# # $Id: emerging-compromised.rules # Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources # #Sources include: # # Daniel Gerzo's BruteForceBlocker # http://danger.rulez.sk/projects/bruteforceblocker/ # # Abuse.ch's Zeus Tracker (aka WNSPoem, etc) # https://zeustracker.abuse.ch/faq.php # # The CZ Honeynet Project # http://www.honeynet.cz # # More information available at www.emergingthreats.net # # Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list # #************************************************************* # # Copyright (c) 2003-2010, Emerging Threats # All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, are permitted provided that the # following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this list of conditions and the following # disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the # following disclaimer in the documentation and/or other materials provided with the distribution. # * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # VERSION 2010 # Generated 2010-09-09 00:03:02 EDT alert tcp [109.120.1.31,109.123.91.67,109.123.95.174,109.169.200.233,109.169.218.193,109.169.56.3,109.184.115.42,109.189.97.55,109.195.109.9,109.195.64.250,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.200.105.2,109.207.1.133,109.70.26.36,109.72.241.22,109.74.139.148,109.74.3.219,109.86.194.103,110.133.119.39,110.137.70.196,110.15.0.74,110.162.97.181,110.172.174.50,110.172.176.2,110.2.183.129,110.45.138.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (1)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500000; rev:2010;) alert udp [109.120.1.31,109.123.91.67,109.123.95.174,109.169.200.233,109.169.218.193,109.169.56.3,109.184.115.42,109.189.97.55,109.195.109.9,109.195.64.250,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.200.105.2,109.207.1.133,109.70.26.36,109.72.241.22,109.74.139.148,109.74.3.219,109.86.194.103,110.133.119.39,110.137.70.196,110.15.0.74,110.162.97.181,110.172.174.50,110.172.176.2,110.2.183.129,110.45.138.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (1)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500001; rev:2010;) alert tcp [110.45.144.72,110.45.146.31,110.54.253.1,110.67.62.187,110.77.129.165,110.77.129.166,111.1.8.105,111.119.170.183,111.119.203.14,111.119.231.90,111.125.224.128,111.125.242.29,111.171.205.176,111.67.203.114,111.67.205.118,112.104.116.155,112.137.141.10,112.137.147.186,112.172.129.87,112.175.141.21,112.175.242.101,112.200.215.98,112.201.181.195,112.202.42.39,112.202.73.132,112.213.87.159,112.216.13.12,112.216.151.10,112.216.161.138,112.216.62.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (2)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500002; rev:2010;) alert udp [110.45.144.72,110.45.146.31,110.54.253.1,110.67.62.187,110.77.129.165,110.77.129.166,111.1.8.105,111.119.170.183,111.119.203.14,111.119.231.90,111.125.224.128,111.125.242.29,111.171.205.176,111.67.203.114,111.67.205.118,112.104.116.155,112.137.141.10,112.137.147.186,112.172.129.87,112.175.141.21,112.175.242.101,112.200.215.98,112.201.181.195,112.202.42.39,112.202.73.132,112.213.87.159,112.216.13.12,112.216.151.10,112.216.161.138,112.216.62.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (2)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500003; rev:2010;) alert tcp [112.216.72.125,112.68.55.251,112.70.17.91,112.90.146.2,112.95.144.231,113.105.152.49,113.105.8.171,113.106.99.202,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.11.194.251,113.130.85.35,113.14.147.234,113.17.144.158,113.193.5.140,113.193.5.70,113.193.71.21,113.237.78.44,113.31.18.14,113.32.105.102,113.53.235.91,113.53.91.11,113.59.254.6,113.6.252.48,113.61.226.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (3)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500004; rev:2010;) alert udp [112.216.72.125,112.68.55.251,112.70.17.91,112.90.146.2,112.95.144.231,113.105.152.49,113.105.8.171,113.106.99.202,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.11.194.251,113.130.85.35,113.14.147.234,113.17.144.158,113.193.5.140,113.193.5.70,113.193.71.21,113.237.78.44,113.31.18.14,113.32.105.102,113.53.235.91,113.53.91.11,113.59.254.6,113.6.252.48,113.61.226.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (3)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500005; rev:2010;) alert tcp [114.108.177.48,114.111.164.248,114.112.188.44,114.127.246.36,114.130.136.59,114.135.11.187,114.149.21.44,114.150.207.67,114.159.21.64,114.180.251.94,114.181.164.20,114.181.239.177,114.185.23.104,114.200.199.26,114.203.87.28,114.207.112.16,114.207.113.141,114.207.245.86,114.25.180.87,114.251.3.130,114.31.50.10,114.32.23.10,114.41.235.224,114.42.195.85,114.44.177.179,114.46.56.112,114.48.241.22,114.56.230.83,114.70.9.15,114.80.105.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (4)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500006; rev:2010;) alert udp [114.108.177.48,114.111.164.248,114.112.188.44,114.127.246.36,114.130.136.59,114.135.11.187,114.149.21.44,114.150.207.67,114.159.21.64,114.180.251.94,114.181.164.20,114.181.239.177,114.185.23.104,114.200.199.26,114.203.87.28,114.207.112.16,114.207.113.141,114.207.245.86,114.25.180.87,114.251.3.130,114.31.50.10,114.32.23.10,114.41.235.224,114.42.195.85,114.44.177.179,114.46.56.112,114.48.241.22,114.56.230.83,114.70.9.15,114.80.105.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (4)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500007; rev:2010;) alert tcp [114.80.129.136,114.80.94.183,114.80.96.92,115.113.135.102,115.113.149.83,115.113.182.131,115.113.214.228,115.115.37.36,115.118.251.163,115.118.26.251,115.124.164.227,115.133.13.76,115.135.138.30,115.146.18.31,115.163.155.104,115.166.131.202,115.178.73.24,115.186.115.108,115.238.54.117,115.240.8.133,115.240.84.246,115.248.49.217,115.30.133.204,115.30.144.47,115.30.194.145,115.30.199.252,115.37.247.54,115.41.218.48,115.89.138.194,115.93.50.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (5)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500008; rev:2010;) alert udp [114.80.129.136,114.80.94.183,114.80.96.92,115.113.135.102,115.113.149.83,115.113.182.131,115.113.214.228,115.115.37.36,115.118.251.163,115.118.26.251,115.124.164.227,115.133.13.76,115.135.138.30,115.146.18.31,115.163.155.104,115.166.131.202,115.178.73.24,115.186.115.108,115.238.54.117,115.240.8.133,115.240.84.246,115.248.49.217,115.30.133.204,115.30.144.47,115.30.194.145,115.30.199.252,115.37.247.54,115.41.218.48,115.89.138.194,115.93.50.