,202.72.218.66,202.72.241.131,202.75.39.121,202.75.52.101,202.75.52.103,202.75.62.179,202.75.63.50,202.87.191.59,202.88.236.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (67)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510132; rev:1830; fwsam: src, 24 hours;)
alert udp [202.44.11.60,202.44.37.162,202.47.224.163,202.48.53.19,202.5.95.205,202.51.180.6,202.53.70.18,202.54.61.99,202.55.180.37,202.56.176.25,202.57.132.39,202.57.142.37,202.58.98.98,202.6.235.164,202.60.70.41,202.63.106.190,202.65.210.61,202.65.244.14,202.70.36.242,202.70.45.226,202.71.251.46,202.72.218.66,202.72.241.131,202.75.39.121,202.75.52.101,202.75.52.103,202.75.62.179,202.75.63.50,202.87.191.59,202.88.236.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (67)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510133; rev:1830; fwsam: src, 24 hours;)
alert tcp [202.9.108.35,202.90.158.63,202.91.24.59,202.91.246.244,202.95.141.177,202.96.1.12,202.96.188.101,202.96.199.150,202.96.36.107,202.96.57.226,202.96.75.21,202.97.134.71,202.99.29.27,202.99.82.74,203.109.165.5,203.109.68.190,203.110.240.114,203.110.240.54,203.110.245.250,203.110.81.13,203.113.15.87,203.114.112.98,203.115.131.113,203.115.131.115,203.115.131.80,203.115.19.15,203.115.78.239,203.117.16.165,203.117.187.187,203.123.36.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (68)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510134; rev:1830; fwsam: src, 24 hours;)
alert udp [202.9.108.35,202.90.158.63,202.91.24.59,202.91.246.244,202.95.141.177,202.96.1.12,202.96.188.101,202.96.199.150,202.96.36.107,202.96.57.226,202.96.75.21,202.97.134.71,202.99.29.27,202.99.82.74,203.109.165.5,203.109.68.190,203.110.240.114,203.110.240.54,203.110.245.250,203.110.81.13,203.113.15.87,203.114.112.98,203.115.131.113,203.115.131.115,203.115.131.80,203.115.19.15,203.115.78.239,203.117.16.165,203.117.187.187,203.123.36.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (68)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510135; rev:1830; fwsam: src, 24 hours;)
alert tcp [203.125.226.234,203.129.255.178,203.130.242.207,203.130.251.167,203.133.205.73,203.134.217.4,203.14.171.198,203.141.131.29,203.141.246.203,203.146.127.139,203.146.127.179,203.146.245.85,203.146.88.146,203.147.4.68,203.148.180.245,203.153.28.217,203.153.42.79,203.154.65.162,203.155.115.25,203.156.190.7,203.169.195.101,203.172.137.59,203.172.175.3,203.172.184.19,203.172.214.163,203.172.238.226,203.174.83.98,203.174.86.99,203.177.89.210,203.184.143.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (69)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510136; rev:1830; fwsam: src, 24 hours;)
alert udp [203.125.226.234,203.129.255.178,203.130.242.207,203.130.251.167,203.133.205.73,203.134.217.4,203.14.171.198,203.141.131.29,203.141.246.203,203.146.127.139,203.146.127.179,203.146.245.85,203.146.88.146,203.147.4.68,203.148.180.245,203.153.28.217,203.153.42.79,203.154.65.162,203.155.115.25,203.156.190.7,203.169.195.101,203.172.137.59,203.172.175.3,203.172.184.19,203.172.214.163,203.172.238.226,203.174.83.98,203.174.86.99,203.177.89.210,203.184.143.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (69)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510137; rev:1830; fwsam: src, 24 hours;)
alert tcp [203.186.24.182,203.186.97.169,203.187.197.188,203.187.210.28,203.188.230.198,203.194.99.88,203.198.129.106,203.198.169.84,203.198.173.228,203.198.71.164,203.200.73.50,203.200.81.104,203.201.63.4,203.202.217.6,203.208.154.211,203.211.36.164,203.215.251.88,203.217.177.4,203.223.42.62,203.236.210.210,203.253.89.180,203.37.44.132,203.64.143.165,203.65.162.165,203.66.115.43,203.66.151.27,203.68.60.234,203.70.240.184,203.71.198.8,203.72.60.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (70)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510138; rev:1830; fwsam: src, 24 hours;)
alert udp [203.186.24.182,203.186.97.169,203.187.197.188,203.187.210.28,203.188.230.198,203.194.99.88,203.198.129.106,203.198.169.84,203.198.173.228,203.198.71.164,203.200.73.50,203.200.81.104,203.201.63.4,203.202.217.6,203.208.154.211,203.211.36.164,203.215.251.88,203.217.177.4,203.223.42.62,203.236.210.210,203.253.89.180,203.37.44.132,203.64.143.165,203.65.162.165,203.66.115.43,203.66.151.27,203.68.60.234,203.70.240.184,203.71.198.8,203.72.60.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (70)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510139; rev:1830; fwsam: src, 24 hours;)
alert tcp [203.73.29.231,203.77.197.117,203.79.232.35,203.81.81.36,203.85.122.108,203.86.164.196,203.86.41.42,203.90.112.34,203.92.45.70,203.92.50.82,203.93.123.1,203.94.155.122,203.95.53.123,203.98.114.57,203.98.91.214,203.99.233.142,204.112.209.92,204.15.135.146,204.186.26.126,204.213.57.40,204.232.203.18,204.232.203.22,204.244.123.8,205.209.137.107,205.209.137.108,205.234.200.179,205.234.239.234,205.242.219.108,205.246.14.9,206.107.220.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (71)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510140; rev:1830; fwsam: src, 24 hours;)
alert udp [203.73.29.231,203.77.197.117,203.79.232.35,203.81.81.36,203.85.122.108,203.86.164.196,203.86.41.42,203.90.112.34,203.92.45.70,203.92.50.82,203.93.123.1,203.94.155.122,203.95.53.123,203.98.114.57,203.98.91.214,203.99.233.142,204.112.209.92,204.15.135.146,204.186.26.126,204.213.57.40,204.232.203.18,204.232.203.22,204.244.123.8,205.209.137.107,205.209.137.108,205.234.200.179,205.234.239.234,205.242.219.108,205.246.14.9,206.107.220.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (71)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510141; rev:1830; fwsam: src, 24 hours;)
alert tcp [206.251.76.34,206.251.78.23,206.255.112.20,206.41.117.254,206.67.234.226,206.74.118.63,206.75.117.111,206.75.117.113,206.82.113.33,207.111.170.14,207.161.171.53,207.178.155.52,207.191.191.21,207.214.86.86,207.214.86.92,207.215.246.176,207.241.248.1,207.250.254.27,207.254.131.207,207.30.27.21,207.35.172.214,207.47.9.4,207.58.132.114,207.58.254.13,207.6.56.185,207.61.241.100,207.70.158.87,208.109.182.174,208.110.86.246,208.111.183.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (72)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510142; rev:1830; fwsam: src, 24 hours;)
alert udp [206.251.76.34,206.251.78.23,206.255.112.20,206.41.117.254,206.67.234.226,206.74.118.63,206.75.117.111,206.75.117.113,206.82.113.33,207.111.170.14,207.161.171.53,207.178.155.52,207.191.191.21,207.214.86.86,207.214.86.92,207.215.246.176,207.241.248.1,207.250.254.27,207.254.131.207,207.30.27.21,207.35.172.214,207.47.9.4,207.58.132.114,207.58.254.13,207.6.56.185,207.61.241.100,207.70.158.87,208.109.182.174,208.110.86.246,208.111.183.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (72)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510143; rev:1830; fwsam: src, 24 hours;)
alert tcp [208.116.61.18,208.122.19.195,208.127.246.236,208.167.226.213,208.35.122.24,208.43.198.60,208.44.156.50,208.49.187.166,208.64.226.73,208.64.39.248,208.67.226.156,208.67.34.130,208.71.89.218,208.75.83.25,208.75.83.30,208.78.170.139,208.78.42.82,208.78.98.214,208.85.229.104,208.87.149.250,208.87.79.209,208.89.211.227,208.89.218.106,208.91.129.148,208.91.131.181,208.92.108.48,208.92.20.196,208.92.223.39,208.94.101.62,208.94.147.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (73)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510144; rev:1830; fwsam: src, 24 hours;)
alert udp [208.116.61.18,208.122.19.195,208.127.246.236,208.167.226.213,208.35.122.24,208.43.198.60,208.44.156.50,208.49.187.166,208.64.226.73,208.64.39.248,208.67.226.156,208.67.34.130,208.71.89.218,208.75.83.25,208.75.83.30,208.78.170.139,208.78.42.82,208.78.98.214,208.85.229.104,208.87.149.250,208.87.79.209,208.89.211.227,208.89.218.106,208.91.129.148,208.91.131.181,208.92.108.48,208.92.20.196,208.92.223.39,208.94.101.62,208.94.147.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (73)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510145; rev:1830; fwsam: src, 24 hours;)
alert tcp [208.96.162.16,208.96.213.149,209.128.105.77,209.129.49.7,209.135.98.254,209.139.209.148,209.155.215.84,209.167.157.12,209.17.151.253,209.172.57.234,209.172.59.129,209.172.59.131,209.172.59.133,209.177.229.74,209.183.51.130,209.183.51.47,209.20.73.68,209.211.7.1,209.237.247.146,209.255.67.10,209.29.23.92,209.30.146.83,209.34.243.158,209.43.11.249,209.51.196.242,209.52.170.114,209.59.179.117,209.62.76.10,209.62.78.226,210.0.180.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (74)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510146; rev:1830; fwsam: src, 24 hours;)
alert udp [208.96.162.16,208.96.213.149,209.128.105.77,209.129.49.7,209.135.98.254,209.139.209.148,209.155.215.84,209.167.157.12,209.17.151.253,209.172.57.234,209.172.59.129,209.172.59.131,209.172.59.133,209.177.229.74,209.183.51.130,209.183.51.47,209.20.73.68,209.211.7.1,209.237.247.146,209.255.67.10,209.29.23.92,209.30.146.83,209.34.243.158,209.43.11.249,209.51.196.242,209.52.170.114,209.59.179.117,209.62.76.10,209.62.78.226,210.0.180.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (74)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510147; rev:1830; fwsam: src, 24 hours;)
alert tcp [210.0.197.45,210.105.75.242,210.115.53.78,210.116.200.199,210.117.172.160,210.143.111.197,210.145.112.18,210.163.84.215,210.17.128.87,210.17.183.99,210.17.215.61,210.17.240.159,210.172.164.101,210.175.27.126,210.18.76.166,210.181.236.10,210.183.165.24,210.187.51.36,210.187.51.38,210.187.51.56,210.192.123.204,210.2.38.248,210.202.182.49,210.202.227.7,210.202.227.8,210.205.6.224,210.21.218.194,210.212.165.236,210.212.216.228,210.212.222.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (75)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510148; rev:1830; fwsam: src, 24 hours;)
alert udp [210.0.197.45,210.105.75.242,210.115.53.78,210.116.200.199,210.117.172.160,210.143.111.197,210.145.112.18,210.163.84.215,210.17.128.87,210.17.183.99,210.17.215.61,210.17.240.159,210.172.164.101,210.175.27.126,210.18.76.166,210.181.236.10,210.183.165.24,210.187.51.36,210.187.51.38,210.187.51.56,210.192.123.204,210.2.38.248,210.202.182.49,210.202.227.7,210.202.227.8,210.205.6.224,210.21.218.194,210.212.165.236,210.212.216.228,210.212.222.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (75)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510149; rev:1830; fwsam: src, 24 hours;)
alert tcp [210.212.246.147,210.212.5.229,210.214.136.103,210.216.242.180,210.217.43.99,210.22.13.7,210.222.60.111,210.240.33.193,210.240.38.138,210.240.92.131,210.242.175.71,210.245.2.232,210.248.159.157,210.248.89.243,210.251.247.155,210.251.64.44,210.254.193.210,210.254.38.230,210.26.16.29,210.28.164.2,210.3.38.140,210.3.4.113,210.35.88.61,210.41.225.45,210.44.217.171,210.48.150.111,210.5.99.202,210.51.10.184,210.51.10.189,210.51.12.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (76)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510150; rev:1830; fwsam: src, 24 hours;)
alert udp [210.212.246.147,210.212.5.229,210.214.136.103,210.216.242.180,210.217.43.99,210.22.13.7,210.222.60.111,210.240.33.193,210.240.38.138,210.240.92.131,210.242.175.71,210.245.2.232,210.248.159.157,210.248.89.243,210.251.247.155,210.251.64.44,210.254.193.210,210.254.38.230,210.26.16.29,210.28.164.2,210.3.38.140,210.3.4.113,210.35.88.61,210.41.225.45,210.44.217.171,210.48.150.111,210.5.99.202,210.51.10.184,210.51.10.189,210.51.12.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (76)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510151; rev:1830; fwsam: src, 24 hours;)
alert tcp [210.51.166.221,210.51.166.223,210.51.166.224,210.51.166.225,210.51.166.226,210.51.166.229,210.51.166.233,210.51.166.238,210.51.166.245,210.51.166.247,210.51.166.42,210.51.171.74,210.51.181.69,210.51.184.105,210.51.191.165,210.51.2.139,210.51.21.164,210.51.215.18,210.51.36.162,210.51.48.71,210.51.52.132,210.51.58.90,210.51.60.74,210.56.150.16,210.64.51.246,210.64.8.61,210.68.70.170,210.75.126.115,210.75.208.247,210.76.97.176] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (77)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510152; rev:1830; fwsam: src, 24 hours;)
alert udp [210.51.166.221,210.51.166.223,210.51.166.224,210.51.166.225,210.51.166.226,210.51.166.229,210.51.166.233,210.51.166.238,210.51.166.245,210.51.166.247,210.51.166.42,210.51.171.74,210.51.181.69,210.51.184.105,210.51.191.165,210.51.2.139,210.51.21.164,210.51.215.18,210.51.36.162,210.51.48.71,210.51.52.132,210.51.58.90,210.51.60.74,210.56.150.16,210.64.51.246,210.64.8.61,210.68.70.170,210.75.126.115,210.75.208.247,210.76.97.176] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (77)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510153; rev:1830; fwsam: src, 24 hours;)
alert tcp [210.76.98.125,210.83.161.154,210.83.161.213,210.83.203.162,210.83.233.106,210.83.25.77,210.83.70.250,210.83.80.137,210.83.81.7,210.89.36.129,210.89.37.238,210.90.74.163,210.91.32.162,210.99.132.28,211.10.17.41,211.100.19.155,211.100.19.157,211.100.42.83,211.100.49.77,211.100.58.101,211.100.59.102,211.100.59.74,211.100.59.75,211.103.139.197,211.103.191.2,211.103.244.159,211.105.116.121,211.105.125.83,211.11.140.199,211.115.93.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (78)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510154; rev:1830; fwsam: src, 24 hours;)
alert udp [210.76.98.125,210.83.161.154,210.83.161.213,210.83.203.162,210.83.233.106,210.83.25.77,210.83.70.250,210.83.80.137,210.83.81.7,210.89.36.129,210.89.37.238,210.90.74.163,210.91.32.162,210.99.132.28,211.10.17.41,211.100.19.155,211.100.19.157,211.100.42.83,211.100.49.77,211.100.58.101,211.100.59.102,211.100.59.74,211.100.59.75,211.103.139.197,211.103.191.2,211.103.244.159,211.105.116.121,211.105.125.83,211.11.140.199,211.115.93.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (78)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510155; rev:1830; fwsam: src, 24 hours;)
alert tcp [211.13.127.193,211.138.102.139,211.138.123.35,211.138.71.76,211.138.85.158,211.140.3.214,211.141.237.36,211.144.33.202,211.144.35.172,211.151.68.156,211.152.39.3,211.153.33.194,211.155.227.171,211.155.227.20,211.156.177.120,211.157.105.114,211.157.108.132,211.157.108.243,211.157.227.104,211.157.98.29,211.157.98.64,211.160.160.195,211.160.163.39,211.161.251.65,211.162.68.107,211.166.24.22,211.166.9.52,211.171.245.154,211.172.68.226,211.173.130.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (79)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510156; rev:1830; fwsam: src, 24 hours;)
alert udp [211.13.127.193,211.138.102.139,211.138.123.35,211.138.71.76,211.138.85.158,211.140.3.214,211.141.237.36,211.144.33.202,211.144.35.172,211.151.68.156,211.152.39.3,211.153.33.194,211.155.227.171,211.155.227.20,211.156.177.120,211.157.105.114,211.157.108.132,211.157.108.243,211.157.227.104,211.157.98.29,211.157.98.64,211.160.160.195,211.160.163.39,211.161.251.65,211.162.68.107,211.166.24.22,211.166.9.52,211.171.245.154,211.172.68.226,211.173.130.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (79)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510157; rev:1830; fwsam: src, 24 hours;)
alert tcp [211.173.133.179,211.174.182.205,211.174.61.101,211.182.130.103,211.186.175.14,211.191.168.179,211.191.168.180,211.192.213.10,211.194.238.11,211.195.153.178,211.197.79.155,211.20.219.210,211.204.148.209,211.204.148.220,211.206.122.138,211.218.191.247,211.218.248.222,211.219.169.100,211.22.72.251,211.225.158.1,211.226.13.102,211.232.39.132,211.233.63.54,211.234.122.142,211.234.123.35,211.235.228.43,211.237.165.41,211.237.235.110,211.238.39.28,211.239.14.41] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (80)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510158; rev:1830; fwsam: src, 24 hours;)
alert udp [211.173.133.179,211.174.182.205,211.174.61.101,211.182.130.103,211.186.175.14,211.191.168.179,211.191.168.180,211.192.213.10,211.194.238.11,211.195.153.178,211.197.79.155,211.20.219.210,211.204.148.209,211.204.148.220,211.206.122.138,211.218.191.247,211.218.248.222,211.219.169.100,211.22.72.251,211.225.158.1,211.226.13.102,211.232.39.132,211.233.63.54,211.234.122.142,211.234.123.35,211.235.228.43,211.237.165.41,211.237.235.110,211.238.39.28,211.239.14.41] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (80)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510159; rev:1830; fwsam: src, 24 hours;)
alert tcp [211.243.76.90,211.25.44.34,211.32.122.179,211.38.235.148,211.38.38.215,211.38.88.100,211.40.48.130,211.41.128.119,211.44.12.20,211.44.183.77,211.48.161.199,211.51.81.208,211.69.198.201,211.7.45.195,211.72.171.76,211.74.12.214,211.74.169.130,211.88.20.15,211.92.149.147,211.94.164.9,211.94.190.198,211.95.77.44,211.95.79.186,211.99.208.170,211.99.208.179,212.1.224.110,212.1.67.10,212.103.181.248,212.103.181.250,212.103.194.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (81)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510160; rev:1830; fwsam: src, 24 hours;)
alert udp [211.243.76.90,211.25.44.34,211.32.122.179,211.38.235.148,211.38.38.215,211.38.88.100,211.40.48.130,211.41.128.119,211.44.12.20,211.44.183.77,211.48.161.199,211.51.81.208,211.69.198.201,211.7.45.195,211.72.171.76,211.74.12.214,211.74.169.130,211.88.20.15,211.92.149.147,211.94.164.9,211.94.190.198,211.95.77.44,211.95.79.186,211.99.208.170,211.99.208.179,212.1.224.110,212.1.67.10,212.103.181.248,212.103.181.250,212.103.194.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (81)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510161; rev:1830; fwsam: src, 24 hours;)
alert tcp [212.107.158.252,212.111.195.19,212.116.150.175,212.117.174.163,212.117.177.108,212.117.183.11,212.117.185.75,212.117.187.10,212.117.191.35,212.117.9.82,212.12.0.2,212.12.0.8,212.122.121.28,212.150.130.183,212.150.164.206,212.152.127.212,212.152.39.52,212.156.176.228,212.156.65.78,212.158.161.168,212.158.162.5,212.160.234.116,212.170.156.22,212.174.232.22,212.174.54.162,212.174.7.236,212.175.12.50,212.175.249.179,212.176.203.89,212.181.163.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (82)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510162; rev:1830; fwsam: src, 24 hours;)
alert udp [212.107.158.252,212.111.195.19,212.116.150.175,212.117.174.163,212.117.177.108,212.117.183.11,212.117.185.75,212.117.187.10,212.117.191.35,212.117.9.82,212.12.0.2,212.12.0.8,212.122.121.28,212.150.130.183,212.150.164.206,212.152.127.212,212.152.39.52,212.156.176.228,212.156.65.78,212.158.161.168,212.158.162.5,212.160.234.116,212.170.156.22,212.174.232.22,212.174.54.162,212.174.7.236,212.175.12.50,212.175.249.179,212.176.203.89,212.181.163.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (82)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510163; rev:1830; fwsam: src, 24 hours;)
alert tcp [212.182.64.88,212.191.90.142,212.21.229.4,212.22.173.94,212.225.192.212,212.225.227.136,212.230.185.152,212.233.249.248,212.235.117.227,212.24.139.11,212.241.250.210,212.243.89.139,212.26.134.34,212.30.33.150,212.34.47.50,212.35.169.20,212.40.45.131,212.43.199.22,212.49.206.142,212.50.1.138,212.58.3.24,212.59.255.196,212.60.56.180,212.60.66.203,212.61.228.162,212.73.134.142,212.76.47.34,212.76.68.158,212.78.231.6,212.81.22.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (83)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510164; rev:1830; fwsam: src, 24 hours;)
alert udp [212.182.64.88,212.191.90.142,212.21.229.4,212.22.173.94,212.225.192.212,212.225.227.136,212.230.185.152,212.233.249.248,212.235.117.227,212.24.139.11,212.241.250.210,212.243.89.139,212.26.134.34,212.30.33.150,212.34.47.50,212.35.169.20,212.40.45.131,212.43.199.22,212.49.206.142,212.50.1.138,212.58.3.24,212.59.255.196,212.60.56.180,212.60.66.203,212.61.228.162,212.73.134.142,212.76.47.34,212.76.68.158,212.78.231.6,212.81.22.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (83)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510165; rev:1830; fwsam: src, 24 hours;)
alert tcp [212.92.237.8,212.92.241.247,212.94.104.4,212.95.41.13,212.95.54.216,212.98.173.133,213.10.103.38,213.113.126.76,213.131.252.136,213.136.19.32,213.144.205.9,213.145.97.129,213.147.64.1,213.154.72.72,213.155.10.216,213.155.24.236,213.155.31.200,213.156.107.52,213.156.75.32,213.157.196.124,213.16.127.82,213.160.145.234,213.163.91.108,213.163.91.209,213.169.67.57,213.17.158.140,213.17.200.100,213.170.83.69,213.171.204.113,213.171.39.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (84)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510166; rev:1830; fwsam: src, 24 hours;)
alert udp [212.92.237.8,212.92.241.247,212.94.104.4,212.95.41.13,212.95.54.216,212.98.173.133,213.10.103.38,213.113.126.76,213.131.252.136,213.136.19.32,213.144.205.9,213.145.97.129,213.147.64.1,213.154.72.72,213.155.10.216,213.155.24.236,213.155.31.200,213.156.107.52,213.156.75.32,213.157.196.124,213.16.127.82,213.160.145.234,213.163.91.108,213.163.91.209,213.169.67.57,213.17.158.140,213.17.200.100,213.170.83.69,213.171.204.113,213.171.39.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (84)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510167; rev:1830; fwsam: src, 24 hours;)
alert tcp [213.171.48.245,213.171.61.178,213.172.16.20,213.172.36.130,213.174.228.217,213.178.224.168,213.180.199.48,213.180.199.61,213.180.99.200,213.181.216.58,213.182.179.67,213.186.118.101,213.186.118.112,213.186.167.92,213.186.33.40,213.188.254.183,213.190.161.140,213.192.74.15,213.192.74.19,213.195.75.177,213.198.78.3,213.207.210.231,213.210.202.85,213.211.58.21,213.218.116.178,213.22.48.216,213.225.74.100,213.23.35.244,213.230.8.190,213.231.28.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (85)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510168; rev:1830; fwsam: src, 24 hours;)
alert udp [213.171.48.245,213.171.61.178,213.172.16.20,213.172.36.130,213.174.228.217,213.178.224.168,213.180.199.48,213.180.199.61,213.180.99.200,213.181.216.58,213.182.179.67,213.186.118.101,213.186.118.112,213.186.167.92,213.186.33.40,213.188.254.183,213.190.161.140,213.192.74.15,213.192.74.19,213.195.75.177,213.198.78.3,213.207.210.231,213.210.202.85,213.211.58.21,213.218.116.178,213.22.48.216,213.225.74.100,213.23.35.244,213.230.8.190,213.231.28.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (85)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510169; rev:1830; fwsam: src, 24 hours;)
alert tcp [213.232.110.198,213.234.11.170,213.238.117.78,213.240.250.186,213.247.49.17,213.25.9.22,213.252.220.250,213.254.126.22,213.26.174.3,213.37.150.2,213.37.217.121,213.37.38.150,213.41.169.243,213.43.212.41,213.46.152.209,213.47.68.11,213.60.229.181,213.66.132.84,213.79.102.139,213.79.108.7,213.80.98.161,213.83.36.181,213.89.29.39,213.92.85.189,213.98.87.199,216.103.65.60,216.104.46.58,216.105.40.52,216.105.42.114,216.106.235.241] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510170; rev:1830; fwsam: src, 24 hours;)
alert udp [213.232.110.198,213.234.11.170,213.238.117.78,213.240.250.186,213.247.49.17,213.25.9.22,213.252.220.250,213.254.126.22,213.26.174.3,213.37.150.2,213.37.217.121,213.37.38.150,213.41.169.243,213.43.212.41,213.46.152.209,213.47.68.11,213.60.229.181,213.66.132.84,213.79.102.139,213.79.108.7,213.80.98.161,213.83.36.181,213.89.29.39,213.92.85.189,213.98.87.199,216.103.65.60,216.104.46.58,216.105.40.52,216.105.42.114,216.106.235.241] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510171; rev:1830; fwsam: src, 24 hours;)
alert tcp [216.107.124.165,216.108.235.169,216.109.73.21,216.114.98.220,216.115.71.116,216.12.207.250,216.138.140.15,216.139.226.14,216.14.113.82,216.154.28.95,216.171.155.29,216.177.139.4,216.18.218.12,216.18.222.210,216.206.242.200,216.227.52.159,216.240.180.195,216.240.187.145,216.241.14.19,216.245.218.246,216.246.76.132,216.251.77.2,216.254.186.76,216.255.1.203,216.29.152.13,216.30.201.20,216.54.134.37,216.55.164.20,216.8.138.130,216.8.179.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510172; rev:1830; fwsam: src, 24 hours;)
alert udp [216.107.124.165,216.108.235.169,216.109.73.21,216.114.98.220,216.115.71.116,216.12.207.250,216.138.140.15,216.139.226.14,216.14.113.82,216.154.28.95,216.171.155.29,216.177.139.4,216.18.218.12,216.18.222.210,216.206.242.200,216.227.52.159,216.240.180.195,216.240.187.145,216.241.14.19,216.245.218.246,216.246.76.132,216.251.77.2,216.254.186.76,216.255.1.203,216.29.152.13,216.30.201.20,216.54.134.37,216.55.164.20,216.8.138.130,216.8.179.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510173; rev:1830; fwsam: src, 24 hours;)
alert tcp [216.83.130.19,216.86.201.28,216.9.9.172,217.10.117.161,217.10.127.105,217.113.129.100,217.113.131.204,217.113.138.17,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.115.115.175,217.117.182.236,217.117.216.150,217.117.64.61,217.118.181.118,217.119.114.126,217.119.121.229,217.119.124.43,217.119.124.50,217.127.157.42,217.127.167.90,217.127.71.155,217.128.195.197,217.129.215.160,217.129.36.120,217.132.65.9,217.133.97.38,217.139.134.107] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510174; rev:1830; fwsam: src, 24 hours;)
alert udp [216.83.130.19,216.86.201.28,216.9.9.172,217.10.117.161,217.10.127.105,217.113.129.100,217.113.131.204,217.113.138.17,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.115.115.175,217.117.182.236,217.117.216.150,217.117.64.61,217.118.181.118,217.119.114.126,217.119.121.229,217.119.124.43,217.119.124.50,217.127.157.42,217.127.167.90,217.127.71.155,217.128.195.197,217.129.215.160,217.129.36.120,217.132.65.9,217.133.97.38,217.139.134.107] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510175; rev:1830; fwsam: src, 24 hours;)
alert tcp [217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.144.227.28,217.145.83.229,217.146.212.207,217.147.160.73,217.147.44.187,217.148.202.188,217.151.118.19,217.151.135.192,217.151.135.77,217.151.18.163,217.16.16.123,217.16.28.65,217.16.4.33,217.160.178.20,217.162.117.185,217.162.20.243,217.162.204.57,217.162.34.74,217.162.35.92,217.162.42.202,217.162.54.59,217.165.236.245,217.165.6.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510176; rev:1830; fwsam: src, 24 hours;)
alert udp [217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.144.227.28,217.145.83.229,217.146.212.207,217.147.160.73,217.147.44.187,217.148.202.188,217.151.118.19,217.151.135.192,217.151.135.77,217.151.18.163,217.16.16.123,217.16.28.65,217.16.4.33,217.160.178.20,217.162.117.185,217.162.20.243,217.162.204.57,217.162.34.74,217.162.35.92,217.162.42.202,217.162.54.59,217.165.236.245,217.165.6.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510177; rev:1830; fwsam: src, 24 hours;)
alert tcp [217.165.94.34,217.166.58.100,217.167.0.185,217.168.141.141,217.169.15.53,217.17.222.1,217.170.194.63,217.170.194.65,217.171.129.66,217.172.168.18,217.174.104.187,217.175.10.207,217.175.33.42,217.18.244.214,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83,217.194.123.75,217.195.176.152,217.196.160.50,217.197.241.56,217.197.249.50,217.199.218.7,217.199.233.106,217.199.233.121,217.199.233.149,217.20.161.245,217.20.171.136,217.20.183.73] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510178; rev:1830; fwsam: src, 24 hours;)
alert udp [217.165.94.34,217.166.58.100,217.167.0.185,217.168.141.141,217.169.15.53,217.17.222.1,217.170.194.63,217.170.194.65,217.171.129.66,217.172.168.18,217.174.104.187,217.175.10.207,217.175.33.42,217.18.244.214,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83,217.194.123.75,217.195.176.152,217.196.160.50,217.197.241.56,217.197.249.50,217.199.218.7,217.199.233.106,217.199.233.121,217.199.233.149,217.20.161.245,217.20.171.136,217.20.183.73] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510179; rev:1830; fwsam: src, 24 hours;)
alert tcp [217.201.107.239,217.201.14.23,217.201.158.226,217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.203.73.145,217.206.147.1,217.207.217.148,217.207.81.133,217.211.241.130,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.203.119,217.217.48.12,217.217.83.174,217.218.98.254,217.219.181.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510180; rev:1830; fwsam: src, 24 hours;)
alert udp [217.201.107.239,217.201.14.23,217.201.158.226,217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.203.73.145,217.206.147.1,217.207.217.148,217.207.81.133,217.211.241.130,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.203.119,217.217.48.12,217.217.83.174,217.218.98.254,217.219.181.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510181; rev:1830; fwsam: src, 24 hours;)
alert tcp [217.219.211.85,217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.23.14.19,217.23.14.85,217.23.176.94,217.23.3.144,217.23.67.126,217.23.9.133,217.231.230.238,217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.216.94,217.253.184.197,217.254.147.183,217.255.212.221,217.28.210.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510182; rev:1830; fwsam: src, 24 hours;)
alert udp [217.219.211.85,217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.23.14.19,217.23.14.85,217.23.176.94,217.23.3.144,217.23.67.126,217.23.9.133,217.231.230.238,217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.216.94,217.253.184.197,217.254.147.183,217.255.212.221,217.28.210.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510183; rev:1830; fwsam: src, 24 hours;)
alert tcp [217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.64.25.111,217.64.28.55,217.64.29.234,217.65.190.188,217.65.2.83,217.65.3.7,217.65.6.113,217.67.230.4,217.67.241.10,217.68.171.13,217.68.173.23,217.69.214.91,217.70.16.37,217.70.51.79,217.71.167.229,217.71.224.66,217.72.154.52,217.76.92.24,217.79.93.196,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166,217.83.103.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510184; rev:1830; fwsam: src, 24 hours;)
alert udp [217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.64.25.111,217.64.28.55,217.64.29.234,217.65.190.188,217.65.2.83,217.65.3.7,217.65.6.113,217.67.230.4,217.67.241.10,217.68.171.13,217.68.173.23,217.69.214.91,217.70.16.37,217.70.51.79,217.71.167.229,217.71.224.66,217.72.154.52,217.76.92.24,217.79.93.196,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166,217.83.103.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510185; rev:1830; fwsam: src, 24 hours;)
alert tcp [217.85.179.191,217.87.201.186,217.87.97.1,217.9.16.131,217.91.136.50,217.91.230.179,217.91.32.113,217.91.48.219,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.185.35,218.1.73.102,218.1.73.193,218.101.129.10,218.101.246.208,218.101.6.204,218.104.9.51,218.106.96.230,218.107.139.2,218.107.142.197,218.108.0.83,218.108.20.174,218.108.235.86,218.108.248.100,218.145.108.229,218.145.128.150,218.145.31.18,218.145.71.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510186; rev:1830; fwsam: src, 24 hours;)
alert udp [217.85.179.191,217.87.201.186,217.87.97.1,217.9.16.131,217.91.136.50,217.91.230.179,217.91.32.113,217.91.48.219,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.185.35,218.1.73.102,218.1.73.193,218.101.129.10,218.101.246.208,218.101.6.204,218.104.9.51,218.106.96.230,218.107.139.2,218.107.142.197,218.108.0.83,218.108.20.174,218.108.235.86,218.108.248.100,218.145.108.229,218.145.128.150,218.145.31.18,218.145.71.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510187; rev:1830; fwsam: src, 24 hours;)
alert tcp [218.145.71.158,218.147.109.251,218.153.247.23,218.16.122.239,218.16.143.93,218.162.128.40,218.165.218.168,218.165.220.174,218.169.81.207,218.17.147.50,218.171.112.58,218.171.114.89,218.171.122.27,218.188.152.99,218.19.140.9,218.2.108.81,218.2.203.92,218.2.31.66,218.20.201.101,218.20.51.206,218.205.233.234,218.206.243.243,218.206.25.29,218.207.158.7,218.207.224.10,218.208.210.89,218.209.102.50,218.209.25.140,218.210.122.227,218.22.67.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510188; rev:1830; fwsam: src, 24 hours;)
alert udp [218.145.71.158,218.147.109.251,218.153.247.23,218.16.122.239,218.16.143.93,218.162.128.40,218.165.218.168,218.165.220.174,218.169.81.207,218.17.147.50,218.171.112.58,218.171.114.89,218.171.122.27,218.188.152.99,218.19.140.9,218.2.108.81,218.2.203.92,218.2.31.66,218.20.201.101,218.20.51.206,218.205.233.234,218.206.243.243,218.206.25.29,218.207.158.7,218.207.224.10,218.208.210.89,218.209.102.50,218.209.25.140,218.210.122.227,218.22.67.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510189; rev:1830; fwsam: src, 24 hours;)
alert tcp [218.220.247.87,218.222.17.8,218.227.218.44,218.234.33.15,218.234.33.27,218.240.24.236,218.240.31.143,218.240.31.152,218.240.38.228,218.240.39.141,218.240.39.3,218.240.40.108,218.240.42.93,218.240.43.106,218.240.54.153,218.241.155.142,218.241.155.144,218.241.156.214,218.246.127.104,218.246.34.45,218.248.25.228,218.248.25.230,218.249.219.67,218.249.27.69,218.25.10.103,218.25.246.242,218.25.68.9,218.25.99.135,218.251.106.81,218.251.24.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510190; rev:1830; fwsam: src, 24 hours;)
alert udp [218.220.247.87,218.222.17.8,218.227.218.44,218.234.33.15,218.234.33.27,218.240.24.236,218.240.31.143,218.240.31.152,218.240.38.228,218.240.39.141,218.240.39.3,218.240.40.108,218.240.42.93,218.240.43.106,218.240.54.153,218.241.155.142,218.241.155.144,218.241.156.214,218.246.127.104,218.246.34.45,218.248.25.228,218.248.25.230,218.249.219.67,218.249.27.69,218.25.10.103,218.25.246.242,218.25.68.9,218.25.99.135,218.251.106.81,218.251.24.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510191; rev:1830; fwsam: src, 24 hours;)
alert tcp [218.29.255.244,218.3.88.114,218.3.94.2,218.30.19.48,218.30.5.19,218.30.56.45,218.39.233.26,218.50.79.37,218.52.60.54,218.53.131.174,218.55.227.178,218.56.61.114,218.58.70.130,218.58.76.233,218.61.141.107,218.61.196.40,218.61.2.130,218.61.3.170,218.65.110.180,218.65.4.170,218.75.79.18,218.75.79.19,218.75.83.190,218.8.251.187,218.80.197.147,218.80.254.136,218.87.16.140,218.91.210.106,218.92.23.106,218.92.39.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510192; rev:1830; fwsam: src, 24 hours;)
alert udp [218.29.255.244,218.3.88.114,218.3.94.2,218.30.19.48,218.30.5.19,218.30.56.45,218.39.233.26,218.50.79.37,218.52.60.54,218.53.131.174,218.55.227.178,218.56.61.114,218.58.70.130,218.58.76.233,218.61.141.107,218.61.196.40,218.61.2.130,218.61.3.170,218.65.110.180,218.65.4.170,218.75.79.18,218.75.79.19,218.75.83.190,218.8.251.187,218.80.197.147,218.80.254.136,218.87.16.140,218.91.210.106,218.92.23.106,218.92.39.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510193; rev:1830; fwsam: src, 24 hours;)
alert tcp [218.93.205.246,218.93.205.248,218.94.11.45,218.94.114.146,218.94.78.181,218.97.194.94,218.98.0.253,219.105.37.45,219.115.178.21,219.115.216.252,219.119.139.180,219.128.254.56,219.133.46.84,219.134.242.67,219.134.93.161,219.136.222.126,219.139.240.176,219.140.161.58,219.142.119.1,219.142.62.182,219.143.232.133,219.143.71.37,219.146.4.196,219.148.108.190,219.148.162.67,219.149.11.66,219.150.144.58,219.152.120.116,219.152.120.222,219.152.120.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510194; rev:1830; fwsam: src, 24 hours;)
alert udp [218.93.205.246,218.93.205.248,218.94.11.45,218.94.114.146,218.94.78.181,218.97.194.94,218.98.0.253,219.105.37.45,219.115.178.21,219.115.216.252,219.119.139.180,219.128.254.56,219.133.46.84,219.134.242.67,219.134.93.161,219.136.222.126,219.139.240.176,219.140.161.58,219.142.119.1,219.142.62.182,219.143.232.133,219.143.71.37,219.146.4.196,219.148.108.190,219.148.162.67,219.149.11.66,219.150.144.58,219.152.120.116,219.152.120.222,219.152.120.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510195; rev:1830; fwsam: src, 24 hours;)
alert tcp [219.153.43.163,219.153.68.4,219.159.184.173,219.159.248.199,219.163.1.68,219.165.176.249,219.166.163.131,219.198.44.25,219.223.242.245,219.236.241.165,219.237.253.245,219.238.166.101,219.239.110.83,219.249.158.132,219.54.240.13,219.64.67.11,219.70.225.32,219.83.125.242,219.85.138.20,219.85.169.121,219.90.91.130,219.90.97.125,219.91.108.158,219.91.248.219,219.91.254.228,219.93.198.82,219.93.62.74,219.93.76.50,219.94.193.101,219.94.193.106] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510196; rev:1830; fwsam: src, 24 hours;)