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (5)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500009; rev:2010;) alert tcp [115.93.50.166,116.12.209.99,116.122.158.201,116.124.190.71,116.125.126.30,116.214.25.66,116.214.26.145,116.228.67.200,116.236.224.82,116.254.79.58,116.255.159.159,116.28.64.158,116.48.137.141,116.6.19.70,116.72.157.92,116.74.105.2,116.83.21.112,117.102.8.244,117.120.27.12,117.16.245.135,117.18.75.164,117.193.0.62,117.194.1.197,117.194.96.153,117.195.198.55,117.195.39.105,117.195.65.29,117.195.70.10,117.196.138.67,117.197.0.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (6)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500010; rev:2010;) alert udp [115.93.50.166,116.12.209.99,116.122.158.201,116.124.190.71,116.125.126.30,116.214.25.66,116.214.26.145,116.228.67.200,116.236.224.82,116.254.79.58,116.255.159.159,116.28.64.158,116.48.137.141,116.6.19.70,116.72.157.92,116.74.105.2,116.83.21.112,117.102.8.244,117.120.27.12,117.16.245.135,117.18.75.164,117.193.0.62,117.194.1.197,117.194.96.153,117.195.198.55,117.195.39.105,117.195.65.29,117.195.70.10,117.196.138.67,117.197.0.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (6)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500011; rev:2010;) alert tcp [117.198.152.74,117.198.174.172,117.198.194.113,117.198.230.206,117.199.1.192,117.199.24.218,117.200.129.9,117.200.195.172,117.200.196.39,117.200.213.103,117.200.215.43,117.200.36.208,117.200.48.149,117.200.97.28,117.201.18.97,117.201.86.225,117.203.193.17,117.204.145.44,117.204.210.145,117.204.242.161,117.205.100.254,117.205.100.73,117.205.146.218,117.205.21.66,117.205.7.215,117.207.3.146,117.207.33.72,117.207.49.63,117.207.6.94,117.241.185.236] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (7)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500012; rev:2010;) alert udp [117.198.152.74,117.198.174.172,117.198.194.113,117.198.230.206,117.199.1.192,117.199.24.218,117.200.129.9,117.200.195.172,117.200.196.39,117.200.213.103,117.200.215.43,117.200.36.208,117.200.48.149,117.200.97.28,117.201.18.97,117.201.86.225,117.203.193.17,117.204.145.44,117.204.210.145,117.204.242.161,117.205.100.254,117.205.100.73,117.205.146.218,117.205.21.66,117.205.7.215,117.207.3.146,117.207.33.72,117.207.49.63,117.207.6.94,117.241.185.236] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (7)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500013; rev:2010;) alert tcp [117.241.232.168,117.241.234.159,117.241.240.100,117.242.1.65,117.242.4.253,117.28.238.132,117.34.69.10,117.34.79.133,117.41.169.18,117.41.169.20,117.41.169.21,117.41.229.178,117.41.239.5,117.6.10.155,117.91.148.219,118.0.115.62,118.0.217.45,118.102.129.212,118.102.148.86,118.105.216.234,118.105.233.231,118.105.235.186,118.111.71.106,118.123.15.100,118.123.213.47,118.125.243.7,118.129.166.226,118.131.179.134,118.142.28.243,118.142.72.243] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (8)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500014; rev:2010;) alert udp [117.241.232.168,117.241.234.159,117.241.240.100,117.242.1.65,117.242.4.253,117.28.238.132,117.34.69.10,117.34.79.133,117.41.169.18,117.41.169.20,117.41.169.21,117.41.229.178,117.41.239.5,117.6.10.155,117.91.148.219,118.0.115.62,118.0.217.45,118.102.129.212,118.102.148.86,118.105.216.234,118.105.233.231,118.105.235.186,118.111.71.106,118.123.15.100,118.123.213.47,118.125.243.7,118.129.166.226,118.131.179.134,118.142.28.243,118.142.72.243] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (8)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500015; rev:2010;) alert tcp [118.144.75.232,118.144.83.68,118.166.238.30,118.166.240.8,118.169.148.92,118.175.12.220,118.19.133.119,118.20.197.81,118.212.129.181,118.217.12.34,118.217.181.134,118.218.198.225,118.218.42.230,118.221.120.219,118.231.114.149,118.237.135.9,118.237.147.218,118.237.87.109,118.241.78.112,118.37.127.137,118.69.250.134,118.8.188.32,118.8.96.147,118.87.20.81,118.96.187.222,119.1.200.130,119.12.239.152,119.145.109.202,119.145.144.73,119.150.11.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (9)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500016; rev:2010;) alert udp [118.144.75.232,118.144.83.68,118.166.238.30,118.166.240.8,118.169.148.92,118.175.12.220,118.19.133.119,118.20.197.81,118.212.129.181,118.217.12.34,118.217.181.134,118.218.198.225,118.218.42.230,118.221.120.219,118.231.114.149,118.237.135.9,118.237.147.218,118.237.87.109,118.241.78.112,118.37.127.137,118.69.250.134,118.8.188.32,118.8.96.147,118.87.20.81,118.96.187.222,119.1.200.130,119.12.239.152,119.145.109.202,119.145.144.73,119.150.11.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (9)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500017; rev:2010;) alert tcp [119.163.121.6,119.167.244.92,119.188.7.131,119.188.7.133,119.188.7.134,119.188.7.138,119.188.7.139,119.188.7.141,119.188.7.145,119.188.7.155,119.188.7.157,119.188.7.162,119.188.7.163,119.188.7.164,119.188.7.166,119.188.7.167,119.188.7.168,119.188.7.170,119.188.7.174,119.188.7.186,119.188.7.192,119.188.7.195,119.188.7.196,119.188.7.200,119.188.7.201,119.188.7.202,119.196.21.224,119.197.32.201,119.240.154.45,119.247.199.102] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (10)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500018; rev:2010;) alert udp [119.163.121.6,119.167.244.92,119.188.7.131,119.188.7.133,119.188.7.134,119.188.7.138,119.188.7.139,119.188.7.141,119.188.7.145,119.188.7.155,119.188.7.157,119.188.7.162,119.188.7.163,119.188.7.164,119.188.7.166,119.188.7.167,119.188.7.168,119.188.7.170,119.188.7.174,119.188.7.186,119.188.7.192,119.188.7.195,119.188.7.196,119.188.7.200,119.188.7.201,119.188.7.202,119.196.21.224,119.197.32.201,119.240.154.45,119.247.199.102] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (10)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500019; rev:2010;) alert tcp [119.254.3.83,119.255.23.2,119.255.56.170,119.255.6.100,119.40.17.197,119.40.26.22,119.48.218.56,119.6.86.51,119.6.86.53,119.62.128.101,119.7.13.199,119.70.154.52,119.82.96.198,119.88.56.44,12.146.209.146,12.158.237.70,12.162.182.162,12.183.200.133,12.23.106.210,12.233.141.195,12.46.24.194,120.107.149.118,120.107.149.147,120.107.160.13,120.64.255.254,120.72.43.47,120.72.47.219,120.74.251.159,120.75.21.97,121.10.117.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (11)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500020; rev:2010;) alert udp [119.254.3.83,119.255.23.2,119.255.56.170,119.255.6.100,119.40.17.197,119.40.26.22,119.48.218.56,119.6.86.51,119.6.86.53,119.62.128.101,119.7.13.199,119.70.154.52,119.82.96.198,119.88.56.44,12.146.209.146,12.158.237.70,12.162.182.162,12.183.200.133,12.23.106.210,12.233.141.195,12.46.24.194,120.107.149.118,120.107.149.147,120.107.160.13,120.64.255.254,120.72.43.47,120.72.47.219,120.74.251.159,120.75.21.97,121.10.117.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (11)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500021; rev:2010;) alert tcp [121.10.133.226,121.101.213.4,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,121.103.229.126,121.11.153.242,121.11.66.70,121.115.196.160,121.115.87.139,121.117.2.7,121.119.160.109,121.12.127.75,121.12.171.73,121.121.113.194,121.121.22.180,121.124.124.229,121.136.177.137,121.14.104.226,121.14.117.11,121.14.118.21,121.14.195.176,121.14.235.109,121.15.211.11,121.15.226.230,121.160.171.6,121.170.179.222,121.172.253.22,121.180.16.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (12)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500022; rev:2010;) alert udp [121.10.133.226,121.101.213.4,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,121.103.229.126,121.11.153.242,121.11.66.70,121.115.196.160,121.115.87.139,121.117.2.7,121.119.160.109,121.12.127.75,121.12.171.73,121.121.113.194,121.121.22.180,121.124.124.229,121.136.177.137,121.14.104.226,121.14.117.11,121.14.118.21,121.14.195.176,121.14.235.109,121.15.211.11,121.15.226.230,121.160.171.6,121.170.179.222,121.172.253.22,121.180.16.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (12)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500023; rev:2010;) alert tcp [121.204.0.2,121.207.246.76,121.207.254.227,121.242.204.2,121.242.23.223,121.243.130.139,121.243.34.24,121.246.26.95,121.246.33.200,121.247.218.189,121.247.80.208,121.254.224.148,121.254.231.199,121.254.252.82,121.254.252.83,121.28.104.14,121.52.215.133,121.78.145.13,121.82.137.228,121.82.195.84,121.82.209.252,121.83.165.217,121.9.210.248,121.9.212.13,121.92.166.52,121.94.253.93,122.11.56.250,122.115.63.116,122.121.213.203,122.145.252.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (13)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500024; rev:2010;) alert udp [121.204.0.2,121.207.246.76,121.207.254.227,121.242.204.2,121.242.23.223,121.243.130.139,121.243.34.24,121.246.26.95,121.246.33.200,121.247.218.189,121.247.80.208,121.254.224.148,121.254.231.199,121.254.252.82,121.254.252.83,121.28.104.14,121.52.215.133,121.78.145.13,121.82.137.228,121.82.195.84,121.82.209.252,121.83.165.217,121.9.210.248,121.9.212.13,121.92.166.52,121.94.253.93,122.11.56.250,122.115.63.116,122.121.213.203,122.145.252.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (13)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500025; rev:2010;) alert tcp [122.146.40.72,122.146.68.237,122.155.16.234,122.160.169.162,122.161.32.128,122.161.87.148,122.166.3.50,122.168.136.50,122.168.170.216,122.169.52.69,122.17.4.251,122.170.126.114,122.180.114.98,122.180.129.123,122.180.99.195,122.181.147.236,122.181.174.150,122.182.15.187,122.183.202.35,122.183.80.82,122.194.21.12,122.199.140.158,122.200.90.17,122.224.215.68,122.224.73.212,122.224.82.75,122.224.95.135,122.225.37.68,122.225.37.88,122.225.38.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (14)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500026; rev:2010;) alert udp [122.146.40.72,122.146.68.237,122.155.16.234,122.160.169.162,122.161.32.128,122.161.87.148,122.166.3.50,122.168.136.50,122.168.170.216,122.169.52.69,122.17.4.251,122.170.126.114,122.180.114.98,122.180.129.123,122.180.99.195,122.181.147.236,122.181.174.150,122.182.15.187,122.183.202.35,122.183.80.82,122.194.21.12,122.199.140.158,122.200.90.17,122.224.215.68,122.224.73.212,122.224.82.75,122.224.95.135,122.225.37.68,122.225.37.88,122.225.38.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (14)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500027; rev:2010;) alert tcp [122.227.186.178,122.240.68.106,122.249.183.95,122.48.159.247,122.50.133.226,122.50.192.54,122.51.148.199,122.53.161.148,122.70.149.195,122.70.156.223,122.72.28.19,122.72.31.130,122.72.31.180,123.103.168.59,123.108.108.147,123.114.170.157,123.119.75.253,123.138.22.83,123.138.234.233,123.150.196.8,123.196.113.11,123.200.5.83,123.201.132.208,123.201.155.119,123.201.156.54,123.201.193.55,123.201.211.5,123.201.242.214,123.201.242.252,123.201.25.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (15)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500028; rev:2010;) alert udp [122.227.186.178,122.240.68.106,122.249.183.95,122.48.159.247,122.50.133.226,122.50.192.54,122.51.148.199,122.53.161.148,122.70.149.195,122.70.156.223,122.72.28.19,122.72.31.130,122.72.31.180,123.103.168.59,123.108.108.147,123.114.170.157,123.119.75.253,123.138.22.83,123.138.234.233,123.150.196.8,123.196.113.11,123.200.5.83,123.201.132.208,123.201.155.119,123.201.156.54,123.201.193.55,123.201.211.5,123.201.242.214,123.201.242.252,123.201.25.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (15)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500029; rev:2010;) alert tcp [123.201.37.182,123.201.58.11,123.204.50.171,123.221.193.203,123.222.57.219,123.225.169.86,123.231.236.237,123.233.242.78,123.236.128.211,123.236.134.130,123.236.159.211,123.236.189.59,123.237.230.94,123.237.75.14,123.237.77.238,123.237.77.92,123.237.87.10,123.238.126.178,123.238.139.91,123.238.16.149,123.238.61.136,123.242.230.228,123.242.231.193,123.248.249.193,123.30.184.134,123.30.184.88,123.30.184.89,123.30.19.38,123.48.141.177,123.48.7.