alert udp [219.153.43.163,219.153.68.4,219.159.184.173,219.159.248.199,219.163.1.68,219.165.176.249,219.166.163.131,219.198.44.25,219.223.242.245,219.236.241.165,219.237.253.245,219.238.166.101,219.239.110.83,219.249.158.132,219.54.240.13,219.64.67.11,219.70.225.32,219.83.125.242,219.85.138.20,219.85.169.121,219.90.91.130,219.90.97.125,219.91.108.158,219.91.248.219,219.91.254.228,219.93.198.82,219.93.62.74,219.93.76.50,219.94.193.101,219.94.193.106] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510197; rev:1830; fwsam: src, 24 hours;)
alert tcp [219.95.235.58,220.110.70.50,220.126.172.165,220.130.138.113,220.130.181.79,220.130.240.179,220.130.53.241,220.132.192.198,220.132.192.220,220.136.187.76,220.139.49.47,220.147.181.86,220.165.28.66,220.168.40.40,220.176.122.232,220.181.176.82,220.181.39.242,220.181.53.231,220.181.53.236,220.181.53.244,220.181.53.245,220.191.224.8,220.194.34.3,220.194.46.2,220.194.54.153,220.194.57.11,220.194.59.211,220.208.172.70,220.208.35.222,220.225.232.187] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510198; rev:1830; fwsam: src, 24 hours;)
alert udp [219.95.235.58,220.110.70.50,220.126.172.165,220.130.138.113,220.130.181.79,220.130.240.179,220.130.53.241,220.132.192.198,220.132.192.220,220.136.187.76,220.139.49.47,220.147.181.86,220.165.28.66,220.168.40.40,220.176.122.232,220.181.176.82,220.181.39.242,220.181.53.231,220.181.53.236,220.181.53.244,220.181.53.245,220.191.224.8,220.194.34.3,220.194.46.2,220.194.54.153,220.194.57.11,220.194.59.211,220.208.172.70,220.208.35.222,220.225.232.187] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510199; rev:1830; fwsam: src, 24 hours;)
alert tcp [220.225.237.174,220.225.247.166,220.225.48.227,220.225.75.205,220.225.8.154,220.225.86.117,220.225.86.118,220.227.207.42,220.227.24.3,220.227.67.231,220.227.98.83,220.229.218.74,220.231.44.66,220.231.7.214,220.241.37.123,220.248.12.238,220.248.225.91,220.248.9.163,220.255.7.223,220.255.7.227,220.70.2.137,220.74.1.239,220.74.65.181,220.76.118.18,220.90.134.2,220.90.239.204,220.91.17.130,220.93.212.142,221.10.147.35,221.10.30.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510200; rev:1830; fwsam: src, 24 hours;)
alert udp [220.225.237.174,220.225.247.166,220.225.48.227,220.225.75.205,220.225.8.154,220.225.86.117,220.225.86.118,220.227.207.42,220.227.24.3,220.227.67.231,220.227.98.83,220.229.218.74,220.231.44.66,220.231.7.214,220.241.37.123,220.248.12.238,220.248.225.91,220.248.9.163,220.255.7.223,220.255.7.227,220.70.2.137,220.74.1.239,220.74.65.181,220.76.118.18,220.90.134.2,220.90.239.204,220.91.17.130,220.93.212.142,221.10.147.35,221.10.30.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510201; rev:1830; fwsam: src, 24 hours;)
alert tcp [221.114.148.52,221.116.142.90,221.12.12.3,221.12.36.210,221.122.58.228,221.122.76.204,221.122.79.40,221.122.79.61,221.127.87.22,221.130.21.215,221.130.9.37,221.133.100.151,221.134.144.147,221.141.3.7,221.143.46.104,221.149.95.246,221.152.125.49,221.157.184.14,221.158.72.176,221.164.116.179,221.165.129.207,221.165.162.4,221.174.25.228,221.178.141.19,221.191.224.131,221.192.232.38,221.194.109.238,221.195.68.74,221.2.75.110,221.20.28.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510202; rev:1830; fwsam: src, 24 hours;)
alert udp [221.114.148.52,221.116.142.90,221.12.12.3,221.12.36.210,221.122.58.228,221.122.76.204,221.122.79.40,221.122.79.61,221.127.87.22,221.130.21.215,221.130.9.37,221.133.100.151,221.134.144.147,221.141.3.7,221.143.46.104,221.149.95.246,221.152.125.49,221.157.184.14,221.158.72.176,221.164.116.179,221.165.129.207,221.165.162.4,221.174.25.228,221.178.141.19,221.191.224.131,221.192.232.38,221.194.109.238,221.195.68.74,221.2.75.110,221.20.28.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510203; rev:1830; fwsam: src, 24 hours;)
alert tcp [221.201.108.52,221.204.249.92,221.208.141.40,221.224.164.195,221.224.213.202,221.233.244.64,221.236.20.42,221.236.20.44,221.242.0.194,221.244.39.233,221.247.121.110,221.4.242.180,221.5.140.79,221.7.40.47,222.103.205.149,222.106.185.157,222.107.2.46,222.110.143.96,222.110.208.25,222.112.219.40,222.117.124.136,222.121.196.144,222.122.12.22,222.124.1.66,222.124.130.164,222.124.195.2,222.124.197.186,222.127.26.187,222.13.208.140,222.141.219.176] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510204; rev:1830; fwsam: src, 24 hours;)
alert udp [221.201.108.52,221.204.249.92,221.208.141.40,221.224.164.195,221.224.213.202,221.233.244.64,221.236.20.42,221.236.20.44,221.242.0.194,221.244.39.233,221.247.121.110,221.4.242.180,221.5.140.79,221.7.40.47,222.103.205.149,222.106.185.157,222.107.2.46,222.110.143.96,222.110.208.25,222.112.219.40,222.117.124.136,222.121.196.144,222.122.12.22,222.124.1.66,222.124.130.164,222.124.195.2,222.124.197.186,222.127.26.187,222.13.208.140,222.141.219.176] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510205; rev:1830; fwsam: src, 24 hours;)
alert tcp [222.148.184.122,222.150.116.124,222.169.224.197,222.173.220.228,222.173.235.135,222.189.153.251,222.189.215.20,222.190.117.166,222.211.78.20,222.221.17.40,222.232.118.110,222.236.44.99,222.236.47.108,222.237.27.139,222.239.223.15,222.240.128.34,222.240.223.88,222.247.37.141,222.251.133.8,222.35.136.97,222.36.2.27,222.37.37.20,222.41.213.238,222.43.118.102,222.48.111.230,222.54.132.98,222.66.108.20,222.66.159.230,222.66.165.6,222.68.194.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510206; rev:1830; fwsam: src, 24 hours;)
alert udp [222.148.184.122,222.150.116.124,222.169.224.197,222.173.220.228,222.173.235.135,222.189.153.251,222.189.215.20,222.190.117.166,222.211.78.20,222.221.17.40,222.232.118.110,222.236.44.99,222.236.47.108,222.237.27.139,222.239.223.15,222.240.128.34,222.240.223.88,222.247.37.141,222.251.133.8,222.35.136.97,222.36.2.27,222.37.37.20,222.41.213.238,222.43.118.102,222.48.111.230,222.54.132.98,222.66.108.20,222.66.159.230,222.66.165.6,222.68.194.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510207; rev:1830; fwsam: src, 24 hours;)
alert tcp [222.70.68.178,222.73.126.126,222.73.205.23,222.73.205.9,222.73.214.2,222.73.228.7,222.73.242.70,222.73.254.63,222.73.26.64,222.73.37.238,222.73.37.25,222.73.54.35,222.89.136.149,222.90.213.234,222.97.130.80,222.98.54.157,24.10.157.194,24.100.123.41,24.103.144.3,24.103.43.79,24.106.149.2,24.107.152.26,24.107.157.95,24.115.108.247,24.125.69.189,24.126.191.91,24.127.21.67,24.129.74.139,24.131.237.59,24.139.168.124] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510208; rev:1830; fwsam: src, 24 hours;)
alert udp [222.70.68.178,222.73.126.126,222.73.205.23,222.73.205.9,222.73.214.2,222.73.228.7,222.73.242.70,222.73.254.63,222.73.26.64,222.73.37.238,222.73.37.25,222.73.54.35,222.89.136.149,222.90.213.234,222.97.130.80,222.98.54.157,24.10.157.194,24.100.123.41,24.103.144.3,24.103.43.79,24.106.149.2,24.107.152.26,24.107.157.95,24.115.108.247,24.125.69.189,24.126.191.91,24.127.21.67,24.129.74.139,24.131.237.59,24.139.168.124] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510209; rev:1830; fwsam: src, 24 hours;)
alert tcp [24.139.225.152,24.14.185.238,24.141.132.29,24.147.105.217,24.147.232.255,24.150.120.91,24.151.75.99,24.153.152.62,24.156.117.72,24.156.26.236,24.158.130.72,24.158.167.188,24.163.102.103,24.164.164.207,24.165.164.70,24.176.238.10,24.186.52.14,24.193.73.67,24.196.137.66,24.20.169.178,24.208.58.239,24.209.11.49,24.217.98.240,24.222.192.107,24.222.63.37,24.226.189.49,24.230.246.11,24.232.53.156,24.233.229.175,24.237.91.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510210; rev:1830; fwsam: src, 24 hours;)
alert udp [24.139.225.152,24.14.185.238,24.141.132.29,24.147.105.217,24.147.232.255,24.150.120.91,24.151.75.99,24.153.152.62,24.156.117.72,24.156.26.236,24.158.130.72,24.158.167.188,24.163.102.103,24.164.164.207,24.165.164.70,24.176.238.10,24.186.52.14,24.193.73.67,24.196.137.66,24.20.169.178,24.208.58.239,24.209.11.49,24.217.98.240,24.222.192.107,24.222.63.37,24.226.189.49,24.230.246.11,24.232.53.156,24.233.229.175,24.237.91.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510211; rev:1830; fwsam: src, 24 hours;)
alert tcp [24.244.160.6,24.247.10.171,24.247.109.145,24.249.137.90,24.27.31.181,24.30.94.77,24.4.207.153,24.56.218.247,24.56.76.166,24.91.219.145,24.97.8.227,32.176.30.3,32.176.87.175,32.97.40.18,38.108.124.131,38.97.225.166,4.153.82.105,4.176.237.190,4.248.224.207,4.87.99.26,4.91.99.27,41.194.14.133,41.200.210.158,41.200.212.137,41.200.215.72,41.200.216.143,41.201.110.78,41.201.251.143,41.201.34.136,41.214.147.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510212; rev:1830; fwsam: src, 24 hours;)
alert udp [24.244.160.6,24.247.10.171,24.247.109.145,24.249.137.90,24.27.31.181,24.30.94.77,24.4.207.153,24.56.218.247,24.56.76.166,24.91.219.145,24.97.8.227,32.176.30.3,32.176.87.175,32.97.40.18,38.108.124.131,38.97.225.166,4.153.82.105,4.176.237.190,4.248.224.207,4.87.99.26,4.91.99.27,41.194.14.133,41.200.210.158,41.200.212.137,41.200.215.72,41.200.216.143,41.201.110.78,41.201.251.143,41.201.34.136,41.214.147.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510213; rev:1830; fwsam: src, 24 hours;)
alert tcp [41.220.136.71,41.220.228.194,41.220.239.251,41.221.150.26,41.248.208.129,41.249.83.121,41.251.182.109,58.100.228.6,58.11.35.239,58.118.19.54,58.132.18.60,58.137.115.222,58.137.15.164,58.138.37.111,58.142.230.122,58.143.236.147,58.147.175.5,58.147.79.189,58.17.30.48,58.17.30.49,58.177.252.103,58.18.172.206,58.181.18.140,58.188.231.112,58.188.240.56,58.19.117.118,58.19.117.119,58.19.117.120,58.19.182.194,58.196.29.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510214; rev:1830; fwsam: src, 24 hours;)
alert udp [41.220.136.71,41.220.228.194,41.220.239.251,41.221.150.26,41.248.208.129,41.249.83.121,41.251.182.109,58.100.228.6,58.11.35.239,58.118.19.54,58.132.18.60,58.137.115.222,58.137.15.164,58.138.37.111,58.142.230.122,58.143.236.147,58.147.175.5,58.147.79.189,58.17.30.48,58.17.30.49,58.177.252.103,58.18.172.206,58.181.18.140,58.188.231.112,58.188.240.56,58.19.117.118,58.19.117.119,58.19.117.120,58.19.182.194,58.196.29.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510215; rev:1830; fwsam: src, 24 hours;)
alert tcp [58.20.234.60,58.211.166.166,58.211.47.28,58.213.165.158,58.216.152.134,58.217.255.103,58.221.34.18,58.221.35.15,58.221.41.86,58.223.2.68,58.224.170.148,58.224.9.81,58.240.123.246,58.241.255.34,58.242.99.78,58.246.48.26,58.248.253.171,58.253.235.141,58.254.201.113,58.27.252.122,58.3.87.110,58.42.247.172,58.56.128.2,58.59.176.234,58.60.10.10,58.60.103.199,58.61.149.213,58.61.156.195,58.61.157.6,58.61.160.240] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510216; rev:1830; fwsam: src, 24 hours;)
alert udp [58.20.234.60,58.211.166.166,58.211.47.28,58.213.165.158,58.216.152.134,58.217.255.103,58.221.34.18,58.221.35.15,58.221.41.86,58.223.2.68,58.224.170.148,58.224.9.81,58.240.123.246,58.241.255.34,58.242.99.78,58.246.48.26,58.248.253.171,58.253.235.141,58.254.201.113,58.27.252.122,58.3.87.110,58.42.247.172,58.56.128.2,58.59.176.234,58.60.10.10,58.60.103.199,58.61.149.213,58.61.156.195,58.61.157.6,58.61.160.240] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510217; rev:1830; fwsam: src, 24 hours;)
alert tcp [58.61.38.106,58.68.119.187,58.68.130.163,58.68.182.175,58.8.1.240,58.8.22.253,58.8.247.60,58.86.131.78,58.86.43.69,58.88.139.38,58.88.68.250,58.9.110.135,58.9.128.67,58.9.31.193,58.9.48.253,58.92.141.204,59.108.116.67,59.108.230.130,59.108.51.136,59.108.85.26,59.120.12.62,59.120.163.51,59.120.177.170,59.120.233.62,59.124.127.20,59.124.2.204,59.124.5.63,59.125.229.66,59.125.82.81,59.126.12.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510218; rev:1830; fwsam: src, 24 hours;)
alert udp [58.61.38.106,58.68.119.187,58.68.130.163,58.68.182.175,58.8.1.240,58.8.22.253,58.8.247.60,58.86.131.78,58.86.43.69,58.88.139.38,58.88.68.250,58.9.110.135,58.9.128.67,58.9.31.193,58.9.48.253,58.92.141.204,59.108.116.67,59.108.230.130,59.108.51.136,59.108.85.26,59.120.12.62,59.120.163.51,59.120.177.170,59.120.233.62,59.124.127.20,59.124.2.204,59.124.5.63,59.125.229.66,59.125.82.81,59.126.12.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510219; rev:1830; fwsam: src, 24 hours;)
alert tcp [59.13.73.72,59.14.118.47,59.14.178.104,59.145.145.52,59.15.113.105,59.15.37.157,59.151.37.103,59.160.210.67,59.161.56.121,59.161.67.85,59.162.166.243,59.166.77.165,59.167.235.100,59.175.184.44,59.175.215.66,59.18.119.142,59.186.192.7,59.190.174.189,59.190.35.210,59.21.136.169,59.21.158.233,59.23.93.122,59.26.46.80,59.3.227.47,59.30.187.173,59.36.98.154,59.37.54.37,59.37.54.39,59.37.54.40,59.37.54.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510220; rev:1830; fwsam: src, 24 hours;)
alert udp [59.13.73.72,59.14.118.47,59.14.178.104,59.145.145.52,59.15.113.105,59.15.37.157,59.151.37.103,59.160.210.67,59.161.56.121,59.161.67.85,59.162.166.243,59.166.77.165,59.167.235.100,59.175.184.44,59.175.215.66,59.18.119.142,59.186.192.7,59.190.174.189,59.190.35.210,59.21.136.169,59.21.158.233,59.23.93.122,59.26.46.80,59.3.227.47,59.30.187.173,59.36.98.154,59.37.54.37,59.37.54.39,59.37.54.40,59.37.54.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510221; rev:1830; fwsam: src, 24 hours;)
alert tcp [59.37.54.44,59.37.54.51,59.40.182.186,59.44.43.204,59.46.39.204,59.5.221.59,59.51.9.77,59.51.9.79,59.53.91.102,59.57.251.52,59.64.112.137,59.8.70.158,59.9.140.107,59.92.127.234,59.92.38.98,59.93.115.106,59.93.172.173,59.93.213.202,59.93.219.64,59.93.43.9,59.93.55.141,59.93.68.94,59.94.12.86,59.94.180.226,59.94.181.229,59.94.192.90,59.94.43.7,59.94.68.57,59.95.13.184,59.95.167.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510222; rev:1830; fwsam: src, 24 hours;)
alert udp [59.37.54.44,59.37.54.51,59.40.182.186,59.44.43.204,59.46.39.204,59.5.221.59,59.51.9.77,59.51.9.79,59.53.91.102,59.57.251.52,59.64.112.137,59.8.70.158,59.9.140.107,59.92.127.234,59.92.38.98,59.93.115.106,59.93.172.173,59.93.213.202,59.93.219.64,59.93.43.9,59.93.55.141,59.93.68.94,59.94.12.86,59.94.180.226,59.94.181.229,59.94.192.90,59.94.43.7,59.94.68.57,59.95.13.184,59.95.167.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510223; rev:1830; fwsam: src, 24 hours;)
alert tcp [59.95.47.108,59.95.55.176,59.95.7.169,59.97.138.90,59.97.217.181,59.99.51.42,60.12.25.3,60.169.2.200,60.190.218.232,60.190.222.131,60.190.60.78,60.190.79.3,60.191.151.194,60.191.90.119,60.191.98.5,60.195.250.33,60.195.250.54,60.195.250.56,60.199.18.34,60.2.247.135,60.2.249.13,60.2.249.14,60.208.113.3,60.211.188.108,60.211.253.203,60.213.145.156,60.213.30.69,60.216.102.226,60.217.234.134,60.220.218.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510224; rev:1830; fwsam: src, 24 hours;)
alert udp [59.95.47.108,59.95.55.176,59.95.7.169,59.97.138.90,59.97.217.181,59.99.51.42,60.12.25.3,60.169.2.200,60.190.218.232,60.190.222.131,60.190.60.78,60.190.79.3,60.191.151.194,60.191.90.119,60.191.98.5,60.195.250.33,60.195.250.54,60.195.250.56,60.199.18.34,60.2.247.135,60.2.249.13,60.2.249.14,60.208.113.3,60.211.188.108,60.211.253.203,60.213.145.156,60.213.30.69,60.216.102.226,60.217.234.134,60.220.218.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510225; rev:1830; fwsam: src, 24 hours;)
alert tcp [60.220.224.103,60.221.254.29,60.222.231.187,60.237.58.218,60.247.103.41,60.248.121.216,60.248.152.55,60.248.155.202,60.250.113.123,60.250.5.67,60.251.182.125,60.251.191.8,60.251.88.148,60.253.101.245,60.28.178.10,60.28.183.155,60.28.210.24,60.28.210.9,60.28.240.20,60.29.15.242,60.29.237.61,60.30.32.23,60.30.32.28,60.31.211.5,60.31.213.6,60.32.155.202,60.32.219.106,60.33.1.142,60.35.130.87,60.41.194.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510226; rev:1830; fwsam: src, 24 hours;)
alert udp [60.220.224.103,60.221.254.29,60.222.231.187,60.237.58.218,60.247.103.41,60.248.121.216,60.248.152.55,60.248.155.202,60.250.113.123,60.250.5.67,60.251.182.125,60.251.191.8,60.251.88.148,60.253.101.245,60.28.178.10,60.28.183.155,60.28.210.24,60.28.210.9,60.28.240.20,60.29.15.242,60.29.237.61,60.30.32.23,60.30.32.28,60.31.211.5,60.31.213.6,60.32.155.202,60.32.219.106,60.33.1.142,60.35.130.87,60.41.194.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510227; rev:1830; fwsam: src, 24 hours;)
alert tcp [60.42.92.51,60.45.78.6,60.47.136.60,60.48.176.16,60.48.63.221,60.49.153.153,60.49.96.156,60.51.104.210,60.51.21.191,60.51.66.69,60.51.68.110,60.53.206.43,60.54.114.46,60.54.90.80,60.56.150.248,60.62.211.230,61.100.15.91,61.100.180.25,61.100.5.136,61.106.176.85,61.111.18.85,61.12.16.70,61.123.195.117,61.127.161.4,61.129.60.23,61.129.64.137,61.129.68.163,61.130.248.212,61.132.244.14,61.132.92.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510228; rev:1830; fwsam: src, 24 hours;)
alert udp [60.42.92.51,60.45.78.6,60.47.136.60,60.48.176.16,60.48.63.221,60.49.153.153,60.49.96.156,60.51.104.210,60.51.21.191,60.51.66.69,60.51.68.110,60.53.206.43,60.54.114.46,60.54.90.80,60.56.150.248,60.62.211.230,61.100.15.91,61.100.180.25,61.100.5.136,61.106.176.85,61.111.18.85,61.12.16.70,61.123.195.117,61.127.161.4,61.129.60.23,61.129.64.137,61.129.68.163,61.130.248.212,61.132.244.14,61.132.92.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510229; rev:1830; fwsam: src, 24 hours;)
alert tcp [61.133.208.210,61.135.134.109,61.136.188.83,61.136.60.104,61.136.60.175,61.136.93.30,61.138.217.19,61.139.33.207,61.139.95.125,61.143.178.194,61.143.251.215,61.144.244.57,61.145.114.28,61.146.115.71,61.147.67.186,61.148.17.186,61.150.75.152,61.152.107.145,61.152.107.150,61.152.167.85,61.152.201.74,61.152.217.77,61.152.76.4,61.152.96.116,61.153.15.69,61.154.39.97,61.155.177.2,61.158.154.44,61.163.90.170,61.164.117.233] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510230; rev:1830; fwsam: src, 24 hours;)