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (16)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500030; rev:2010;) alert udp [123.201.37.182,123.201.58.11,123.204.50.171,123.221.193.203,123.222.57.219,123.225.169.86,123.231.236.237,123.233.242.78,123.236.128.211,123.236.134.130,123.236.159.211,123.236.189.59,123.237.230.94,123.237.75.14,123.237.77.238,123.237.77.92,123.237.87.10,123.238.126.178,123.238.139.91,123.238.16.149,123.238.61.136,123.242.230.228,123.242.231.193,123.248.249.193,123.30.184.134,123.30.184.88,123.30.184.89,123.30.19.38,123.48.141.177,123.48.7.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (16)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500031; rev:2010;) alert tcp [123.49.32.76,123.49.47.120,123.65.217.183,124.105.161.139,124.109.32.133,124.110.219.45,124.123.232.169,124.124.200.18,124.124.200.22,124.124.212.172,124.124.244.132,124.124.59.60,124.124.9.44,124.124.91.195,124.125.155.246,124.125.243.108,124.125.244.245,124.125.250.84,124.125.34.91,124.125.38.217,124.125.50.88,124.125.66.221,124.125.83.62,124.125.93.210,124.127.125.2,124.137.16.167,124.16.130.78,124.172.234.109,124.172.237.19,124.193.216.206] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (17)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500032; rev:2010;) alert udp [123.49.32.76,123.49.47.120,123.65.217.183,124.105.161.139,124.109.32.133,124.110.219.45,124.123.232.169,124.124.200.18,124.124.200.22,124.124.212.172,124.124.244.132,124.124.59.60,124.124.9.44,124.124.91.195,124.125.155.246,124.125.243.108,124.125.244.245,124.125.250.84,124.125.34.91,124.125.38.217,124.125.50.88,124.125.66.221,124.125.83.62,124.125.93.210,124.127.125.2,124.137.16.167,124.16.130.78,124.172.234.109,124.172.237.19,124.193.216.206] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (17)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500033; rev:2010;) alert tcp [124.207.168.42,124.207.65.29,124.212.184.173,124.214.89.188,124.217.239.158,124.232.131.82,124.237.96.186,124.244.251.180,124.247.243.111,124.30.20.116,124.30.203.4,124.42.126.56,124.42.35.72,124.47.118.156,124.74.193.19,124.74.214.199,124.74.24.142,124.74.45.122,124.80.234.210,124.81.246.147,124.82.221.194,124.85.118.117,124.98.1.83,125.0.145.204,125.141.142.100,125.160.17.242,125.160.17.33,125.165.25.120,125.166.160.234,125.167.119.90] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (18)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500034; rev:2010;) alert udp [124.207.168.42,124.207.65.29,124.212.184.173,124.214.89.188,124.217.239.158,124.232.131.82,124.237.96.186,124.244.251.180,124.247.243.111,124.30.20.116,124.30.203.4,124.42.126.56,124.42.35.72,124.47.118.156,124.74.193.19,124.74.214.199,124.74.24.142,124.74.45.122,124.80.234.210,124.81.246.147,124.82.221.194,124.85.118.117,124.98.1.83,125.0.145.204,125.141.142.100,125.160.17.242,125.160.17.33,125.165.25.120,125.166.160.234,125.167.119.90] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (18)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500035; rev:2010;) alert tcp [125.172.77.110,125.19.232.131,125.192.80.183,125.195.52.183,125.200.175.213,125.200.219.94,125.206.118.199,125.206.227.75,125.210.209.148,125.210.253.164,125.211.200.32,125.211.221.29,125.212.115.56,125.214.64.200,125.215.148.77,125.225.40.225,125.235.33.52,125.235.4.111,125.235.4.20,125.247.254.140,125.31.78.190,125.35.1.21,125.46.11.61,125.5.112.177,125.6.137.211,125.7.234.53,125.76.229.235,125.76.230.123,125.76.233.111,125.88.128.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (19)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500036; rev:2010;) alert udp [125.172.77.110,125.19.232.131,125.192.80.183,125.195.52.183,125.200.175.213,125.200.219.94,125.206.118.199,125.206.227.75,125.210.209.148,125.210.253.164,125.211.200.32,125.211.221.29,125.212.115.56,125.214.64.200,125.215.148.77,125.225.40.225,125.235.33.52,125.235.4.111,125.235.4.20,125.247.254.140,125.31.78.190,125.35.1.21,125.46.11.61,125.5.112.177,125.6.137.211,125.7.234.53,125.76.229.235,125.76.230.123,125.76.233.111,125.88.128.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (19)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500037; rev:2010;) alert tcp [125.88.128.8,125.90.93.70,128.121.234.237,128.171.67.101,128.174.241.156,128.175.34.143,128.46.116.112,129.105.112.145,130.117.187.107,130.245.191.106,131.103.218.136,131.94.37.157,132.248.83.244,133.41.110.10,133.70.173.140,133.79.205.20,133.86.38.42,134.102.135.232,139.14.23.13,139.53.16.133,140.109.55.6,140.113.239.71,140.115.107.92,140.118.20.94,140.119.185.21,140.119.220.171,140.126.176.31,140.127.114.171,140.138.144.225,140.138.144.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (20)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500038; rev:2010;) alert udp [125.88.128.8,125.90.93.70,128.121.234.237,128.171.67.101,128.174.241.156,128.175.34.143,128.46.116.112,129.105.112.145,130.117.187.107,130.245.191.106,131.103.218.136,131.94.37.157,132.248.83.244,133.41.110.10,133.70.173.140,133.79.205.20,133.86.38.42,134.102.135.232,139.14.23.13,139.53.16.133,140.109.55.6,140.113.239.71,140.115.107.92,140.118.20.94,140.119.185.21,140.119.220.171,140.126.176.31,140.127.114.171,140.138.144.225,140.138.144.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (20)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500039; rev:2010;) alert tcp [140.174.118.252,141.154.213.18,141.212.106.113,141.212.109.228,141.212.109.244,141.212.109.89,141.212.113.85,141.223.61.228,141.44.52.3,141.45.176.154,144.16.111.140,145.116.14.40,145.24.222.82,147.1.235.10,147.156.252.198,147.156.51.124,147.175.16.89,147.175.70.185,148.204.124.99,148.228.181.190,148.243.214.216,148.244.221.188,148.244.98.137,149.156.173.69,150.185.129.37,150.189.2.50,150.214.188.23,151.1.219.222,151.197.55.88,151.22.71.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (21)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500040; rev:2010;) alert udp [140.174.118.252,141.154.213.18,141.212.106.113,141.212.109.228,141.212.109.244,141.212.109.89,141.212.113.85,141.223.61.228,141.44.52.3,141.45.176.154,144.16.111.140,145.116.14.40,145.24.222.82,147.1.235.10,147.156.252.198,147.156.51.124,147.175.16.89,147.175.70.185,148.204.124.99,148.228.181.190,148.243.214.216,148.244.221.188,148.244.98.137,149.156.173.69,150.185.129.37,150.189.2.50,150.214.188.23,151.1.219.222,151.197.55.88,151.22.71.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (21)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500041; rev:2010;) alert tcp [153.19.99.121,156.17.186.235,157.100.195.134,157.86.114.141,157.88.229.16,158.155.4.14,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.155,159.148.178.133,159.226.7.162,161.200.93.137,162.105.67.211,162.42.166.2,163.178.170.75,163.19.249.2,164.41.25.120,164.77.170.66,164.78.248.57,168.176.125.116,170.51.33.70,170.51.45.246,173.0.48.61,173.0.49.45,173.0.50.28,173.0.50.84,173.13.31.217,173.13.45.154,173.14.231.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (22)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500042; rev:2010;) alert udp [153.19.99.121,156.17.186.235,157.100.195.134,157.86.114.141,157.88.229.16,158.155.4.14,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.155,159.148.178.133,159.226.7.162,161.200.93.137,162.105.67.211,162.42.166.2,163.178.170.75,163.19.249.2,164.41.25.120,164.77.170.66,164.78.248.57,168.176.125.116,170.51.33.70,170.51.45.246,173.0.48.61,173.0.49.45,173.0.50.28,173.0.50.84,173.13.31.217,173.13.45.154,173.14.231.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (22)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500043; rev:2010;) alert tcp [173.160.192.149,173.164.143.171,173.166.139.82,173.174.177.147,173.193.194.106,173.193.214.228,173.200.68.21,173.201.247.26,173.203.100.184,173.203.104.91,173.203.106.250,173.203.107.165,173.203.216.115,173.203.216.153,173.203.216.225,173.203.216.231,173.203.216.99,173.203.217.110,173.203.217.5,173.203.86.101,173.203.87.174,173.203.93.141,173.208.152.234,173.208.76.17,173.21.181.200,173.224.217.188,173.230.138.116,173.230.145.104,173.234.77.108,173.236.97.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (23)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500044; rev:2010;) alert udp [173.160.192.149,173.164.143.171,173.166.139.82,173.174.177.147,173.193.194.106,173.193.214.228,173.200.68.21,173.201.247.26,173.203.100.184,173.203.104.91,173.203.106.250,173.203.107.165,173.203.216.115,173.203.216.153,173.203.216.225,173.203.216.231,173.203.216.99,173.203.217.110,173.203.217.5,173.203.86.101,173.203.87.174,173.203.93.141,173.208.152.234,173.208.76.17,173.21.181.200,173.224.217.188,173.230.138.116,173.230.145.104,173.234.77.108,173.236.97.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (23)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500045; rev:2010;) alert tcp [173.242.114.146,173.244.175.94,173.244.177.114,173.45.116.146,173.67.143.141,173.8.132.246,173.9.24.226,173.93.190.193,174.102.240.232,174.113.18.248,174.120.179.34,174.120.224.131,174.121.0.218,174.121.79.66,174.121.85.94,174.121.89.219,174.123.217.34,174.123.79.43,174.133.33.194,174.133.34.132,174.142.104.57,174.143.148.151,174.33.77.123,174.34.132.200,174.34.141.50,174.34.155.178,174.37.136.126,174.37.165.222,174.37.172.68,174.37.3.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (24)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500046; rev:2010;) alert udp [173.242.114.146,173.244.175.94,173.244.177.114,173.45.116.146,173.67.143.141,173.8.132.246,173.9.24.226,173.93.190.193,174.102.240.232,174.113.18.248,174.120.179.34,174.120.224.131,174.121.0.218,174.121.79.66,174.121.85.94,174.121.89.219,174.123.217.34,174.123.79.43,174.133.33.194,174.133.34.132,174.142.104.57,174.143.148.151,174.33.77.123,174.34.132.200,174.34.141.50,174.34.155.178,174.37.136.126,174.37.165.222,174.37.172.68,174.37.3.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (24)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500047; rev:2010;) alert tcp [174.98.185.9,175.199.25.71,175.28.131.212,175.41.134.7,178.162.167.120,178.17.163.90,178.18.16.132,178.18.17.147,178.187.11.195,178.208.83.10,178.208.83.6,178.22.67.140,178.44.250.34,178.63.224.221,178.63.225.213,178.63.55.57,178.72.104.3,178.95.215.231,180.131.127.226,180.148.137.152,180.148.137.99,180.149.11.23,180.151.249.187,180.70.116.110,183.78.169.142,183.87.30.57,183.87.44.192,183.97.153.63,184.106.198.140,184.106.218.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (25)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500048; rev:2010;) alert udp [174.98.185.9,175.199.25.71,175.28.131.212,175.41.134.7,178.162.167.120,178.17.163.90,178.18.16.132,178.18.17.147,178.187.11.195,178.208.83.10,178.208.83.6,178.22.67.140,178.44.250.34,178.63.224.221,178.63.225.213,178.63.55.57,178.72.104.3,178.95.215.231,180.131.127.226,180.148.137.152,180.148.137.99,180.149.11.23,180.151.249.187,180.70.116.110,183.78.169.142,183.87.30.57,183.87.44.192,183.97.153.63,184.106.198.140,184.106.218.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (25)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500049; rev:2010;) alert tcp [184.106.219.75,184.154.12.27,184.80.131.86,184.82.4.136,186.0.0.150,186.104.10.36,186.104.163.74,186.122.113.249,186.14.252.28,186.18.143.135,186.18.193.226,186.18.234.8,186.42.172.2,186.42.173.147,186.80.133.48,186.81.112.92,186.81.156.219,186.81.205.40,186.81.55.63,186.81.91.122,186.82.101.28,186.82.72.223,186.83.227.172,186.84.11.222,186.87.122.112,186.87.253.224,186.98.237.163,186.98.46.243,187.1.51.166,187.10.129.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (26)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500050; rev:2010;) alert udp [184.106.219.75,184.154.12.27,184.80.131.86,184.82.4.136,186.0.0.150,186.104.10.36,186.104.163.74,186.122.113.249,186.14.252.28,186.18.143.135,186.18.193.226,186.18.234.8,186.42.172.2,186.42.173.147,186.80.133.48,186.81.112.92,186.81.156.219,186.81.205.40,186.81.55.63,186.81.91.122,186.82.101.28,186.82.72.223,186.83.227.172,186.84.11.222,186.87.122.112,186.87.253.224,186.98.237.163,186.98.46.243,187.1.51.166,187.10.129.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (26)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500051; rev:2010;) alert tcp [187.10.137.37,187.10.172.215,187.10.190.176,187.10.60.50,187.10.88.108,187.101.18.151,187.101.19.144,187.11.144.148,187.11.231.119,187.11.66.159,187.11.8.25,187.115.142.34,187.115.62.178,187.142.214.71,187.17.64.162,187.19.98.231,187.2.148.16,187.21.210.236,187.21.22.248,187.23.11.75,187.23.8.99,187.32.36.42,187.34.148.177,187.34.154.215,187.34.192.132,187.34.209.140,187.34.225.236,187.34.225.6,187.34.246.75,187.35.19.