alert udp [61.133.208.210,61.135.134.109,61.136.188.83,61.136.60.104,61.136.60.175,61.136.93.30,61.138.217.19,61.139.33.207,61.139.95.125,61.143.178.194,61.143.251.215,61.144.244.57,61.145.114.28,61.146.115.71,61.147.67.186,61.148.17.186,61.150.75.152,61.152.107.145,61.152.107.150,61.152.167.85,61.152.201.74,61.152.217.77,61.152.76.4,61.152.96.116,61.153.15.69,61.154.39.97,61.155.177.2,61.158.154.44,61.163.90.170,61.164.117.233] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510231; rev:1830; fwsam: src, 24 hours;)
alert tcp [61.164.41.75,61.164.42.88,61.168.227.12,61.17.255.183,61.172.249.173,61.177.119.226,61.178.14.125,61.178.24.86,61.178.32.225,61.178.65.76,61.178.65.77,61.178.74.42,61.178.74.43,61.183.11.243,61.183.139.139,61.184.104.106,61.184.179.45,61.185.119.202,61.185.42.6,61.187.94.171,61.188.87.39,61.189.36.142,61.19.114.46,61.19.255.19,61.19.255.52,61.19.42.53,61.19.73.45,61.19.78.42,61.195.161.74,61.196.225.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510232; rev:1830; fwsam: src, 24 hours;)
alert udp [61.164.41.75,61.164.42.88,61.168.227.12,61.17.255.183,61.172.249.173,61.177.119.226,61.178.14.125,61.178.24.86,61.178.32.225,61.178.65.76,61.178.65.77,61.178.74.42,61.178.74.43,61.183.11.243,61.183.139.139,61.184.104.106,61.184.179.45,61.185.119.202,61.185.42.6,61.187.94.171,61.188.87.39,61.189.36.142,61.19.114.46,61.19.255.19,61.19.255.52,61.19.42.53,61.19.73.45,61.19.78.42,61.195.161.74,61.196.225.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510233; rev:1830; fwsam: src, 24 hours;)
alert tcp [61.202.59.37,61.206.74.227,61.210.183.90,61.214.239.89,61.215.113.228,61.219.125.166,61.219.153.228,61.219.56.227,61.219.7.163,61.22.223.217,61.220.173.154,61.220.198.117,61.222.240.77,61.228.73.151,61.229.158.168,61.23.136.64,61.23.141.225,61.23.252.118,61.232.206.99,61.233.108.5,61.235.117.70,61.235.117.77,61.235.117.87,61.239.250.165,61.242.168.93,61.247.91.169,61.253.249.157,61.253.92.114,61.255.83.155,61.31.161.31] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510234; rev:1830; fwsam: src, 24 hours;)
alert udp [61.202.59.37,61.206.74.227,61.210.183.90,61.214.239.89,61.215.113.228,61.219.125.166,61.219.153.228,61.219.56.227,61.219.7.163,61.22.223.217,61.220.173.154,61.220.198.117,61.222.240.77,61.228.73.151,61.229.158.168,61.23.136.64,61.23.141.225,61.23.252.118,61.232.206.99,61.233.108.5,61.235.117.70,61.235.117.77,61.235.117.87,61.239.250.165,61.242.168.93,61.247.91.169,61.253.249.157,61.253.92.114,61.255.83.155,61.31.161.31] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510235; rev:1830; fwsam: src, 24 hours;)
alert tcp [61.33.234.142,61.4.190.206,61.4.190.207,61.4.82.18,61.4.82.210,61.4.82.212,61.4.82.214,61.4.82.216,61.4.82.222,61.4.82.223,61.4.82.249,61.47.121.146,61.49.0.94,61.5.159.206,61.5.218.236,61.50.132.68,61.57.132.144,61.6.163.30,61.60.224.202,61.61.20.134,61.63.112.194,61.63.4.227,61.66.135.196,61.7.159.14,61.7.159.204,61.7.219.67,61.7.235.69,61.7.241.45,61.7.252.242,61.74.223.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510236; rev:1830; fwsam: src, 24 hours;)
alert udp [61.33.234.142,61.4.190.206,61.4.190.207,61.4.82.18,61.4.82.210,61.4.82.212,61.4.82.214,61.4.82.216,61.4.82.222,61.4.82.223,61.4.82.249,61.47.121.146,61.49.0.94,61.5.159.206,61.5.218.236,61.50.132.68,61.57.132.144,61.6.163.30,61.60.224.202,61.61.20.134,61.63.112.194,61.63.4.227,61.66.135.196,61.7.159.14,61.7.159.204,61.7.219.67,61.7.235.69,61.7.241.45,61.7.252.242,61.74.223.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510237; rev:1830; fwsam: src, 24 hours;)
alert tcp [61.74.60.231,61.81.45.185,61.85.206.180,61.87.47.202,61.90.239.140,61.94.17.126,61.96.111.189,62.117.117.68,62.117.122.242,62.117.86.162,62.118.122.35,62.122.214.55,62.129.179.220,62.140.252.198,62.141.50.91,62.147.156.67,62.149.11.90,62.149.13.210,62.149.175.39,62.149.201.229,62.149.234.131,62.149.27.167,62.149.27.183,62.152.74.202,62.16.138.100,62.168.11.186,62.169.220.203,62.173.33.213,62.178.147.236,62.182.80.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510238; rev:1830; fwsam: src, 24 hours;)
alert udp [61.74.60.231,61.81.45.185,61.85.206.180,61.87.47.202,61.90.239.140,61.94.17.126,61.96.111.189,62.117.117.68,62.117.122.242,62.117.86.162,62.118.122.35,62.122.214.55,62.129.179.220,62.140.252.198,62.141.50.91,62.147.156.67,62.149.11.90,62.149.13.210,62.149.175.39,62.149.201.229,62.149.234.131,62.149.27.167,62.149.27.183,62.152.74.202,62.16.138.100,62.168.11.186,62.169.220.203,62.173.33.213,62.178.147.236,62.182.80.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510239; rev:1830; fwsam: src, 24 hours;)
alert tcp [62.193.219.62,62.193.229.83,62.193.230.10,62.193.242.95,62.193.248.45,62.193.72.244,62.197.206.220,62.2.182.105,62.201.75.159,62.201.78.222,62.204.132.170,62.212.67.143,62.215.158.153,62.233.84.85,62.240.177.84,62.241.5.86,62.26.219.177,62.28.147.204,62.28.78.74,62.30.34.52,62.43.110.162,62.45.131.12,62.5.221.178,62.61.60.124,62.64.79.194,62.65.237.3,62.65.39.3,62.75.186.226,62.75.211.156,62.77.234.179] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510240; rev:1830; fwsam: src, 24 hours;)
alert udp [62.193.219.62,62.193.229.83,62.193.230.10,62.193.242.95,62.193.248.45,62.193.72.244,62.197.206.220,62.2.182.105,62.201.75.159,62.201.78.222,62.204.132.170,62.212.67.143,62.215.158.153,62.233.84.85,62.240.177.84,62.241.5.86,62.26.219.177,62.28.147.204,62.28.78.74,62.30.34.52,62.43.110.162,62.45.131.12,62.5.221.178,62.61.60.124,62.64.79.194,62.65.237.3,62.65.39.3,62.75.186.226,62.75.211.156,62.77.234.179] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510241; rev:1830; fwsam: src, 24 hours;)
alert tcp [62.80.168.78,62.80.172.18,62.82.27.26,62.89.112.170,63.131.38.196,63.135.169.57,63.139.74.8,63.151.109.189,63.193.73.148,63.245.19.70,63.251.135.15,63.76.125.31,64.115.152.62,64.116.135.52,64.118.84.7,64.120.148.101,64.120.225.18,64.120.227.154,64.122.25.18,64.128.80.102,64.13.227.66,64.15.235.38,64.15.65.90,64.150.231.161,64.151.122.76,64.157.3.199,64.169.30.4,64.186.131.206,64.191.197.37,64.191.75.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510242; rev:1830; fwsam: src, 24 hours;)
alert udp [62.80.168.78,62.80.172.18,62.82.27.26,62.89.112.170,63.131.38.196,63.135.169.57,63.139.74.8,63.151.109.189,63.193.73.148,63.245.19.70,63.251.135.15,63.76.125.31,64.115.152.62,64.116.135.52,64.118.84.7,64.120.148.101,64.120.225.18,64.120.227.154,64.122.25.18,64.128.80.102,64.13.227.66,64.15.235.38,64.15.65.90,64.150.231.161,64.151.122.76,64.157.3.199,64.169.30.4,64.186.131.206,64.191.197.37,64.191.75.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510243; rev:1830; fwsam: src, 24 hours;)
alert tcp [64.198.138.50,64.20.52.218,64.202.189.170,64.208.49.5,64.232.46.41,64.251.8.167,64.253.70.121,64.26.59.14,64.3.132.231,64.34.200.138,64.46.38.10,64.53.173.206,64.56.66.122,64.61.76.100,64.62.136.18,64.62.181.43,64.69.35.127,64.70.19.33,64.71.40.27,64.79.206.178,64.79.79.227,64.86.59.1,64.86.75.215,64.90.182.181,64.90.182.185,65.111.164.40,65.111.184.207,65.118.153.195,65.120.131.2,65.123.200.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510244; rev:1830; fwsam: src, 24 hours;)
alert udp [64.198.138.50,64.20.52.218,64.202.189.170,64.208.49.5,64.232.46.41,64.251.8.167,64.253.70.121,64.26.59.14,64.3.132.231,64.34.200.138,64.46.38.10,64.53.173.206,64.56.66.122,64.61.76.100,64.62.136.18,64.62.181.43,64.69.35.127,64.70.19.33,64.71.40.27,64.79.206.178,64.79.79.227,64.86.59.1,64.86.75.215,64.90.182.181,64.90.182.185,65.111.164.40,65.111.184.207,65.118.153.195,65.120.131.2,65.123.200.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510245; rev:1830; fwsam: src, 24 hours;)
alert tcp [65.189.177.200,65.208.122.48,65.219.237.10,65.24.74.173,65.29.120.148,65.38.221.194,65.38.91.225,65.48.0.234,65.49.170.80,65.60.55.239,65.70.156.23,65.75.118.221,65.98.97.98,65.99.1.130,66.11.122.194,66.128.123.194,66.135.50.218,66.147.172.2,66.159.18.9,66.160.141.162,66.165.220.67,66.169.14.129,66.169.41.127,66.176.12.138,66.179.6.228,66.18.176.35,66.186.71.184,66.188.113.247,66.19.119.87,66.192.134.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510246; rev:1830; fwsam: src, 24 hours;)
alert udp [65.189.177.200,65.208.122.48,65.219.237.10,65.24.74.173,65.29.120.148,65.38.221.194,65.38.91.225,65.48.0.234,65.49.170.80,65.60.55.239,65.70.156.23,65.75.118.221,65.98.97.98,65.99.1.130,66.11.122.194,66.128.123.194,66.135.50.218,66.147.172.2,66.159.18.9,66.160.141.162,66.165.220.67,66.169.14.129,66.169.41.127,66.176.12.138,66.179.6.228,66.18.176.35,66.186.71.184,66.188.113.247,66.19.119.87,66.192.134.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510247; rev:1830; fwsam: src, 24 hours;)
alert tcp [66.196.238.138,66.197.139.245,66.197.160.245,66.197.161.117,66.197.186.37,66.197.207.37,66.197.230.58,66.197.250.118,66.199.229.66,66.199.235.154,66.199.248.195,66.206.49.85,66.212.15.99,66.212.155.140,66.214.230.23,66.214.234.66,66.214.67.99,66.220.45.61,66.220.45.67,66.229.57.130,66.231.135.49,66.232.103.198,66.232.108.55,66.232.120.14,66.24.250.87,66.240.163.84,66.240.231.154,66.241.101.168,66.254.41.152,66.41.157.49] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510248; rev:1830; fwsam: src, 24 hours;)
alert udp [66.196.238.138,66.197.139.245,66.197.160.245,66.197.161.117,66.197.186.37,66.197.207.37,66.197.230.58,66.197.250.118,66.199.229.66,66.199.235.154,66.199.248.195,66.206.49.85,66.212.15.99,66.212.155.140,66.214.230.23,66.214.234.66,66.214.67.99,66.220.45.61,66.220.45.67,66.229.57.130,66.231.135.49,66.232.103.198,66.232.108.55,66.232.120.14,66.24.250.87,66.240.163.84,66.240.231.154,66.241.101.168,66.254.41.152,66.41.157.49] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510249; rev:1830; fwsam: src, 24 hours;)
alert tcp [66.48.71.42,66.50.181.59,66.57.204.127,66.65.246.208,66.69.70.13,66.7.131.237,66.7.207.100,66.7.207.94,66.7.221.26,66.79.186.70,66.93.3.176,66.93.83.62,66.96.144.191,66.96.16.32,66.98.220.75,66.98.252.3,67.110.217.162,67.124.37.85,67.127.246.47,67.141.185.89,67.163.210.185,67.164.7.67,67.166.236.95,67.18.150.10,67.189.251.144,67.191.11.14,67.202.106.10,67.202.126.34,67.202.67.138,67.202.80.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510250; rev:1830; fwsam: src, 24 hours;)
alert udp [66.48.71.42,66.50.181.59,66.57.204.127,66.65.246.208,66.69.70.13,66.7.131.237,66.7.207.100,66.7.207.94,66.7.221.26,66.79.186.70,66.93.3.176,66.93.83.62,66.96.144.191,66.96.16.32,66.98.220.75,66.98.252.3,67.110.217.162,67.124.37.85,67.127.246.47,67.141.185.89,67.163.210.185,67.164.7.67,67.166.236.95,67.18.150.10,67.189.251.144,67.191.11.14,67.202.106.10,67.202.126.34,67.202.67.138,67.202.80.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510251; rev:1830; fwsam: src, 24 hours;)
alert tcp [67.205.103.140,67.205.111.201,67.205.74.137,67.206.233.96,67.210.170.170,67.212.81.186,67.213.8.230,67.214.120.139,67.214.163.130,67.215.238.202,67.215.242.200,67.220.225.80,67.223.226.173,67.223.6.126,67.225.176.147,67.225.241.125,67.228.187.204,67.23.14.188,67.23.180.54,67.23.47.249,67.23.79.114,67.241.124.103,67.244.50.59,67.55.171.240,67.63.146.141,67.77.32.172,67.90.194.2,68.112.20.45,68.114.184.2,68.115.151.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510252; rev:1830; fwsam: src, 24 hours;)
alert udp [67.205.103.140,67.205.111.201,67.205.74.137,67.206.233.96,67.210.170.170,67.212.81.186,67.213.8.230,67.214.120.139,67.214.163.130,67.215.238.202,67.215.242.200,67.220.225.80,67.223.226.173,67.223.6.126,67.225.176.147,67.225.241.125,67.228.187.204,67.23.14.188,67.23.180.54,67.23.47.249,67.23.79.114,67.241.124.103,67.244.50.59,67.55.171.240,67.63.146.141,67.77.32.172,67.90.194.2,68.112.20.45,68.114.184.2,68.115.151.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510253; rev:1830; fwsam: src, 24 hours;)
alert tcp [68.127.86.89,68.148.80.60,68.149.178.200,68.15.91.138,68.166.79.199,68.169.40.90,68.174.197.49,68.178.232.100,68.178.232.99,68.178.254.125,68.180.151.74,68.184.1.138,68.187.240.205,68.190.228.9,68.207.183.35,68.217.7.136,68.222.48.83,68.254.174.48,68.38.179.218,68.40.167.165,68.5.149.89,68.51.149.50,68.59.219.117,68.93.100.238,68.94.94.56,68.95.138.206,69.10.60.214,69.105.229.101,69.106.250.30,69.12.218.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510254; rev:1830; fwsam: src, 24 hours;)
alert udp [68.127.86.89,68.148.80.60,68.149.178.200,68.15.91.138,68.166.79.199,68.169.40.90,68.174.197.49,68.178.232.100,68.178.232.99,68.178.254.125,68.180.151.74,68.184.1.138,68.187.240.205,68.190.228.9,68.207.183.35,68.217.7.136,68.222.48.83,68.254.174.48,68.38.179.218,68.40.167.165,68.5.149.89,68.51.149.50,68.59.219.117,68.93.100.238,68.94.94.56,68.95.138.206,69.10.60.214,69.105.229.101,69.106.250.30,69.12.218.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510255; rev:1830; fwsam: src, 24 hours;)
alert tcp [69.120.2.123,69.13.196.47,69.148.184.189,69.149.252.32,69.153.11.108,69.161.130.233,69.162.115.191,69.162.75.178,69.162.89.61,69.162.93.12,69.162.93.15,69.163.168.34,69.164.196.180,69.164.215.41,69.169.145.90,69.169.183.21,69.174.245.179,69.175.25.218,69.175.35.138,69.175.68.94,69.178.131.157,69.197.142.141,69.198.24.170,69.204.69.15,69.205.84.198,69.206.233.118,69.208.4.223,69.208.9.232,69.216.126.86,69.219.229.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510256; rev:1830; fwsam: src, 24 hours;)
alert udp [69.120.2.123,69.13.196.47,69.148.184.189,69.149.252.32,69.153.11.108,69.161.130.233,69.162.115.191,69.162.75.178,69.162.89.61,69.162.93.12,69.162.93.15,69.163.168.34,69.164.196.180,69.164.215.41,69.169.145.90,69.169.183.21,69.174.245.179,69.175.25.218,69.175.35.138,69.175.68.94,69.178.131.157,69.197.142.141,69.198.24.170,69.204.69.15,69.205.84.198,69.206.233.118,69.208.4.223,69.208.9.232,69.216.126.86,69.219.229.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510257; rev:1830; fwsam: src, 24 hours;)
alert tcp [69.224.35.106,69.225.221.205,69.225.94.123,69.226.31.205,69.227.128.30,69.228.150.161,69.229.111.151,69.229.174.241,69.23.220.144,69.231.140.127,69.234.127.144,69.235.39.178,69.237.197.114,69.246.8.184,69.249.114.97,69.249.22.165,69.25.178.103,69.254.67.43,69.28.205.120,69.38.214.122,69.39.235.15,69.39.235.19,69.41.0.35,69.42.121.240,69.42.210.194,69.42.213.18,69.45.90.202,69.47.72.196,69.50.221.213,69.50.252.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (130)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510258; rev:1830; fwsam: src, 24 hours;)
alert udp [69.224.35.106,69.225.221.205,69.225.94.123,69.226.31.205,69.227.128.30,69.228.150.161,69.229.111.151,69.229.174.241,69.23.220.144,69.231.140.127,69.234.127.144,69.235.39.178,69.237.197.114,69.246.8.184,69.249.114.97,69.249.22.165,69.25.178.103,69.254.67.43,69.28.205.120,69.38.214.122,69.39.235.15,69.39.235.19,69.41.0.35,69.42.121.240,69.42.210.194,69.42.213.18,69.45.90.202,69.47.72.196,69.50.221.213,69.50.252.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (130)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510259; rev:1830; fwsam: src, 24 hours;)
alert tcp [69.60.116.130,69.64.147.211,69.64.210.120,69.64.64.114,69.65.19.125,69.65.33.5,69.67.245.34,69.72.236.186,69.73.129.27,69.73.170.198,69.73.230.90,69.88.214.133,69.89.30.147,69.89.31.163,69.92.126.76,70.119.115.137,70.121.171.97,70.121.246.218,70.125.13.136,70.128.214.230,70.129.56.103,70.131.80.237,70.209.238.75,70.221.160.144,70.225.85.4,70.234.198.168,70.238.56.3,70.239.212.234,70.239.216.99,70.243.32.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (131)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510260; rev:1830; fwsam: src, 24 hours;)
alert udp [69.60.116.130,69.64.147.211,69.64.210.120,69.64.64.114,69.65.19.125,69.65.33.5,69.67.245.34,69.72.236.186,69.73.129.27,69.73.170.198,69.73.230.90,69.88.214.133,69.89.30.147,69.89.31.163,69.92.126.76,70.119.115.137,70.121.171.97,70.121.246.218,70.125.13.136,70.128.214.230,70.129.56.103,70.131.80.237,70.209.238.75,70.221.160.144,70.225.85.4,70.234.198.168,70.238.56.3,70.239.212.234,70.239.216.99,70.243.32.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (131)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510261; rev:1830; fwsam: src, 24 hours;)
alert tcp [70.244.234.118,70.244.51.207,70.248.127.161,70.248.74.180,70.33.244.181,70.34.140.86,70.38.37.120,70.38.54.232,70.45.17.66,70.45.74.230,70.45.96.19,70.66.213.81,70.84.62.194,70.85.52.99,70.87.94.52,70.87.99.34,70.89.182.170,70.99.187.84,71.109.117.27,71.11.234.135,71.130.124.107,71.139.163.237,71.139.187.246,71.14.40.226,71.142.76.18,71.143.1.14,71.146.19.1,71.146.200.37,71.146.21.70,71.146.232.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (132)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510262; rev:1830; fwsam: src, 24 hours;)
alert udp [70.244.234.118,70.244.51.207,70.248.127.161,70.248.74.180,70.33.244.181,70.34.140.86,70.38.37.120,70.38.54.232,70.45.17.66,70.45.74.230,70.45.96.19,70.66.213.81,70.84.62.194,70.85.52.99,70.87.94.52,70.87.99.34,70.89.182.170,70.99.187.84,71.109.117.27,71.11.234.135,71.130.124.107,71.139.163.237,71.139.187.246,71.14.40.226,71.142.76.18,71.143.1.14,71.146.19.1,71.146.200.37,71.146.21.70,71.146.232.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (132)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510263; rev:1830; fwsam: src, 24 hours;)
alert tcp [71.176.1.226,71.183.86.35,71.183.86.38,71.183.86.41,71.196.124.87,71.198.72.128,71.205.6.46,71.22.203.214,71.224.119.40,71.232.255.159,71.238.47.81,71.54.72.118,71.63.34.129,71.64.192.65,71.7.7.132,71.71.61.139,71.81.209.248,71.83.134.12,71.95.133.128,72.11.128.153,72.11.144.89,72.11.155.219,72.135.97.153,72.149.74.11,72.164.197.51,72.165.161.222,72.167.131.22,72.167.201.20,72.185.191.215,72.189.196.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (133)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510264; rev:1830; fwsam: src, 24 hours;)