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (27)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500052; rev:2010;) alert udp [187.10.137.37,187.10.172.215,187.10.190.176,187.10.60.50,187.10.88.108,187.101.18.151,187.101.19.144,187.11.144.148,187.11.231.119,187.11.66.159,187.11.8.25,187.115.142.34,187.115.62.178,187.142.214.71,187.17.64.162,187.19.98.231,187.2.148.16,187.21.210.236,187.21.22.248,187.23.11.75,187.23.8.99,187.32.36.42,187.34.148.177,187.34.154.215,187.34.192.132,187.34.209.140,187.34.225.236,187.34.225.6,187.34.246.75,187.35.19.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (27)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500053; rev:2010;) alert tcp [187.35.31.26,187.36.101.186,187.36.156.214,187.39.69.85,187.4.32.121,187.4.66.18,187.4.67.74,187.40.0.210,187.5.152.117,187.54.74.92,187.56.132.129,187.56.192.188,187.6.98.210,187.60.232.130,187.62.245.235,187.64.42.154,187.66.245.229,187.74.112.149,187.74.214.116,187.75.165.209,187.75.79.253,187.78.17.225,187.78.91.240,187.8.155.138,188.120.225.146,188.127.236.233,188.163.29.95,188.163.65.166,188.163.78.26,188.165.195.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (28)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500054; rev:2010;) alert udp [187.35.31.26,187.36.101.186,187.36.156.214,187.39.69.85,187.4.32.121,187.4.66.18,187.4.67.74,187.40.0.210,187.5.152.117,187.54.74.92,187.56.132.129,187.56.192.188,187.6.98.210,187.60.232.130,187.62.245.235,187.64.42.154,187.66.245.229,187.74.112.149,187.74.214.116,187.75.165.209,187.75.79.253,187.78.17.225,187.78.91.240,187.8.155.138,188.120.225.146,188.127.236.233,188.163.29.95,188.163.65.166,188.163.78.26,188.165.195.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (28)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500055; rev:2010;) alert tcp [188.17.155.25,188.181.128.134,188.186.158.133,188.186.173.132,188.194.70.35,188.214.17.32,188.246.80.181,188.36.57.164,188.40.159.20,188.58.81.86,188.65.51.246,188.65.74.70,188.65.74.72,188.72.212.161,188.72.226.149,188.93.212.50,188.95.144.3,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.1.171.29,189.1.25.110,189.10.83.237,189.101.160.11,189.103.170.194,189.103.204.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (29)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500056; rev:2010;) alert udp [188.17.155.25,188.181.128.134,188.186.158.133,188.186.173.132,188.194.70.35,188.214.17.32,188.246.80.181,188.36.57.164,188.40.159.20,188.58.81.86,188.65.51.246,188.65.74.70,188.65.74.72,188.72.212.161,188.72.226.149,188.93.212.50,188.95.144.3,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.1.171.29,189.1.25.110,189.10.83.237,189.101.160.11,189.103.170.194,189.103.204.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (29)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500057; rev:2010;) alert tcp [189.103.49.63,189.104.21.75,189.105.206.110,189.106.60.107,189.107.109.55,189.107.25.181,189.107.48.18,189.108.123.58,189.11.11.130,189.110.112.62,189.110.134.132,189.110.142.209,189.110.82.250,189.111.61.79,189.112.107.57,189.123.118.128,189.123.214.149,189.123.28.162,189.123.54.171,189.123.81.117,189.126.110.88,189.13.202.70,189.136.171.137,189.138.17.131,189.139.142.105,189.14.245.99,189.14.98.115,189.146.11.139,189.15.171.226,189.15.199.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (30)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500058; rev:2010;) alert udp [189.103.49.63,189.104.21.75,189.105.206.110,189.106.60.107,189.107.109.55,189.107.25.181,189.107.48.18,189.108.123.58,189.11.11.130,189.110.112.62,189.110.134.132,189.110.142.209,189.110.82.250,189.111.61.79,189.112.107.57,189.123.118.128,189.123.214.149,189.123.28.162,189.123.54.171,189.123.81.117,189.126.110.88,189.13.202.70,189.136.171.137,189.138.17.131,189.139.142.105,189.14.245.99,189.14.98.115,189.146.11.139,189.15.171.226,189.15.199.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (30)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500059; rev:2010;) alert tcp [189.15.205.21,189.15.24.67,189.15.48.139,189.15.65.40,189.15.70.245,189.16.92.8,189.18.102.48,189.18.12.180,189.18.181.116,189.18.234.123,189.18.30.119,189.19.120.223,189.19.141.192,189.19.146.99,189.19.27.79,189.202.27.56,189.202.5.37,189.202.91.106,189.210.157.210,189.220.147.113,189.220.60.159,189.221.242.67,189.224.158.231,189.24.18.108,189.24.49.51,189.3.236.155,189.32.212.52,189.32.245.39,189.35.91.175,189.38.136.193] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (31)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500060; rev:2010;) alert udp [189.15.205.21,189.15.24.67,189.15.48.139,189.15.65.40,189.15.70.245,189.16.92.8,189.18.102.48,189.18.12.180,189.18.181.116,189.18.234.123,189.18.30.119,189.19.120.223,189.19.141.192,189.19.146.99,189.19.27.79,189.202.27.56,189.202.5.37,189.202.91.106,189.210.157.210,189.220.147.113,189.220.60.159,189.221.242.67,189.224.158.231,189.24.18.108,189.24.49.51,189.3.236.155,189.32.212.52,189.32.245.39,189.35.91.175,189.38.136.193] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (31)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500061; rev:2010;) alert tcp [189.38.250.63,189.39.156.95,189.41.13.149,189.41.86.232,189.42.162.2,189.45.37.101,189.46.10.46,189.46.13.207,189.46.131.163,189.46.164.136,189.46.200.118,189.46.200.223,189.46.231.215,189.46.234.40,189.46.242.80,189.46.36.52,189.46.4.144,189.46.44.69,189.46.77.16,189.46.96.169,189.47.185.186,189.47.4.1,189.5.133.131,189.5.255.168,189.5.92.20,189.50.152.254,189.50.198.250,189.53.243.82,189.59.15.51,189.59.234.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (32)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500062; rev:2010;) alert udp [189.38.250.63,189.39.156.95,189.41.13.149,189.41.86.232,189.42.162.2,189.45.37.101,189.46.10.46,189.46.13.207,189.46.131.163,189.46.164.136,189.46.200.118,189.46.200.223,189.46.231.215,189.46.234.40,189.46.242.80,189.46.36.52,189.46.4.144,189.46.44.69,189.46.77.16,189.46.96.169,189.47.185.186,189.47.4.1,189.5.133.131,189.5.255.168,189.5.92.20,189.50.152.254,189.50.198.250,189.53.243.82,189.59.15.51,189.59.234.