alert udp [71.176.1.226,71.183.86.35,71.183.86.38,71.183.86.41,71.196.124.87,71.198.72.128,71.205.6.46,71.22.203.214,71.224.119.40,71.232.255.159,71.238.47.81,71.54.72.118,71.63.34.129,71.64.192.65,71.7.7.132,71.71.61.139,71.81.209.248,71.83.134.12,71.95.133.128,72.11.128.153,72.11.144.89,72.11.155.219,72.135.97.153,72.149.74.11,72.164.197.51,72.165.161.222,72.167.131.22,72.167.201.20,72.185.191.215,72.189.196.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (133)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510265; rev:1830; fwsam: src, 24 hours;)
alert tcp [72.191.185.14,72.20.2.178,72.20.98.234,72.22.80.163,72.229.58.146,72.231.9.40,72.232.219.152,72.25.82.131,72.39.29.137,72.40.98.175,72.44.83.42,72.47.202.27,72.47.209.133,72.51.224.160,72.52.77.131,72.55.113.61,72.55.140.205,72.55.146.199,72.55.148.4,72.55.188.122,72.9.233.117,72.9.245.82,74.101.51.245,74.111.35.69,74.113.33.51,74.117.56.221,74.117.60.85,74.127.18.195,74.132.31.140,74.200.6.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (134)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510266; rev:1830; fwsam: src, 24 hours;)
alert udp [72.191.185.14,72.20.2.178,72.20.98.234,72.22.80.163,72.229.58.146,72.231.9.40,72.232.219.152,72.25.82.131,72.39.29.137,72.40.98.175,72.44.83.42,72.47.202.27,72.47.209.133,72.51.224.160,72.52.77.131,72.55.113.61,72.55.140.205,72.55.146.199,72.55.148.4,72.55.188.122,72.9.233.117,72.9.245.82,74.101.51.245,74.111.35.69,74.113.33.51,74.117.56.221,74.117.60.85,74.127.18.195,74.132.31.140,74.200.6.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (134)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510267; rev:1830; fwsam: src, 24 hours;)
alert tcp [74.206.162.246,74.206.162.250,74.207.226.250,74.208.10.2,74.208.155.116,74.208.200.53,74.208.210.199,74.208.210.240,74.208.47.57,74.210.125.7,74.212.177.116,74.213.113.184,74.218.151.190,74.220.207.172,74.220.207.190,74.220.215.91,74.220.219.74,74.222.1.99,74.241.84.222,74.243.168.182,74.3.35.44,74.50.99.232,74.52.128.226,74.52.48.66,74.53.38.210,74.54.156.73,74.55.219.20,74.55.33.194,74.55.38.242,74.55.47.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (135)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510268; rev:1830; fwsam: src, 24 hours;)
alert udp [74.206.162.246,74.206.162.250,74.207.226.250,74.208.10.2,74.208.155.116,74.208.200.53,74.208.210.199,74.208.210.240,74.208.47.57,74.210.125.7,74.212.177.116,74.213.113.184,74.218.151.190,74.220.207.172,74.220.207.190,74.220.215.91,74.220.219.74,74.222.1.99,74.241.84.222,74.243.168.182,74.3.35.44,74.50.99.232,74.52.128.226,74.52.48.66,74.53.38.210,74.54.156.73,74.55.219.20,74.55.33.194,74.55.38.242,74.55.47.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (135)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510269; rev:1830; fwsam: src, 24 hours;)
alert tcp [74.63.233.180,74.63.233.25,74.64.65.180,74.65.197.100,74.7.129.85,74.81.145.155,74.84.138.90,74.85.9.244,74.86.158.8,74.92.224.225,74.92.224.226,74.93.195.210,74.94.119.235,75.0.144.140,75.10.121.191,75.10.151.55,75.120.255.253,75.125.131.82,75.125.143.202,75.126.235.202,75.13.77.98,75.132.213.250,75.133.73.54,75.137.111.175,75.141.200.176,75.144.161.198,75.147.28.109,75.149.187.89,75.15.236.173,75.15.241.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (136)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510270; rev:1830; fwsam: src, 24 hours;)
alert udp [74.63.233.180,74.63.233.25,74.64.65.180,74.65.197.100,74.7.129.85,74.81.145.155,74.84.138.90,74.85.9.244,74.86.158.8,74.92.224.225,74.92.224.226,74.93.195.210,74.94.119.235,75.0.144.140,75.10.121.191,75.10.151.55,75.120.255.253,75.125.131.82,75.125.143.202,75.126.235.202,75.13.77.98,75.132.213.250,75.133.73.54,75.137.111.175,75.141.200.176,75.144.161.198,75.147.28.109,75.149.187.89,75.15.236.173,75.15.241.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (136)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510271; rev:1830; fwsam: src, 24 hours;)
alert tcp [75.155.134.194,75.176.54.36,75.179.133.153,75.195.5.244,75.2.222.157,75.204.38.146,75.21.70.235,75.211.218.96,75.215.219.28,75.223.50.213,75.236.210.103,75.236.246.152,75.237.43.205,75.237.76.217,75.252.124.248,75.32.28.39,75.32.30.88,75.33.138.190,75.34.216.140,75.36.218.223,75.4.241.79,75.4.9.254,75.42.82.69,75.45.201.66,75.49.10.199,75.5.227.199,75.50.102.127,75.50.121.108,75.50.88.249,75.51.131.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (137)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510272; rev:1830; fwsam: src, 24 hours;)
alert udp [75.155.134.194,75.176.54.36,75.179.133.153,75.195.5.244,75.2.222.157,75.204.38.146,75.21.70.235,75.211.218.96,75.215.219.28,75.223.50.213,75.236.210.103,75.236.246.152,75.237.43.205,75.237.76.217,75.252.124.248,75.32.28.39,75.32.30.88,75.33.138.190,75.34.216.140,75.36.218.223,75.4.241.79,75.4.9.254,75.42.82.69,75.45.201.66,75.49.10.199,75.5.227.199,75.50.102.127,75.50.121.108,75.50.88.249,75.51.131.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (137)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510273; rev:1830; fwsam: src, 24 hours;)
alert tcp [75.53.159.178,75.55.212.26,75.57.185.227,75.58.38.192,75.60.28.222,75.65.57.4,75.74.244.131,75.95.3.10,76.103.96.178,76.104.8.70,76.107.244.234,76.108.150.81,76.11.140.188,76.118.11.126,76.121.107.27,76.121.109.122,76.121.190.251,76.125.109.16,76.126.145.46,76.127.74.64,76.167.73.224,76.168.39.36,76.168.6.252,76.169.151.3,76.171.141.33,76.174.148.102,76.174.38.224,76.181.189.219,76.186.30.188,76.191.100.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (138)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510274; rev:1830; fwsam: src, 24 hours;)
alert udp [75.53.159.178,75.55.212.26,75.57.185.227,75.58.38.192,75.60.28.222,75.65.57.4,75.74.244.131,75.95.3.10,76.103.96.178,76.104.8.70,76.107.244.234,76.108.150.81,76.11.140.188,76.118.11.126,76.121.107.27,76.121.109.122,76.121.190.251,76.125.109.16,76.126.145.46,76.127.74.64,76.167.73.224,76.168.39.36,76.168.6.252,76.169.151.3,76.171.141.33,76.174.148.102,76.174.38.224,76.181.189.219,76.186.30.188,76.191.100.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (138)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510275; rev:1830; fwsam: src, 24 hours;)
alert tcp [76.193.118.158,76.194.242.159,76.195.157.200,76.197.243.91,76.202.180.249,76.202.214.47,76.203.207.58,76.203.213.31,76.205.116.224,76.211.227.211,76.211.235.47,76.216.114.171,76.217.51.242,76.229.172.13,76.23.94.61,76.230.208.218,76.230.27.169,76.237.191.36,76.240.217.32,76.241.109.106,76.247.137.18,76.25.104.77,76.25.54.13,76.28.120.222,76.30.131.203,76.30.136.112,76.30.184.78,76.31.82.106,76.73.2.106,76.74.238.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (139)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510276; rev:1830; fwsam: src, 24 hours;)
alert udp [76.193.118.158,76.194.242.159,76.195.157.200,76.197.243.91,76.202.180.249,76.202.214.47,76.203.207.58,76.203.213.31,76.205.116.224,76.211.227.211,76.211.235.47,76.216.114.171,76.217.51.242,76.229.172.13,76.23.94.61,76.230.208.218,76.230.27.169,76.237.191.36,76.240.217.32,76.241.109.106,76.247.137.18,76.25.104.77,76.25.54.13,76.28.120.222,76.30.131.203,76.30.136.112,76.30.184.78,76.31.82.106,76.73.2.106,76.74.238.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (139)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510277; rev:1830; fwsam: src, 24 hours;)
alert tcp [76.76.189.250,76.76.98.250,76.76.99.2,76.84.157.15,76.89.199.155,76.97.152.243,77.105.217.180,77.105.48.46,77.105.57.84,77.108.121.3,77.108.82.100,77.120.117.6,77.120.117.79,77.120.252.131,77.120.41.215,77.126.125.13,77.126.246.130,77.127.138.100,77.127.6.197,77.221.130.39,77.221.153.142,77.221.153.184,77.221.68.24,77.222.40.206,77.235.43.185,77.236.186.157,77.238.205.203,77.239.69.15,77.239.69.208,77.241.32.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (140)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510278; rev:1830; fwsam: src, 24 hours;)
alert udp [76.76.189.250,76.76.98.250,76.76.99.2,76.84.157.15,76.89.199.155,76.97.152.243,77.105.217.180,77.105.48.46,77.105.57.84,77.108.121.3,77.108.82.100,77.120.117.6,77.120.117.79,77.120.252.131,77.120.41.215,77.126.125.13,77.126.246.130,77.127.138.100,77.127.6.197,77.221.130.39,77.221.153.142,77.221.153.184,77.221.68.24,77.222.40.206,77.235.43.185,77.236.186.157,77.238.205.203,77.239.69.15,77.239.69.208,77.241.32.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (140)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510279; rev:1830; fwsam: src, 24 hours;)
alert tcp [77.241.41.165,77.241.64.30,77.242.175.154,77.243.105.139,77.245.145.193,77.245.145.197,77.245.148.196,77.246.240.122,77.252.145.215,77.253.52.230,77.253.80.178,77.253.96.177,77.254.155.126,77.254.213.31,77.254.59.254,77.255.7.90,77.255.83.124,77.27.206.92,77.28.35.136,77.37.204.159,77.39.19.67,77.42.241.106,77.47.187.63,77.49.150.171,77.54.138.5,77.56.105.164,77.56.144.14,77.68.60.198,77.72.71.44,77.73.232.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (141)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510280; rev:1830; fwsam: src, 24 hours;)
alert udp [77.241.41.165,77.241.64.30,77.242.175.154,77.243.105.139,77.245.145.193,77.245.145.197,77.245.148.196,77.246.240.122,77.252.145.215,77.253.52.230,77.253.80.178,77.253.96.177,77.254.155.126,77.254.213.31,77.254.59.254,77.255.7.90,77.255.83.124,77.27.206.92,77.28.35.136,77.37.204.159,77.39.19.67,77.42.241.106,77.47.187.63,77.49.150.171,77.54.138.5,77.56.105.164,77.56.144.14,77.68.60.198,77.72.71.44,77.73.232.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (141)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510281; rev:1830; fwsam: src, 24 hours;)
alert tcp [77.76.137.237,77.78.104.72,77.79.254.191,77.87.118.31,77.88.66.251,77.90.193.114,77.92.148.10,77.93.197.86,77.93.218.9,78.0.247.49,78.101.160.58,78.106.208.157,78.108.81.170,78.108.88.38,78.110.7.19,78.111.80.68,78.129.171.16,78.129.34.87,78.130.86.146,78.131.54.92,78.133.126.42,78.141.86.238,78.155.61.144,78.157.32.5,78.159.98.71,78.169.4.251,78.177.254.130,78.181.35.43,78.184.168.23,78.184.4.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (142)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510282; rev:1830; fwsam: src, 24 hours;)
alert udp [77.76.137.237,77.78.104.72,77.79.254.191,77.87.118.31,77.88.66.251,77.90.193.114,77.92.148.10,77.93.197.86,77.93.218.9,78.0.247.49,78.101.160.58,78.106.208.157,78.108.81.170,78.108.88.38,78.110.7.19,78.111.80.68,78.129.171.16,78.129.34.87,78.130.86.146,78.131.54.92,78.133.126.42,78.141.86.238,78.155.61.144,78.157.32.5,78.159.98.71,78.169.4.251,78.177.254.130,78.181.35.43,78.184.168.23,78.184.4.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (142)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510283; rev:1830; fwsam: src, 24 hours;)
alert tcp [78.184.7.104,78.185.131.163,78.242.220.80,78.29.78.204,78.3.253.176,78.30.202.56,78.30.226.3,78.30.232.112,78.31.218.3,78.37.222.200,78.42.13.92,78.42.220.112,78.46.183.30,78.5.95.11,78.55.108.41,78.69.30.49,78.70.228.237,78.8.156.7,78.8.17.216,78.8.40.59,78.8.84.217,78.86.232.250,78.87.9.75,78.88.55.38,78.9.29.233,79.1.202.133,79.112.23.159,79.112.91.152,79.113.105.100,79.113.19.243] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (143)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510284; rev:1830; fwsam: src, 24 hours;)
alert udp [78.184.7.104,78.185.131.163,78.242.220.80,78.29.78.204,78.3.253.176,78.30.202.56,78.30.226.3,78.30.232.112,78.31.218.3,78.37.222.200,78.42.13.92,78.42.220.112,78.46.183.30,78.5.95.11,78.55.108.41,78.69.30.49,78.70.228.237,78.8.156.7,78.8.17.216,78.8.40.59,78.8.84.217,78.86.232.250,78.87.9.75,78.88.55.38,78.9.29.233,79.1.202.133,79.112.23.159,79.112.91.152,79.113.105.100,79.113.19.243] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (143)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510285; rev:1830; fwsam: src, 24 hours;)
alert tcp [79.113.98.63,79.114.111.120,79.114.4.253,79.114.5.109,79.116.59.224,79.117.111.235,79.117.133.59,79.117.137.99,79.117.170.130,79.117.52.21,79.118.240.113,79.118.253.10,79.118.254.160,79.118.31.80,79.119.222.126,79.119.75.181,79.119.95.104,79.120.164.172,79.120.192.190,79.120.83.30,79.120.83.6,79.121.181.249,79.122.229.174,79.124.0.104,79.124.110.19,79.124.58.156,79.125.212.102,79.127.124.131,79.133.193.170,79.133.195.107] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (144)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510286; rev:1830; fwsam: src, 24 hours;)
alert udp [79.113.98.63,79.114.111.120,79.114.4.253,79.114.5.109,79.116.59.224,79.117.111.235,79.117.133.59,79.117.137.99,79.117.170.130,79.117.52.21,79.118.240.113,79.118.253.10,79.118.254.160,79.118.31.80,79.119.222.126,79.119.75.181,79.119.95.104,79.120.164.172,79.120.192.190,79.120.83.30,79.120.83.6,79.121.181.249,79.122.229.174,79.124.0.104,79.124.110.19,79.124.58.156,79.125.212.102,79.127.124.131,79.133.193.170,79.133.195.107] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (144)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510287; rev:1830; fwsam: src, 24 hours;)
alert tcp [79.135.192.182,79.137.228.130,79.138.135.127,79.138.157.202,79.139.30.249,79.143.176.60,79.143.254.60,79.162.137.245,79.162.164.15,79.162.173.156,79.163.147.55,79.163.199.134,79.163.241.35,79.163.30.29,79.164.142.201,79.164.58.239,79.164.88.24,79.164.89.10,79.17.71.4,79.170.40.230,79.171.122.34,79.171.122.38,79.171.122.70,79.171.122.94,79.172.205.120,79.172.60.68,79.175.122.131,79.175.65.40,79.182.72.240,79.183.47.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (145)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510288; rev:1830; fwsam: src, 24 hours;)
alert udp [79.135.192.182,79.137.228.130,79.138.135.127,79.138.157.202,79.139.30.249,79.143.176.60,79.143.254.60,79.162.137.245,79.162.164.15,79.162.173.156,79.163.147.55,79.163.199.134,79.163.241.35,79.163.30.29,79.164.142.201,79.164.58.239,79.164.88.24,79.164.89.10,79.17.71.4,79.170.40.230,79.171.122.34,79.171.122.38,79.171.122.70,79.171.122.94,79.172.205.120,79.172.60.68,79.175.122.131,79.175.65.40,79.182.72.240,79.183.47.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (145)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510289; rev:1830; fwsam: src, 24 hours;)
alert tcp [79.183.61.29,79.184.130.21,79.184.66.146,79.185.102.25,79.185.244.161,79.190.225.226,79.26.129.102,79.29.80.124,79.33.244.47,79.35.102.187,79.36.63.83,79.38.86.58,79.4.155.167,79.5.148.167,79.53.147.129,79.55.228.148,79.9.65.52,79.97.93.254,79.98.31.54,80.13.112.50,80.13.124.36,80.13.162.23,80.13.200.179,80.13.205.204,80.138.192.223,80.14.186.105,80.166.142.93,80.172.230.217,80.191.15.48,80.201.42.91] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (146)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510290; rev:1830; fwsam: src, 24 hours;)
alert udp [79.183.61.29,79.184.130.21,79.184.66.146,79.185.102.25,79.185.244.161,79.190.225.226,79.26.129.102,79.29.80.124,79.33.244.47,79.35.102.187,79.36.63.83,79.38.86.58,79.4.155.167,79.5.148.167,79.53.147.129,79.55.228.148,79.9.65.52,79.97.93.254,79.98.31.54,80.13.112.50,80.13.124.36,80.13.162.23,80.13.200.179,80.13.205.204,80.138.192.223,80.14.186.105,80.166.142.93,80.172.230.217,80.191.15.48,80.201.42.91] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (146)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510291; rev:1830; fwsam: src, 24 hours;)
alert tcp [80.203.122.116,80.213.188.74,80.217.47.136,80.219.207.78,80.240.199.55,80.240.202.170,80.240.208.157,80.243.45.97,80.243.46.4,80.247.76.139,80.249.173.97,80.249.238.148,80.250.171.190,80.254.80.161,80.37.47.136,80.38.244.215,80.51.186.2,80.51.46.77,80.51.99.34,80.53.221.18,80.67.145.47,80.69.80.41,80.72.67.94,80.74.154.85,80.78.46.196,80.80.103.76,80.82.38.72,80.90.118.106,80.91.190.80,80.91.191.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (147)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510292; rev:1830; fwsam: src, 24 hours;)
alert udp [80.203.122.116,80.213.188.74,80.217.47.136,80.219.207.78,80.240.199.55,80.240.202.170,80.240.208.157,80.243.45.97,80.243.46.4,80.247.76.139,80.249.173.97,80.249.238.148,80.250.171.190,80.254.80.161,80.37.47.136,80.38.244.215,80.51.186.2,80.51.46.77,80.51.99.34,80.53.221.18,80.67.145.47,80.69.80.41,80.72.67.94,80.74.154.85,80.78.46.196,80.80.103.76,80.82.38.72,80.90.118.106,80.91.190.80,80.91.191.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (147)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510293; rev:1830; fwsam: src, 24 hours;)
alert tcp [80.93.236.119,80.93.48.104,80.93.50.78,80.93.58.162,80.93.59.68,80.93.62.127,80.94.174.52,80.95.108.218,80.98.6.186,80.99.83.15,81.0.92.101,81.131.120.143,81.135.40.199,81.137.215.70,81.149.172.7,81.16.240.6,81.166.167.8,81.166.9.133,81.169.145.65,81.169.167.47,81.17.204.147,81.174.66.26,81.176.236.232,81.176.236.239,81.177.157.188,81.177.40.94,81.18.60.125,81.180.121.197,81.182.115.132,81.182.120.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (148)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510294; rev:1830; fwsam: src, 24 hours;)
alert udp [80.93.236.119,80.93.48.104,80.93.50.78,80.93.58.162,80.93.59.68,80.93.62.127,80.94.174.52,80.95.108.218,80.98.6.186,80.99.83.15,81.0.92.101,81.131.120.143,81.135.40.199,81.137.215.70,81.149.172.7,81.16.240.6,81.166.167.8,81.166.9.133,81.169.145.65,81.169.167.47,81.17.204.147,81.174.66.26,81.176.236.232,81.176.236.239,81.177.157.188,81.177.40.94,81.18.60.125,81.180.121.197,81.182.115.132,81.182.120.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (148)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510295; rev:1830; fwsam: src, 24 hours;)
alert tcp [81.182.134.87,81.182.135.10,81.182.163.161,81.184.246.46,81.189.20.26,81.19.4.93,81.190.86.42,81.192.140.178,81.192.176.101,81.192.230.181,81.192.47.110,81.195.192.174,81.196.170.220,81.198.204.182,81.200.23.89,81.203.0.68,81.203.15.5,81.203.43.197,81.215.18.12,81.215.31.168,81.218.238.55,81.219.68.163,81.220.92.162,81.222.112.74,81.222.118.36,81.223.126.240,81.23.101.178,81.240.175.37,81.28.97.25,81.29.253.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (149)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510296; rev:1830; fwsam: src, 24 hours;)
alert udp [81.182.134.87,81.182.135.10,81.182.163.161,81.184.246.46,81.189.20.26,81.19.4.93,81.190.86.42,81.192.140.178,81.192.176.101,81.192.230.181,81.192.47.110,81.195.192.174,81.196.170.220,81.198.204.182,81.200.23.89,81.203.0.68,81.203.15.5,81.203.43.197,81.215.18.12,81.215.31.168,81.218.238.55,81.219.68.163,81.220.92.162,81.222.112.74,81.222.118.36,81.223.126.240,81.23.101.178,81.240.175.37,81.28.97.25,81.29.253.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (149)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510297; rev:1830; fwsam: src, 24 hours;)
alert tcp [81.30.170.206,81.30.195.156,81.30.70.175,81.30.70.217,81.31.145.12,81.35.127.20,81.56.112.105,81.67.25.16,81.7.171.15,81.7.171.41,81.75.61.120,81.80.230.152,81.82.195.89,81.84.33.137,81.90.163.53,81.91.64.12,82.10.48.194,82.102.11.166,82.102.15.48,82.103.139.153,82.113.106.207,82.113.121.103,82.113.121.99,82.114.175.37,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (150)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510298; rev:1830; fwsam: src, 24 hours;)
alert udp [81.30.170.206,81.30.195.156,81.30.70.175,81.30.70.217,81.31.145.12,81.35.127.20,81.56.112.105,81.67.25.16,81.7.171.15,81.7.171.41,81.75.61.120,81.80.230.152,81.82.195.89,81.84.33.137,81.90.163.53,81.91.64.12,82.10.48.194,82.102.11.166,82.102.15.48,82.103.139.153,82.113.106.207,82.113.121.103,82.113.121.99,82.114.175.37,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (150)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510299; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.226.5,82.125.219.159,82.128.245.136,82.128.252.129,82.128.253.201,82.130.177.254,82.131.192.212,82.131.228.37,82.131.239.112,82.131.247.42,82.135.69.69,82.135.88.150,82.139.23.190,82.139.71.187,82.140.153.153,82.144.14.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (151)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510300; rev:1830; fwsam: src, 24 hours;)
alert udp [82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.226.5,82.125.219.159,82.128.245.136,82.128.252.129,82.128.253.201,82.130.177.254,82.131.192.212,82.131.228.37,82.131.239.112,82.131.247.42,82.135.69.69,82.135.88.150,82.139.23.190,82.139.71.187,82.140.153.153,82.144.14.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (151)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510301; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.144.175.208,82.144.198.16,82.144.203.130,82.146.44.21,82.148.187.197,82.148.29.250,82.148.31.212,82.149.246.8,82.151.114.175,82.151.131.72,82.152.44.50,82.155.0.78,82.155.51.55,82.159.2.142,82.160.33.8,82.160.49.56,82.177.18.212,82.186.102.36,82.192.88.109,82.192.88.28,82.193.234.212,82.193.73.3,82.197.130.134,82.197.131.95,82.198.126.7,82.199.71.6,82.200.130.235,82.200.28.14,82.204.219.221,82.207.109.17] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (152)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510302; rev:1830; fwsam: src, 24 hours;)
alert udp [82.144.175.208,82.144.198.16,82.144.203.130,82.146.44.21,82.148.187.197,82.148.29.250,82.148.31.212,82.149.246.8,82.151.114.175,82.151.131.72,82.152.44.50,82.155.0.78,82.155.51.55,82.159.2.142,82.160.33.8,82.160.49.56,82.177.18.212,82.186.102.36,82.192.88.109,82.192.88.28,82.193.234.212,82.193.73.3,82.197.130.134,82.197.131.95,82.198.126.7,82.199.71.6,82.200.130.235,82.200.28.14,82.204.219.221,82.207.109.17] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (152)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510303; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.207.110.102,82.207.110.237,82.207.116.33,82.207.117.39,82.207.123.138,82.207.125.7,82.207.238.78,82.207.87.177,82.207.94.231,82.210.130.234,82.224.119.156,82.224.245.110,82.224.34.103,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.150.242,82.228.44.201,82.229.122.192,82.230.149.95,82.230.207.7,82.231.151.134,82.231.75.20,82.232.13.212,82.232.183.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (153)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510304; rev:1830; fwsam: src, 24 hours;)
alert udp [82.207.110.102,82.207.110.237,82.207.116.33,82.207.117.39,82.207.123.138,82.207.125.7,82.207.238.78,82.207.87.177,82.207.94.231,82.210.130.234,82.224.119.156,82.224.245.110,82.224.34.103,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.150.242,82.228.44.201,82.229.122.192,82.230.149.95,82.230.207.7,82.231.151.134,82.231.75.20,82.232.13.212,82.232.183.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (153)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510305; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.70.102,82.234.161.15,82.234.79.36,82.235.119.25,82.235.127.164,82.235.73.97,82.236.11.160,82.237.17.189,82.237.170.208,82.237.28.34,82.237.48.196,82.238.210.201,82.238.226.103,82.238.37.41,82.239.116.169,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.244.221.227,82.244.231.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (154)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510306; rev:1830; fwsam: src, 24 hours;)
alert udp [82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.70.102,82.234.161.15,82.234.79.36,82.235.119.25,82.235.127.164,82.235.73.97,82.236.11.160,82.237.17.189,82.237.170.208,82.237.28.34,82.237.48.196,82.238.210.201,82.238.226.103,82.238.37.41,82.239.116.169,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.244.221.227,82.244.231.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (154)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510307; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.244.58.88,82.245.156.195,82.245.173.106,82.245.217.48,82.245.237.84,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.195.164,82.248.211.212,82.248.212.123,82.249.43.30,82.249.6.17,82.249.85.154,82.250.121.126,82.250.160.218,82.251.124.13,82.251.125.61,82.251.150.210,82.251.232.13,82.251.249.60,82.252.142.95,82.252.156.220,82.254.248.225,82.255.113.164,82.27.42.96,82.41.214.103,82.49.189.156,82.51.145.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (155)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510308; rev:1830; fwsam: src, 24 hours;)
alert udp [82.244.58.88,82.245.156.195,82.245.173.106,82.245.217.48,82.245.237.84,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.195.164,82.248.211.212,82.248.212.123,82.249.43.30,82.249.6.17,82.249.85.154,82.250.121.126,82.250.160.218,82.251.124.13,82.251.125.61,82.251.150.210,82.251.232.13,82.251.249.60,82.252.142.95,82.252.156.220,82.254.248.225,82.255.113.164,82.27.42.96,82.41.214.103,82.49.189.156,82.51.145.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (155)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510309; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.51.158.50,82.56.111.33,82.56.27.215,82.57.29.206,82.59.143.248,82.60.38.193,82.60.67.225,82.61.124.102,82.64.113.212,82.64.185.164,82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.67.11.198,82.72.151.113,82.76.12.197,82.77.192.214,82.78.195.122,82.78.200.25,82.79.101.237,82.82.135.179,82.82.224.124,82.82.225.108,82.83.248.238] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (156)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510310; rev:1830; fwsam: src, 24 hours;)
alert udp [82.51.158.50,82.56.111.33,82.56.27.215,82.57.29.206,82.59.143.248,82.60.38.193,82.60.67.225,82.61.124.102,82.64.113.212,82.64.185.164,82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.67.11.198,82.72.151.113,82.76.12.197,82.77.192.214,82.78.195.122,82.78.200.25,82.79.101.237,82.82.135.179,82.82.224.124,82.82.225.108,82.83.248.238] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (156)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510311; rev:1830; fwsam: src, 24 hours;)
alert tcp [82.83.91.13,82.85.101.13,82.95.208.210,83.10.105.219,83.103.127.243,83.11.230.198,83.11.50.149,83.11.50.81,83.115.34.63,83.12.105.91,83.12.175.154,83.128.30.51,83.128.9.82,83.13.59.74,83.132.188.66,83.133.122.159,83.133.122.179,83.135.140.37,83.138.147.132,83.138.233.9,83.138.241.248,83.142.124.135,83.142.230.144,83.142.61.165,83.145.155.250,83.149.210.33,83.15.119.194,83.150.98.147,83.17.223.82,83.170.101.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (157)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510312; rev:1830; fwsam: src, 24 hours;)
alert udp [82.83.91.13,82.85.101.13,82.95.208.210,83.10.105.219,83.103.127.243,83.11.230.198,83.11.50.149,83.11.50.81,83.115.34.63,83.12.105.91,83.12.175.154,83.128.30.51,83.128.9.82,83.13.59.74,83.132.188.66,83.133.122.159,83.133.122.179,83.135.140.37,83.138.147.132,83.138.233.9,83.138.241.248,83.142.124.135,83.142.230.144,83.142.61.165,83.145.155.250,83.149.210.33,83.15.119.194,83.150.98.147,83.17.223.82,83.170.101.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (157)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510313; rev:1830; fwsam: src, 24 hours;)
alert tcp [83.170.112.189,83.170.112.213,83.170.112.218,83.170.69.130,83.172.144.47,83.173.152.143,83.174.196.45,83.175.213.102,83.185.129.26,83.20.139.21,83.20.42.91,83.21.80.252,83.211.93.240,83.221.138.234,83.222.20.42,83.223.116.187,83.226.170.132,83.226.30.53,83.228.121.218,83.228.45.7,83.228.6.129,83.230.36.57,83.233.149.162,83.238.0.12,83.24.250.233,83.240.108.81,83.240.163.234,83.240.91.33,83.242.181.195,83.242.228.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (158)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510314; rev:1830; fwsam: src, 24 hours;)
alert udp [83.170.112.189,83.170.112.213,83.170.112.218,83.170.69.130,83.172.144.47,83.173.152.143,83.174.196.45,83.175.213.102,83.185.129.26,83.20.139.21,83.20.42.91,83.21.80.252,83.211.93.240,83.221.138.234,83.222.20.42,83.223.116.187,83.226.170.132,83.226.30.53,83.228.121.218,83.228.45.7,83.228.6.129,83.230.36.57,83.233.149.162,83.238.0.12,83.24.250.233,83.240.108.81,83.240.163.234,83.240.91.33,83.242.181.195,83.242.228.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (158)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510315; rev:1830; fwsam: src, 24 hours;)
alert tcp [83.254.73.245,83.27.177.29,83.29.139.49,83.29.155.144,83.29.206.10,83.29.239.140,83.29.85.57,83.3.86.194,83.30.179.231,83.30.191.72,83.30.224.174,83.30.227.211,83.30.94.32,83.36.199.183,83.4.236.88,83.5.78.173,83.56.128.121,83.6.69.176,83.64.251.99,83.68.77.206,83.8.227.41,83.80.130.188,83.80.194.231,83.82.190.113,83.82.47.196,83.91.33.62,83.91.6.172,83.98.128.109,84.0.242.192,84.1.175.45] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (159)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510316; rev:1830; fwsam: src, 24 hours;)
alert udp [83.254.73.245,83.27.177.29,83.29.139.49,83.29.155.144,83.29.206.10,83.29.239.140,83.29.85.57,83.3.86.194,83.30.179.231,83.30.191.72,83.30.224.174,83.30.227.211,83.30.94.32,83.36.199.183,83.4.236.88,83.5.78.173,83.56.128.121,83.6.69.176,83.64.251.99,83.68.77.206,83.8.227.41,83.80.130.188,83.80.194.231,83.82.190.113,83.82.47.196,83.91.33.62,83.91.6.172,83.98.128.109,84.0.242.192,84.1.175.45] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (159)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510317; rev:1830; fwsam: src, 24 hours;)
alert tcp [84.100.133.167,84.105.227.121,84.108.150.174,84.112.38.88,84.12.55.211,84.121.223.169,84.123.250.194,84.124.101.200,84.126.162.19,84.127.139.73,84.158.68.249,84.17.14.134,84.18.131.78,84.19.161.108,84.19.188.22,84.2.171.33,84.2.207.137,84.2.207.208,84.201.214.38,84.204.202.23,84.217.246.208,84.224.120.197,84.224.121.106,84.224.6.186,84.228.255.28,84.23.37.45,84.235.124.106,84.252.216.14,84.253.134.114,84.3.193.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (160)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510318; rev:1830; fwsam: src, 24 hours;)
alert udp [84.100.133.167,84.105.227.121,84.108.150.174,84.112.38.88,84.12.55.211,84.121.223.169,84.123.250.194,84.124.101.200,84.126.162.19,84.127.139.73,84.158.68.249,84.17.14.134,84.18.131.78,84.19.161.108,84.19.188.22,84.2.171.33,84.2.207.137,84.2.207.208,84.201.214.38,84.204.202.23,84.217.246.208,84.224.120.197,84.224.121.106,84.224.6.186,84.228.255.28,84.23.37.45,84.235.124.106,84.252.216.14,84.253.134.114,84.3.193.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (160)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510319; rev:1830; fwsam: src, 24 hours;)
alert tcp [84.3.195.1,84.3.90.65,84.36.167.28,84.38.140.224,84.39.74.139,84.58.105.64,84.72.19.197,84.73.155.100,84.73.225.192,84.90.139.188,84.90.194.17,84.91.225.63,85.10.193.21,85.10.206.114,85.10.206.241,85.100.166.119,85.101.145.72,85.101.152.59,85.102.254.217,85.102.65.27,85.105.125.103,85.105.205.167,85.106.211.183,85.106.245.70,85.106.247.110,85.107.128.145,85.107.216.161,85.107.86.199,85.108.189.135,85.11.156.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (161)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510320; rev:1830; fwsam: src, 24 hours;)
alert udp [84.3.195.1,84.3.90.65,84.36.167.28,84.38.140.224,84.39.74.139,84.58.105.64,84.72.19.197,84.73.155.100,84.73.225.192,84.90.139.188,84.90.194.17,84.91.225.63,85.10.193.21,85.10.206.114,85.10.206.241,85.100.166.119,85.101.145.72,85.101.152.59,85.102.254.217,85.102.65.27,85.105.125.103,85.105.205.167,85.106.211.183,85.106.245.70,85.106.247.110,85.107.128.145,85.107.216.161,85.107.86.199,85.108.189.135,85.11.156.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (161)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510321; rev:1830; fwsam: src, 24 hours;)
alert tcp [85.112.126.15,85.114.130.132,85.114.141.32,85.117.131.136,85.118.141.86,85.12.24.16,85.12.24.17,85.12.25.109,85.12.46.22,85.12.46.7,85.125.222.47,85.126.211.118,85.132.24.82,85.132.35.155,85.137.231.239,85.138.207.226,85.138.70.173,85.138.8.54,85.139.164.186,85.142.19.131,85.17.145.213,85.17.159.22,85.17.159.221,85.17.162.241,85.17.237.5,85.17.90.214,85.175.195.9,85.175.73.106,85.179.30.207,85.18.227.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (162)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510322; rev:1830; fwsam: src, 24 hours;)
alert udp [85.112.126.15,85.114.130.132,85.114.141.32,85.117.131.136,85.118.141.86,85.12.24.16,85.12.24.17,85.12.25.109,85.12.46.22,85.12.46.7,85.125.222.47,85.126.211.118,85.132.24.82,85.132.35.155,85.137.231.239,85.138.207.226,85.138.70.173,85.138.8.54,85.139.164.186,85.142.19.131,85.17.145.213,85.17.159.22,85.17.159.221,85.17.162.241,85.17.237.5,85.17.90.214,85.175.195.9,85.175.73.106,85.179.30.207,85.18.227.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (162)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510323; rev:1830; fwsam: src, 24 hours;)
alert tcp [85.18.54.23,85.182.72.139,85.198.235.205,85.198.4.176,85.21.83.170,85.210.2.66,85.216.209.56,85.218.191.168,85.218.49.69,85.22.65.18,85.222.107.119,85.223.148.46,85.223.195.246,85.224.207.157,85.226.66.122,85.228.251.131,85.232.224.157,85.234.150.104,85.235.184.230,85.235.186.110,85.237.30.160,85.238.206.182,85.24.161.44,85.24.165.206,85.24.216.233,85.24.237.27,85.24.72.75,85.240.26.145,85.242.37.78,85.249.232.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (163)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510324; rev:1830; fwsam: src, 24 hours;)
alert udp [85.18.54.23,85.182.72.139,85.198.235.205,85.198.4.176,85.21.83.170,85.210.2.66,85.216.209.56,85.218.191.168,85.218.49.69,85.22.65.18,85.222.107.119,85.223.148.46,85.223.195.246,85.224.207.157,85.226.66.122,85.228.251.131,85.232.224.157,85.234.150.104,85.235.184.230,85.235.186.110,85.237.30.160,85.238.206.182,85.24.161.44,85.24.165.206,85.24.216.233,85.24.237.27,85.24.72.75,85.240.26.145,85.242.37.78,85.249.232.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (163)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510325; rev:1830; fwsam: src, 24 hours;)
alert tcp [85.255.197.221,85.26.118.67,85.27.119.17,85.31.186.238,85.35.216.34,85.37.38.194,85.37.38.220,85.42.129.2,85.44.33.100,85.54.246.13,85.62.95.198,85.64.101.184,85.85.93.16,85.86.249.179,85.87.137.49,85.87.247.246,85.87.27.200,85.88.54.46,86.105.93.130,86.109.170.40,86.122.122.81,86.124.25.39,86.124.88.70,86.133.78.57,86.168.14.36,86.20.198.55,86.219.211.205,86.34.201.30,86.46.124.65,86.46.126.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (164)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510326; rev:1830; fwsam: src, 24 hours;)
alert udp [85.255.197.221,85.26.118.67,85.27.119.17,85.31.186.238,85.35.216.34,85.37.38.194,85.37.38.220,85.42.129.2,85.44.33.100,85.54.246.13,85.62.95.198,85.64.101.184,85.85.93.16,85.86.249.179,85.87.137.49,85.87.247.246,85.87.27.200,85.88.54.46,86.105.93.130,86.109.170.40,86.122.122.81,86.124.25.39,86.124.88.70,86.133.78.57,86.168.14.36,86.20.198.55,86.219.211.205,86.34.201.30,86.46.124.65,86.46.126.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (164)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510327; rev:1830; fwsam: src, 24 hours;)
alert tcp [86.48.54.15,86.52.44.140,86.52.48.6,86.64.222.3,86.65.44.27,86.99.151.29,87.0.224.240,87.1.193.102,87.101.232.106,87.101.50.7,87.101.50.8,87.101.51.198,87.106.132.112,87.106.162.184,87.106.21.47,87.106.220.128,87.106.251.169,87.107.20.5,87.107.20.8,87.11.74.166,87.110.27.215,87.116.211.125,87.116.228.1,87.116.244.42,87.118.114.82,87.120.99.3,87.16.156.167,87.163.205.161,87.17.223.7,87.197.97.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (165)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510328; rev:1830; fwsam: src, 24 hours;)
alert udp [86.48.54.15,86.52.44.140,86.52.48.6,86.64.222.3,86.65.44.27,86.99.151.29,87.0.224.240,87.1.193.102,87.101.232.106,87.101.50.7,87.101.50.8,87.101.51.198,87.106.132.112,87.106.162.184,87.106.21.47,87.106.220.128,87.106.251.169,87.107.20.5,87.107.20.8,87.11.74.166,87.110.27.215,87.116.211.125,87.116.228.1,87.116.244.42,87.118.114.82,87.120.99.3,87.16.156.167,87.163.205.161,87.17.223.7,87.197.97.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (165)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510329; rev:1830; fwsam: src, 24 hours;)