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (32)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500063; rev:2010;) alert tcp [189.59.73.178,189.6.115.251,189.6.120.135,189.61.101.163,189.61.67.240,189.63.203.14,189.68.161.119,189.68.28.86,189.69.130.48,189.69.134.140,189.69.137.72,189.69.88.62,189.7.160.30,189.70.230.240,189.72.55.116,189.77.21.11,189.78.0.84,189.78.117.71,189.78.125.57,189.78.140.112,189.78.146.41,189.78.149.144,189.80.20.189,189.80.228.114,189.81.84.129,189.82.22.49,189.82.97.193,189.96.27.135,189.97.45.99,189.98.190.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (33)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500064; rev:2010;) alert udp [189.59.73.178,189.6.115.251,189.6.120.135,189.61.101.163,189.61.67.240,189.63.203.14,189.68.161.119,189.68.28.86,189.69.130.48,189.69.134.140,189.69.137.72,189.69.88.62,189.7.160.30,189.70.230.240,189.72.55.116,189.77.21.11,189.78.0.84,189.78.117.71,189.78.125.57,189.78.140.112,189.78.146.41,189.78.149.144,189.80.20.189,189.80.228.114,189.81.84.129,189.82.22.49,189.82.97.193,189.96.27.135,189.97.45.99,189.98.190.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (33)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500065; rev:2010;) alert tcp [190.105.63.61,190.107.127.207,190.12.6.2,190.12.62.180,190.12.89.138,190.12.89.184,190.128.229.102,190.128.50.187,190.129.67.20,190.129.69.227,190.131.109.24,190.131.127.58,190.131.21.58,190.131.23.117,190.131.46.149,190.131.93.121,190.131.93.5,190.14.163.197,190.14.164.121,190.14.175.242,190.141.164.148,190.144.224.10,190.144.58.66,190.145.100.110,190.145.11.106,190.145.38.36,190.15.141.101,190.152.182.50,190.152.222.218,190.154.23.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (34)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500066; rev:2010;) alert udp [190.105.63.61,190.107.127.207,190.12.6.2,190.12.62.180,190.12.89.138,190.12.89.184,190.128.229.102,190.128.50.187,190.129.67.20,190.129.69.227,190.131.109.24,190.131.127.58,190.131.21.58,190.131.23.117,190.131.46.149,190.131.93.121,190.131.93.5,190.14.163.197,190.14.164.121,190.14.175.242,190.141.164.148,190.144.224.10,190.144.58.66,190.145.100.110,190.145.11.106,190.145.38.36,190.15.141.101,190.152.182.50,190.152.222.218,190.154.23.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (34)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500067; rev:2010;) alert tcp [190.158.146.21,190.159.208.79,190.160.55.13,190.161.104.222,190.161.74.188,190.163.109.122,190.164.246.80,190.164.97.139,190.17.245.112,190.172.231.2,190.173.246.254,190.174.178.159,190.179.22.49,190.179.73.87,190.184.35.27,190.186.93.184,190.188.40.62,190.188.41.224,190.189.148.215,190.189.160.135,190.190.132.198,190.190.216.31,190.191.179.250,190.193.10.216,190.193.128.211,190.2.44.189,190.20.103.117,190.20.255.186,190.20.36.58,190.20.6.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (35)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500068; rev:2010;) alert udp [190.158.146.21,190.159.208.79,190.160.55.13,190.161.104.222,190.161.74.188,190.163.109.122,190.164.246.80,190.164.97.139,190.17.245.112,190.172.231.2,190.173.246.254,190.174.178.159,190.179.22.49,190.179.73.87,190.184.35.27,190.186.93.184,190.188.40.62,190.188.41.224,190.189.148.215,190.189.160.135,190.190.132.198,190.190.216.31,190.191.179.250,190.193.10.216,190.193.128.211,190.2.44.189,190.20.103.117,190.20.255.186,190.20.36.58,190.20.6.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (35)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500069; rev:2010;) alert tcp [190.20.80.128,190.208.115.161,190.208.120.107,190.208.34.228,190.208.73.21,190.209.102.184,190.209.140.188,190.209.19.21,190.209.253.145,190.209.36.111,190.209.39.191,190.209.40.163,190.209.96.165,190.21.197.52,190.210.58.154,190.210.58.155,190.210.86.66,190.213.38.48,190.220.137.10,190.220.208.222,190.24.23.43,190.244.187.194,190.244.204.244,190.246.140.244,190.247.159.62,190.248.10.146,190.249.58.118,190.25.151.231,190.25.229.74,190.25.75.161] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (36)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500070; rev:2010;) alert udp [190.20.80.128,190.208.115.161,190.208.120.107,190.208.34.228,190.208.73.21,190.209.102.184,190.209.140.188,190.209.19.21,190.209.253.145,190.209.36.111,190.209.39.191,190.209.40.163,190.209.96.165,190.21.197.52,190.210.58.154,190.210.58.155,190.210.86.66,190.213.38.48,190.220.137.10,190.220.208.222,190.24.23.43,190.244.187.194,190.244.204.244,190.246.140.244,190.247.159.62,190.248.10.146,190.249.58.118,190.25.151.231,190.25.229.74,190.25.75.161] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (36)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500071; rev:2010;) alert tcp [190.254.103.11,190.254.194.162,190.254.221.66,190.26.61.95,190.27.194.90,190.27.23.226,190.31.159.17,190.36.154.179,190.37.133.113,190.41.30.76,190.46.52.41,190.47.149.20,190.48.233.243,190.5.204.183,190.5.206.150,190.50.102.210,190.50.8.250,190.51.104.121,190.51.54.82,190.53.227.235,190.54.28.147,190.55.1.188,190.55.137.88,190.55.238.62,190.6.144.44,190.60.237.168,190.68.110.26,190.69.1.14,190.7.29.154,190.76.92.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (37)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500072; rev:2010;) alert udp [190.254.103.11,190.254.194.162,190.254.221.66,190.26.61.95,190.27.194.90,190.27.23.226,190.31.159.17,190.36.154.179,190.37.133.113,190.41.30.76,190.46.52.41,190.47.149.20,190.48.233.243,190.5.204.183,190.5.206.150,190.50.102.210,190.50.8.250,190.51.104.121,190.51.54.82,190.53.227.235,190.54.28.147,190.55.1.188,190.55.137.88,190.55.238.62,190.6.144.44,190.60.237.168,190.68.110.26,190.69.1.14,190.7.29.154,190.76.92.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (37)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500073; rev:2010;) alert tcp [190.79.233.91,190.81.175.42,190.81.177.28,190.81.59.29,190.82.144.73,190.82.170.214,190.82.213.120,190.82.237.57,190.84.165.41,190.9.103.138,190.92.24.39,190.95.104.190,190.95.28.7,190.95.30.136,190.95.72.62,190.95.99.128,192.118.54.19,192.122.131.105,192.167.122.9,192.167.137.10,192.48.184.34,192.50.109.174,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.146.51,193.104.34.69,193.104.94.15,193.104.94.