alert tcp [87.2.117.218,87.203.235.125,87.205.224.142,87.207.203.21,87.210.41.171,87.226.112.94,87.228.81.107,87.230.7.88,87.230.82.62,87.236.232.18,87.239.77.84,87.241.105.216,87.242.115.161,87.242.7.119,87.244.12.112,87.247.19.254,87.248.231.144,87.249.47.141,87.25.2.46,87.251.177.92,87.253.193.74,87.253.199.129,87.255.234.69,87.28.25.77,87.3.244.163,87.5.220.171,87.56.181.14,87.58.226.144,87.6.124.230,87.6.225.244] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (166)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510330; rev:1830; fwsam: src, 24 hours;)
alert udp [87.2.117.218,87.203.235.125,87.205.224.142,87.207.203.21,87.210.41.171,87.226.112.94,87.228.81.107,87.230.7.88,87.230.82.62,87.236.232.18,87.239.77.84,87.241.105.216,87.242.115.161,87.242.7.119,87.244.12.112,87.247.19.254,87.248.231.144,87.249.47.141,87.25.2.46,87.251.177.92,87.253.193.74,87.253.199.129,87.255.234.69,87.28.25.77,87.3.244.163,87.5.220.171,87.56.181.14,87.58.226.144,87.6.124.230,87.6.225.244] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (166)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510331; rev:1830; fwsam: src, 24 hours;)
alert tcp [87.63.36.152,87.67.191.132,87.69.12.66,87.8.71.153,87.83.220.130,87.96.131.207,87.97.110.201,87.97.111.170,87.97.46.3,87.98.253.89,88.0.66.182,88.100.25.101,88.107.10.169,88.109.62.222,88.115.71.165,88.117.234.162,88.134.254.37,88.146.119.130,88.149.219.2,88.156.69.141,88.156.77.232,88.161.90.81,88.164.103.197,88.165.132.71,88.169.54.108,88.182.218.59,88.191.101.42,88.191.108.151,88.191.17.209,88.191.224.232] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (167)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510332; rev:1830; fwsam: src, 24 hours;)
alert udp [87.63.36.152,87.67.191.132,87.69.12.66,87.8.71.153,87.83.220.130,87.96.131.207,87.97.110.201,87.97.111.170,87.97.46.3,87.98.253.89,88.0.66.182,88.100.25.101,88.107.10.169,88.109.62.222,88.115.71.165,88.117.234.162,88.134.254.37,88.146.119.130,88.149.219.2,88.156.69.141,88.156.77.232,88.161.90.81,88.164.103.197,88.165.132.71,88.169.54.108,88.182.218.59,88.191.101.42,88.191.108.151,88.191.17.209,88.191.224.232] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (167)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510333; rev:1830; fwsam: src, 24 hours;)
alert tcp [88.191.24.118,88.191.40.235,88.191.40.57,88.191.47.92,88.191.62.131,88.191.62.92,88.191.64.165,88.191.66.168,88.191.78.101,88.191.80.22,88.191.90.238,88.191.98.78,88.198.31.168,88.2.241.160,88.203.41.145,88.204.112.96,88.204.255.181,88.207.69.64,88.208.216.147,88.208.229.204,88.208.232.46,88.209.84.147,88.212.11.112,88.214.193.155,88.214.241.62,88.216.136.50,88.224.86.161,88.224.95.44,88.228.252.205,88.232.100.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (168)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510334; rev:1830; fwsam: src, 24 hours;)
alert udp [88.191.24.118,88.191.40.235,88.191.40.57,88.191.47.92,88.191.62.131,88.191.62.92,88.191.64.165,88.191.66.168,88.191.78.101,88.191.80.22,88.191.90.238,88.191.98.78,88.198.31.168,88.2.241.160,88.203.41.145,88.204.112.96,88.204.255.181,88.207.69.64,88.208.216.147,88.208.229.204,88.208.232.46,88.209.84.147,88.212.11.112,88.214.193.155,88.214.241.62,88.216.136.50,88.224.86.161,88.224.95.44,88.228.252.205,88.232.100.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (168)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510335; rev:1830; fwsam: src, 24 hours;)
alert tcp [88.233.160.248,88.234.134.22,88.235.171.5,88.236.191.11,88.240.165.59,88.240.178.79,88.242.164.227,88.244.185.242,88.251.138.78,88.253.21.141,88.255.156.106,88.255.225.103,88.255.239.62,88.255.29.240,88.255.29.242,88.26.132.22,88.49.255.210,88.61.120.135,88.69.182.109,88.77.183.84,88.80.0.102,88.81.225.22,88.81.236.74,88.84.141.196,88.85.125.36,88.86.103.249,88.88.195.233,89.105.143.36,89.105.199.75,89.106.25.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (169)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510336; rev:1830; fwsam: src, 24 hours;)
alert udp [88.233.160.248,88.234.134.22,88.235.171.5,88.236.191.11,88.240.165.59,88.240.178.79,88.242.164.227,88.244.185.242,88.251.138.78,88.253.21.141,88.255.156.106,88.255.225.103,88.255.239.62,88.255.29.240,88.255.29.242,88.26.132.22,88.49.255.210,88.61.120.135,88.69.182.109,88.77.183.84,88.80.0.102,88.81.225.22,88.81.236.74,88.84.141.196,88.85.125.36,88.86.103.249,88.88.195.233,89.105.143.36,89.105.199.75,89.106.25.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (169)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510337; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.107.224.82,89.108.124.26,89.111.176.232,89.111.177.113,89.113.247.109,89.113.251.81,89.113.253.77,89.116.50.113,89.117.4.29,89.119.117.110,89.120.99.187,89.121.193.114,89.121.248.205,89.132.100.112,89.132.224.188,89.133.135.25,89.134.7.209,89.135.77.59,89.136.12.227,89.138.4.202,89.139.96.93,89.142.69.173,89.142.95.56,89.145.103.44,89.147.84.239,89.148.79.70,89.149.209.68,89.149.217.28,89.149.217.98,89.149.242.113] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (170)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510338; rev:1830; fwsam: src, 24 hours;)
alert udp [89.107.224.82,89.108.124.26,89.111.176.232,89.111.177.113,89.113.247.109,89.113.251.81,89.113.253.77,89.116.50.113,89.117.4.29,89.119.117.110,89.120.99.187,89.121.193.114,89.121.248.205,89.132.100.112,89.132.224.188,89.133.135.25,89.134.7.209,89.135.77.59,89.136.12.227,89.138.4.202,89.139.96.93,89.142.69.173,89.142.95.56,89.145.103.44,89.147.84.239,89.148.79.70,89.149.209.68,89.149.217.28,89.149.217.98,89.149.242.113] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (170)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510339; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.149.242.191,89.149.242.198,89.149.242.25,89.149.244.54,89.150.203.80,89.151.173.75,89.152.176.32,89.156.214.148,89.16.161.112,89.160.63.232,89.165.13.203,89.165.14.230,89.165.40.10,89.166.186.184,89.167.84.169,89.168.176.133,89.169.103.223,89.169.137.216,89.169.147.159,89.169.149.199,89.17.210.212,89.171.143.147,89.171.255.38,89.174.119.240,89.174.182.94,89.175.163.214,89.178.101.253,89.178.12.185,89.178.14.204,89.178.236.223] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (171)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510340; rev:1830; fwsam: src, 24 hours;)
alert udp [89.149.242.191,89.149.242.198,89.149.242.25,89.149.244.54,89.150.203.80,89.151.173.75,89.152.176.32,89.156.214.148,89.16.161.112,89.160.63.232,89.165.13.203,89.165.14.230,89.165.40.10,89.166.186.184,89.167.84.169,89.168.176.133,89.169.103.223,89.169.137.216,89.169.147.159,89.169.149.199,89.17.210.212,89.171.143.147,89.171.255.38,89.174.119.240,89.174.182.94,89.175.163.214,89.178.101.253,89.178.12.185,89.178.14.204,89.178.236.223] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (171)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510341; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.178.27.43,89.179.146.59,89.179.174.213,89.179.245.23,89.179.247.158,89.179.56.88,89.18.16.68,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.184.65.120,89.185.193.116,89.185.210.155,89.185.231.119,89.185.232.152,89.185.3.101,89.186.100.227,89.186.237.75,89.187.37.30,89.187.41.6,89.188.107.54,89.19.8.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (172)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510342; rev:1830; fwsam: src, 24 hours;)
alert udp [89.178.27.43,89.179.146.59,89.179.174.213,89.179.245.23,89.179.247.158,89.179.56.88,89.18.16.68,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.184.65.120,89.185.193.116,89.185.210.155,89.185.231.119,89.185.232.152,89.185.3.101,89.186.100.227,89.186.237.75,89.187.37.30,89.187.41.6,89.188.107.54,89.19.8.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (172)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510343; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.200.234.218,89.200.234.50,89.201.210.64,89.203.180.80,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.254,89.208.153.2,89.208.32.200,89.209.65.157,89.209.9.8,89.210.180.128,89.211.193.75,89.211.49.5,89.214.76.185,89.214.88.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (173)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510344; rev:1830; fwsam: src, 24 hours;)
alert udp [89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.200.234.218,89.200.234.50,89.201.210.64,89.203.180.80,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.254,89.208.153.2,89.208.32.200,89.209.65.157,89.209.9.8,89.210.180.128,89.211.193.75,89.211.49.5,89.214.76.185,89.214.88.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (173)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510345; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.214.99.96,89.215.105.86,89.216.66.206,89.216.66.94,89.216.72.25,89.218.39.7,89.223.97.2,89.228.151.103,89.228.229.33,89.229.198.123,89.230.136.53,89.230.142.3,89.230.144.53,89.230.148.154,89.230.55.48,89.231.53.175,89.234.192.194,89.235.161.242,89.235.234.161,89.235.235.98,89.235.249.215,89.235.251.109,89.235.253.130,89.236.165.127,89.238.137.227,89.238.172.74,89.239.78.232,89.240.38.7,89.244.233.46,89.245.58.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (174)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510346; rev:1830; fwsam: src, 24 hours;)
alert udp [89.214.99.96,89.215.105.86,89.216.66.206,89.216.66.94,89.216.72.25,89.218.39.7,89.223.97.2,89.228.151.103,89.228.229.33,89.229.198.123,89.230.136.53,89.230.142.3,89.230.144.53,89.230.148.154,89.230.55.48,89.231.53.175,89.234.192.194,89.235.161.242,89.235.234.161,89.235.235.98,89.235.249.215,89.235.251.109,89.235.253.130,89.236.165.127,89.238.137.227,89.238.172.74,89.239.78.232,89.240.38.7,89.244.233.46,89.245.58.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (174)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510347; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.245.84.130,89.246.129.162,89.246.178.22,89.246.199.43,89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78,89.247.40.22,89.247.57.254,89.248.102.32,89.248.174.30,89.248.82.93,89.248.86.114,89.249.250.116,89.251.184.35,89.252.145.33,89.253.155.27,89.253.66.162,89.28.17.137,89.28.205.122,89.28.205.130,89.28.41.51,89.28.42.98,89.29.100.234,89.29.116.98,89.31.81.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (175)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510348; rev:1830; fwsam: src, 24 hours;)
alert udp [89.245.84.130,89.246.129.162,89.246.178.22,89.246.199.43,89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78,89.247.40.22,89.247.57.254,89.248.102.32,89.248.174.30,89.248.82.93,89.248.86.114,89.249.250.116,89.251.184.35,89.252.145.33,89.253.155.27,89.253.66.162,89.28.17.137,89.28.205.122,89.28.205.130,89.28.41.51,89.28.42.98,89.29.100.234,89.29.116.98,89.31.81.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (175)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510349; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.31.94.9,89.32.190.117,89.32.94.94,89.33.140.53,89.33.197.29,89.33.198.126,89.34.220.131,89.35.137.58,89.35.139.242,89.35.181.28,89.36.206.81,89.36.86.188,89.37.121.242,89.37.45.230,89.42.143.249,89.42.180.137,89.42.182.64,89.42.50.43,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.3.45,89.46.122.20,89.46.198.193,89.46.98.131,89.47.162.121,89.47.214.127,89.76.146.126,89.76.246.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (176)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510350; rev:1830; fwsam: src, 24 hours;)
alert udp [89.31.94.9,89.32.190.117,89.32.94.94,89.33.140.53,89.33.197.29,89.33.198.126,89.34.220.131,89.35.137.58,89.35.139.242,89.35.181.28,89.36.206.81,89.36.86.188,89.37.121.242,89.37.45.230,89.42.143.249,89.42.180.137,89.42.182.64,89.42.50.43,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.3.45,89.46.122.20,89.46.198.193,89.46.98.131,89.47.162.121,89.47.214.127,89.76.146.126,89.76.246.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (176)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510351; rev:1830; fwsam: src, 24 hours;)
alert tcp [89.78.229.243,89.97.198.3,89.97.241.4,90.183.101.182,90.186.58.207,90.191.231.113,90.220.11.19,90.225.91.233,90.229.131.117,90.229.133.72,90.230.150.138,90.237.188.242,91.0.246.6,91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.103.153.18,91.11.67.146,91.113.24.23,91.113.26.222,91.113.75.79,91.115.111.242,91.12.54.167,91.12.70.189,91.12.84.193,91.121.121.6,91.121.147.142,91.121.221.90,91.121.221.94] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (177)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510352; rev:1830; fwsam: src, 24 hours;)
alert udp [89.78.229.243,89.97.198.3,89.97.241.4,90.183.101.182,90.186.58.207,90.191.231.113,90.220.11.19,90.225.91.233,90.229.131.117,90.229.133.72,90.230.150.138,90.237.188.242,91.0.246.6,91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.103.153.18,91.11.67.146,91.113.24.23,91.113.26.222,91.113.75.79,91.115.111.242,91.12.54.167,91.12.70.189,91.12.84.193,91.121.121.6,91.121.147.142,91.121.221.90,91.121.221.94] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (177)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510353; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.121.237.81,91.121.24.139,91.121.55.177,91.121.7.26,91.121.75.81,91.121.81.192,91.121.97.186,91.123.211.83,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98,91.138.22.82,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (178)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510354; rev:1830; fwsam: src, 24 hours;)
alert udp [91.121.237.81,91.121.24.139,91.121.55.177,91.121.7.26,91.121.75.81,91.121.81.192,91.121.97.186,91.123.211.83,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98,91.138.22.82,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (178)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510355; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.143.222.122,91.144.92.171,91.144.96.197,91.145.5.73,91.146.161.20,91.148.191.34,91.148.91.50,91.149.109.215,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203,91.150.137.234,91.152.138.220,91.152.222.73,91.152.88.187,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84,91.154.239.93,91.154.244.162,91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (179)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510356; rev:1830; fwsam: src, 24 hours;)
alert udp [91.143.222.122,91.144.92.171,91.144.96.197,91.145.5.73,91.146.161.20,91.148.191.34,91.148.91.50,91.149.109.215,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203,91.150.137.234,91.152.138.220,91.152.222.73,91.152.88.187,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84,91.154.239.93,91.154.244.162,91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (179)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510357; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.164.33.251,91.178.227.135,91.188.122.89,91.188.124.144,91.189.129.38,91.19.59.86,91.191.174.43,91.191.20.122,91.191.54.125,91.192.170.230,91.192.79.139,91.194.177.211,91.194.84.160,91.195.90.8,91.195.98.36,91.196.115.52,91.196.159.89,91.196.252.235,91.196.46.179,91.196.98.22,91.199.106.5,91.199.50.247,91.2.179.21,91.200.164.10,91.200.164.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (180)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510358; rev:1830; fwsam: src, 24 hours;)
alert udp [91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.164.33.251,91.178.227.135,91.188.122.89,91.188.124.144,91.189.129.38,91.19.59.86,91.191.174.43,91.191.20.122,91.191.54.125,91.192.170.230,91.192.79.139,91.194.177.211,91.194.84.160,91.195.90.8,91.195.98.36,91.196.115.52,91.196.159.89,91.196.252.235,91.196.46.179,91.196.98.22,91.199.106.5,91.199.50.247,91.2.179.21,91.200.164.10,91.200.164.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (180)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510359; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.200.164.26,91.200.164.28,91.200.164.29,91.200.164.44,91.200.48.180,91.201.132.12,91.201.196.100,91.201.196.101,91.201.196.102,91.201.196.106,91.201.196.107,91.201.196.2,91.201.196.34,91.201.196.35,91.201.196.37,91.201.196.38,91.201.196.75,91.201.196.76,91.201.196.77,91.201.196.98,91.201.196.99,91.201.28.3,91.201.28.35,91.201.28.37,91.201.28.43,91.202.161.134,91.203.216.57,91.204.240.13,91.205.74.41,91.206.201.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (181)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510360; rev:1830; fwsam: src, 24 hours;)
alert udp [91.200.164.26,91.200.164.28,91.200.164.29,91.200.164.44,91.200.48.180,91.201.132.12,91.201.196.100,91.201.196.101,91.201.196.102,91.201.196.106,91.201.196.107,91.201.196.2,91.201.196.34,91.201.196.35,91.201.196.37,91.201.196.38,91.201.196.75,91.201.196.76,91.201.196.77,91.201.196.98,91.201.196.99,91.201.28.3,91.201.28.35,91.201.28.37,91.201.28.43,91.202.161.134,91.203.216.57,91.204.240.13,91.205.74.41,91.206.201.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (181)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510361; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.206.201.223,91.206.201.224,91.206.201.225,91.206.201.7,91.207.102.26,91.207.103.32,91.207.192.72,91.207.230.32,91.207.99.20,91.209.59.22,91.209.90.203,91.21.80.93,91.210.166.134,91.210.227.69,91.210.227.71,91.211.117.120,91.211.19.68,91.211.245.63,91.211.8.214,91.212.132.76,91.212.198.173,91.212.220.105,91.212.220.118,91.212.220.25,91.212.220.30,91.212.220.31,91.212.220.35,91.212.220.60,91.212.220.63,91.212.220.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (182)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510362; rev:1830; fwsam: src, 24 hours;)
alert udp [91.206.201.223,91.206.201.224,91.206.201.225,91.206.201.7,91.207.102.26,91.207.103.32,91.207.192.72,91.207.230.32,91.207.99.20,91.209.59.22,91.209.90.203,91.21.80.93,91.210.166.134,91.210.227.69,91.210.227.71,91.211.117.120,91.211.19.68,91.211.245.63,91.211.8.214,91.212.132.76,91.212.198.173,91.212.220.105,91.212.220.118,91.212.220.25,91.212.220.30,91.212.220.31,91.212.220.35,91.212.220.60,91.212.220.63,91.212.220.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (182)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510363; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.212.41.14,91.212.41.40,91.212.41.60,91.212.41.88,91.212.41.89,91.213.117.195,91.213.121.92,91.213.121.93,91.213.126.111,91.213.149.51,91.213.29.15,91.214.245.18,91.214.44.165,91.215.243.162,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136,91.3.110.104,91.33.236.34,91.33.77.248,91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (183)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510364; rev:1830; fwsam: src, 24 hours;)
alert udp [91.212.41.14,91.212.41.40,91.212.41.60,91.212.41.88,91.212.41.89,91.213.117.195,91.213.121.92,91.213.121.93,91.213.126.111,91.213.149.51,91.213.29.15,91.214.245.18,91.214.44.165,91.215.243.162,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136,91.3.110.104,91.33.236.34,91.33.77.248,91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (183)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510365; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202,91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254,91.39.157.201,91.39.165.96,91.39.166.90,91.39.176.70,91.39.19.100,91.39.252.142,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (184)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510366; rev:1830; fwsam: src, 24 hours;)
alert udp [91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202,91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254,91.39.157.201,91.39.165.96,91.39.166.90,91.39.176.70,91.39.19.100,91.39.252.142,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (184)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510367; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246,91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186,91.62.127.134,91.62.80.76,91.62.84.139,91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.82.54.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (185)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510368; rev:1830; fwsam: src, 24 hours;)
alert udp [91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246,91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186,91.62.127.134,91.62.80.76,91.62.84.139,91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.82.54.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (185)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510369; rev:1830; fwsam: src, 24 hours;)
alert tcp [91.82.87.194,91.83.14.177,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.89.240.193,91.9.189.147,91.9.190.121,91.9.201.200,91.9.228.204,91.91.206.40,91.91.206.77,91.93.122.83,91.95.222.47,91.96.162.98,92.100.122.106,92.100.197.137,92.115.218.172,92.12.223.65,92.136.212.85,92.198.14.227,92.224.16.155,92.239.25.103,92.240.117.30,92.240.68.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (186)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510370; rev:1830; fwsam: src, 24 hours;)
alert udp [91.82.87.194,91.83.14.177,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.89.240.193,91.9.189.147,91.9.190.121,91.9.201.200,91.9.228.204,91.91.206.40,91.91.206.77,91.93.122.83,91.95.222.47,91.96.162.98,92.100.122.106,92.100.197.137,92.115.218.172,92.12.223.65,92.136.212.85,92.198.14.227,92.224.16.155,92.239.25.103,92.240.117.30,92.240.68.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (186)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510371; rev:1830; fwsam: src, 24 hours;)
alert tcp [92.241.162.48,92.241.168.207,92.241.168.217,92.241.96.246,92.243.16.201,92.243.28.51,92.243.4.85,92.245.64.181,92.246.66.34,92.249.131.115,92.249.185.193,92.249.228.223,92.254.231.25,92.255.208.19,92.3.130.94,92.32.98.31,92.36.252.29,92.42.37.11,92.43.17.10,92.45.21.118,92.45.45.6,92.46.14.208,92.48.77.12,92.48.78.183,92.48.80.159,92.53.106.14,92.60.176.41,92.60.177.230,92.60.177.238,92.61.149.248] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (187)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510372; rev:1830; fwsam: src, 24 hours;)
alert udp [92.241.162.48,92.241.168.207,92.241.168.217,92.241.96.246,92.243.16.201,92.243.28.51,92.243.4.85,92.245.64.181,92.246.66.34,92.249.131.115,92.249.185.193,92.249.228.223,92.254.231.25,92.255.208.19,92.3.130.94,92.32.98.31,92.36.252.29,92.42.37.11,92.43.17.10,92.45.21.118,92.45.45.6,92.46.14.208,92.48.77.12,92.48.78.183,92.48.80.159,92.53.106.14,92.60.176.41,92.60.177.230,92.60.177.238,92.61.149.248] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (187)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510373; rev:1830; fwsam: src, 24 hours;)
alert tcp [92.64.115.148,92.79.131.141,92.81.172.26,92.81.21.54,92.81.83.29,93.102.87.150,93.103.166.45,93.103.232.126,93.105.219.198,93.116.95.221,93.116.95.248,93.116.95.48,93.147.73.41,93.150.150.51,93.150.150.93,93.150.161.90,93.152.133.28,93.152.156.13,93.153.204.244,93.157.85.3,93.159.20.2,93.159.40.130,93.167.108.14,93.173.178.127,93.173.191.156,93.173.214.108,93.177.237.73,93.179.140.26,93.184.231.164,93.184.231.224] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (188)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510374; rev:1830; fwsam: src, 24 hours;)
alert udp [92.64.115.148,92.79.131.141,92.81.172.26,92.81.21.54,92.81.83.29,93.102.87.150,93.103.166.45,93.103.232.126,93.105.219.198,93.116.95.221,93.116.95.248,93.116.95.48,93.147.73.41,93.150.150.51,93.150.150.93,93.150.161.90,93.152.133.28,93.152.156.13,93.153.204.244,93.157.85.3,93.159.20.2,93.159.40.130,93.167.108.14,93.173.178.127,93.173.191.156,93.173.214.108,93.177.237.73,93.179.140.26,93.184.231.164,93.184.231.224] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (188)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510375; rev:1830; fwsam: src, 24 hours;)
alert tcp [93.184.71.195,93.186.118.53,93.186.164.168,93.186.97.74,93.190.105.7,93.190.137.180,93.190.140.221,93.191.14.64,93.191.41.173,93.191.41.174,93.3.49.60,93.64.76.163,93.74.15.60,93.80.114.120,93.80.173.224,93.80.7.87,93.81.140.82,93.89.212.12,93.89.214.35,93.90.82.2,93.99.39.23,94.101.44.1,94.102.13.42,94.102.13.83,94.102.14.74,94.102.211.174,94.102.49.76,94.102.5.3,94.102.6.219,94.102.63.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (189)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510376; rev:1830; fwsam: src, 24 hours;)
alert udp [93.184.71.195,93.186.118.53,93.186.164.168,93.186.97.74,93.190.105.7,93.190.137.180,93.190.140.221,93.191.14.64,93.191.41.173,93.191.41.174,93.3.49.60,93.64.76.163,93.74.15.60,93.80.114.120,93.80.173.224,93.80.7.87,93.81.140.82,93.89.212.12,93.89.214.35,93.90.82.2,93.99.39.23,94.101.44.1,94.102.13.42,94.102.13.83,94.102.14.74,94.102.211.174,94.102.49.76,94.102.5.3,94.102.6.219,94.102.63.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (189)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510377; rev:1830; fwsam: src, 24 hours;)
alert tcp [94.103.90.160,94.103.92.123,94.111.33.242,94.111.43.146,94.122.200.234,94.123.47.186,94.125.246.251,94.125.49.82,94.125.50.219,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.53.222,94.136.57.44,94.137.186.125,94.137.188.138,94.137.27.33,94.137.42.5,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.141.144.240,94.141.149.89,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (190)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510378; rev:1830; fwsam: src, 24 hours;)
alert udp [94.103.90.160,94.103.92.123,94.111.33.242,94.111.43.146,94.122.200.234,94.123.47.186,94.125.246.251,94.125.49.82,94.125.50.219,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.53.222,94.136.57.44,94.137.186.125,94.137.188.138,94.137.27.33,94.137.42.5,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.141.144.240,94.141.149.89,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (190)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510379; rev:1830; fwsam: src, 24 hours;)
alert tcp [94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76,94.153.181.216,94.153.183.251,94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.158.123.240,94.168.226.79,94.173.46.103,94.178.109.7,94.178.252.233,94.179.134.13,94.179.45.214,94.180.147.163,94.180.177.167,94.180.48.242,94.189.235.222,94.19.171.74,94.19.45.201,94.191.160.247,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (191)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510380; rev:1830; fwsam: src, 24 hours;)
alert udp [94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76,94.153.181.216,94.153.183.251,94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.158.123.240,94.168.226.79,94.173.46.103,94.178.109.7,94.178.252.233,94.179.134.13,94.179.45.214,94.180.147.163,94.180.177.167,94.180.48.242,94.189.235.222,94.19.171.74,94.19.45.201,94.191.160.247,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (191)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510381; rev:1830; fwsam: src, 24 hours;)
alert tcp [94.197.194.33,94.197.226.58,94.197.23.2,94.197.247.133,94.198.137.2,94.21.14.23,94.21.17.18,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138,94.219.65.123,94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.247.185,94.220.48.66,94.222.166.57,94.222.216.118,94.228.0.125,94.228.169.2,94.228.209.146,94.228.219.23,94.228.220.66,94.229.35.232,94.229.85.89,94.23.115.233,94.23.63.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (192)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510382; rev:1830; fwsam: src, 24 hours;)
alert udp [94.197.194.33,94.197.226.58,94.197.23.2,94.197.247.133,94.198.137.2,94.21.14.23,94.21.17.18,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138,94.219.65.123,94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.247.185,94.220.48.66,94.222.166.57,94.222.216.118,94.228.0.125,94.228.169.2,94.228.209.146,94.228.219.23,94.228.220.66,94.229.35.232,94.229.85.89,94.23.115.233,94.23.63.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (192)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510383; rev:1830; fwsam: src, 24 hours;)
alert tcp [94.230.37.0,94.230.38.189,94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.236.198.112,94.237.121.102,94.237.130.100,94.237.254.27,94.240.128.34,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191,94.243.91.249,94.243.92.120,94.243.99.213,94.245.201.81,94.245.233.45,94.245.240.130,94.247.176.121,94.248.145.119,94.249.153.236,94.249.153.243,94.249.7.116,94.249.95.161] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (193)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510384; rev:1830; fwsam: src, 24 hours;)
alert udp [94.230.37.0,94.230.38.189,94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.236.198.112,94.237.121.102,94.237.130.100,94.237.254.27,94.240.128.34,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191,94.243.91.249,94.243.92.120,94.243.99.213,94.245.201.81,94.245.233.45,94.245.240.130,94.247.176.121,94.248.145.119,94.249.153.236,94.249.153.243,94.249.7.116,94.249.95.161] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (193)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510385; rev:1830; fwsam: src, 24 hours;)
alert tcp [94.25.224.130,94.25.8.118,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.253.75.183,94.27.116.125,94.27.118.159,94.27.118.69,94.27.98.21,94.28.82.90,94.32.79.81,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.50.32.185,94.51.137.177,94.52.221.11,94.54.16.238,94.54.227.227,94.55.5.232,94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (194)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510386; rev:1830; fwsam: src, 24 hours;)
alert udp [94.25.224.130,94.25.8.118,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.253.75.183,94.27.116.125,94.27.118.159,94.27.118.69,94.27.98.21,94.28.82.90,94.32.79.81,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.50.32.185,94.51.137.177,94.52.221.11,94.54.16.238,94.54.227.227,94.55.5.232,94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (194)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510387; rev:1830; fwsam: src, 24 hours;)
alert tcp [94.73.9.218,94.74.230.51,94.74.248.8,94.75.207.115,94.75.216.128,94.75.223.25,94.75.228.245,94.76.204.102,94.76.204.199,94.76.206.30,94.80.140.91,94.85.20.50,94.85.213.34,94.86.138.162,94.88.99.211,95.0.130.74,95.131.89.114,95.132.70.71,95.133.200.17,95.133.21.30,95.142.43.91,95.143.192.121,95.143.192.161,95.143.192.193,95.143.192.245,95.143.192.35,95.154.240.251,95.154.242.126,95.155.12.56,95.168.109.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (195)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510388; rev:1830; fwsam: src, 24 hours;)
alert udp [94.73.9.218,94.74.230.51,94.74.248.8,94.75.207.115,94.75.216.128,94.75.223.25,94.75.228.245,94.76.204.102,94.76.204.199,94.76.206.30,94.80.140.91,94.85.20.50,94.85.213.34,94.86.138.162,94.88.99.211,95.0.130.74,95.131.89.114,95.132.70.71,95.133.200.17,95.133.21.30,95.142.43.91,95.143.192.121,95.143.192.161,95.143.192.193,95.143.192.245,95.143.192.35,95.154.240.251,95.154.242.126,95.155.12.56,95.168.109.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (195)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510389; rev:1830; fwsam: src, 24 hours;)
alert tcp [95.168.177.103,95.169.186.103,95.176.164.222,95.178.183.88,95.180.62.161,95.209.135.98,95.209.4.147,95.209.77.143,95.211.128.8,95.211.53.245,95.211.8.12,95.211.99.72,95.215.1.6,95.221.4.97,95.24.96.206,95.27.69.169,95.31.234.3,95.34.15.136,95.48.95.180,95.50.190.74,95.50.84.50,95.52.154.32,95.62.147.8,95.67.231.201,95.68.84.58,95.73.33.250,95.74.199.185,95.75.47.25,95.78.104.143,95.79.155.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (196)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510390; rev:1830; fwsam: src, 24 hours;)
alert udp [95.168.177.103,95.169.186.103,95.176.164.222,95.178.183.88,95.180.62.161,95.209.135.98,95.209.4.147,95.209.77.143,95.211.128.8,95.211.53.245,95.211.8.12,95.211.99.72,95.215.1.6,95.221.4.97,95.24.96.206,95.27.69.169,95.31.234.3,95.34.15.136,95.48.95.180,95.50.190.74,95.50.84.50,95.52.154.32,95.62.147.8,95.67.231.201,95.68.84.58,95.73.33.250,95.74.199.185,95.75.47.25,95.78.104.143,95.79.155.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (196)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510391; rev:1830; fwsam: src, 24 hours;)
alert tcp [95.79.226.178,95.83.52.197,95.84.27.175,95.84.50.204,95.85.160.232,95.93.139.117,95.93.230.211,95.95.240.92,95.95.246.209,95.96.175.4,95.97.64.234,96.0.203.114,96.231.143.123,96.237.178.82,96.239.203.55,96.28.107.64,96.31.81.53,96.4.191.21,96.48.38.230,96.57.151.226,96.61.128.251,96.9.137.124,96.9.175.182,96.9.183.149,96.9.186.245,96.9.188.23,97.102.255.85,97.103.210.106,97.106.26.132,97.107.130.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (197)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510392; rev:1830; fwsam: src, 24 hours;)
alert udp [95.79.226.178,95.83.52.197,95.84.27.175,95.84.50.204,95.85.160.232,95.93.139.117,95.93.230.211,95.95.240.92,95.95.246.209,95.96.175.4,95.97.64.234,96.0.203.114,96.231.143.123,96.237.178.82,96.239.203.55,96.28.107.64,96.31.81.53,96.4.191.21,96.48.38.230,96.57.151.226,96.61.128.251,96.9.137.124,96.9.175.182,96.9.183.149,96.9.186.245,96.9.188.23,97.102.255.85,97.103.210.106,97.106.26.132,97.107.130.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (197)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510393; rev:1830; fwsam: src, 24 hours;)
alert tcp [97.65.77.188,97.74.144.189,97.74.215.85,97.74.74.237,97.89.119.220,97.89.129.115,97.89.175.52,98.109.170.152,98.112.35.38,98.126.17.138,98.129.212.47,98.129.239.174,98.134.237.0,98.14.32.198,98.142.244.34,98.145.213.178,98.148.74.237,98.149.176.161,98.151.235.60,98.154.121.93,98.156.35.88,98.193.136.121,98.210.27.161,98.213.110.15,98.215.21.244,98.218.144.252,98.235.110.162,98.235.15.63,98.242.104.251,98.242.65.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (198)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510394; rev:1830; fwsam: src, 24 hours;)
alert udp [97.65.77.188,97.74.144.189,97.74.215.85,97.74.74.237,97.89.119.220,97.89.129.115,97.89.175.52,98.109.170.152,98.112.35.38,98.126.17.138,98.129.212.47,98.129.239.174,98.134.237.0,98.14.32.198,98.142.244.34,98.145.213.178,98.148.74.237,98.149.176.161,98.151.235.60,98.154.121.93,98.156.35.88,98.193.136.121,98.210.27.161,98.213.110.15,98.215.21.244,98.218.144.252,98.235.110.162,98.235.15.63,98.242.104.251,98.242.65.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (198)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510395; rev:1830; fwsam: src, 24 hours;)
alert tcp [98.25.95.250,98.254.3.215,98.26.115.54,98.28.224.53,99.1.118.85,99.131.43.10,99.132.114.234,99.138.131.89,99.139.228.59,99.141.5.131,99.152.203.76,99.154.246.193,99.161.152.148,99.162.27.151,99.167.103.95,99.17.100.246,99.172.10.102,99.188.94.37,99.228.146.25,99.229.190.13,99.229.54.151,99.236.68.130,99.239.86.254,99.28.16.145,99.30.133.178,99.37.19.50,99.38.142.35,99.48.74.8,99.52.223.251,99.53.159.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (199)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510396; rev:1830; fwsam: src, 24 hours;)
alert udp [98.25.95.250,98.254.3.215,98.26.115.54,98.28.224.53,99.1.118.85,99.131.43.10,99.132.114.234,99.138.131.89,99.139.228.59,99.141.5.131,99.152.203.76,99.154.246.193,99.161.152.148,99.162.27.151,99.167.103.95,99.17.100.246,99.172.10.102,99.188.94.37,99.228.146.25,99.229.190.13,99.229.54.151,99.236.68.130,99.239.86.254,99.28.16.145,99.30.133.178,99.37.19.50,99.38.142.35,99.48.74.8,99.52.223.251,99.53.159.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (199)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510397; rev:1830; fwsam: src, 24 hours;)