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (38)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500074; rev:2010;) alert udp [190.79.233.91,190.81.175.42,190.81.177.28,190.81.59.29,190.82.144.73,190.82.170.214,190.82.213.120,190.82.237.57,190.84.165.41,190.9.103.138,190.92.24.39,190.95.104.190,190.95.28.7,190.95.30.136,190.95.72.62,190.95.99.128,192.118.54.19,192.122.131.105,192.167.122.9,192.167.137.10,192.48.184.34,192.50.109.174,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.146.51,193.104.34.69,193.104.94.15,193.104.94.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (38)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500075; rev:2010;) alert tcp [193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.25,193.106.65.15,193.109.246.210,193.109.246.227,193.109.246.34,193.110.112.228,193.111.246.102,193.111.49.10,193.126.32.99,193.169.173.12,193.170.221.94,193.171.32.6,193.178.153.252,193.188.254.252,193.194.84.215,193.200.173.55,193.202.110.140,193.230.191.3,193.231.39.65,193.232.159.1,193.238.129.181,193.251.17.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (39)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500076; rev:2010;) alert udp [193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.25,193.106.65.15,193.109.246.210,193.109.246.227,193.109.246.34,193.110.112.228,193.111.246.102,193.111.49.10,193.126.32.99,193.169.173.12,193.170.221.94,193.171.32.6,193.178.153.252,193.188.254.252,193.194.84.215,193.200.173.55,193.202.110.140,193.230.191.3,193.231.39.65,193.232.159.1,193.238.129.181,193.251.17.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (39)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500077; rev:2010;) alert tcp [193.251.184.189,193.36.35.45,193.40.102.84,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.43.134.58,193.47.0.122,193.50.151.71,193.92.255.189,193.95.249.103,194.0.252.231,194.110.67.201,194.110.67.204,194.126.172.90,194.154.71.66,194.170.32.253,194.170.32.254,194.186.88.37,194.187.74.233,194.19.106.10,194.190.139.249,194.204.8.181,194.254.210.90,194.28.112.132,194.28.85.215,194.29.226.107,194.32.151.185,194.44.240.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (40)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500078; rev:2010;) alert udp [193.251.184.189,193.36.35.45,193.40.102.84,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.43.134.58,193.47.0.122,193.50.151.71,193.92.255.189,193.95.249.103,194.0.252.231,194.110.67.201,194.110.67.204,194.126.172.90,194.154.71.66,194.170.32.253,194.170.32.254,194.186.88.37,194.187.74.233,194.19.106.10,194.190.139.249,194.204.8.181,194.254.210.90,194.28.112.132,194.28.85.215,194.29.226.107,194.32.151.185,194.44.240.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (40)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500079; rev:2010;) alert tcp [194.50.85.251,194.67.77.115,194.79.250.28,194.79.250.42,194.85.61.78,195.117.224.135,195.13.190.7,195.137.30.127,195.14.50.8,195.145.57.205,195.149.158.137,195.154.158.18,195.158.183.102,195.16.88.85,195.170.63.150,195.182.57.143,195.182.57.147,195.191.166.246,195.191.25.160,195.194.72.26,195.2.195.195,195.20.197.76,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251,195.210.47.94,195.218.255.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (41)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500080; rev:2010;) alert udp [194.50.85.251,194.67.77.115,194.79.250.28,194.79.250.42,194.85.61.78,195.117.224.135,195.13.190.7,195.137.30.127,195.14.50.8,195.145.57.205,195.149.158.137,195.154.158.18,195.158.183.102,195.16.88.85,195.170.63.150,195.182.57.143,195.182.57.147,195.191.166.246,195.191.25.160,195.194.72.26,195.2.195.195,195.20.197.76,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251,195.210.47.94,195.218.255.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (41)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500081; rev:2010;) alert tcp [195.218.31.37,195.225.196.234,195.228.230.92,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.23.114.1,195.235.210.81,195.238.112.214,195.242.161.206,195.242.161.44,195.250.188.225,195.26.74.167,195.34.78.100,195.42.115.213,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201,195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (42)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500082; rev:2010;) alert udp [195.218.31.37,195.225.196.234,195.228.230.92,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.23.114.1,195.235.210.81,195.238.112.214,195.242.161.206,195.242.161.44,195.250.188.225,195.26.74.167,195.34.78.100,195.42.115.213,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201,195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (42)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500083; rev:2010;) alert tcp [195.5.161.68,195.5.161.72,195.50.132.34,195.50.222.83,195.56.172.204,195.56.207.106,195.60.70.28,195.64.184.15,195.69.251.131,195.76.85.232,195.8.39.199,195.88.33.102,195.90.106.212,195.93.180.252,195.96.246.100,195.98.50.102,196.10.224.242,196.12.36.225,196.2.128.19,196.2.70.3,196.20.78.119,196.217.161.145,196.218.47.219,196.219.222.226,196.25.173.7,196.35.158.183,196.41.2.166,196.41.3.246,196.43.78.226,196.44.161.169] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (43)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500084; rev:2010;) alert udp [195.5.161.68,195.5.161.72,195.50.132.34,195.50.222.83,195.56.172.204,195.56.207.106,195.60.70.28,195.64.184.15,195.69.251.131,195.76.85.232,195.8.39.199,195.88.33.102,195.90.106.212,195.93.180.252,195.96.246.100,195.98.50.102,196.10.224.242,196.12.36.225,196.2.128.19,196.2.70.3,196.20.78.119,196.217.161.145,196.218.47.219,196.219.222.226,196.25.173.7,196.35.158.183,196.41.2.166,196.41.3.246,196.43.78.226,196.44.161.169] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (43)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500085; rev:2010;) alert tcp [196.44.181.136,196.7.36.166,199.216.244.36,200.100.183.249,200.100.8.48,200.104.54.221,200.105.232.253,200.105.234.210,200.107.250.9,200.110.19.218,200.110.232.210,200.111.67.80,200.115.218.230,200.115.225.241,200.115.247.99,200.116.22.72,200.117.131.229,200.117.234.163,200.119.136.35,200.122.98.113,200.123.110.118,200.125.73.33,200.126.80.98,200.126.81.36,200.127.52.19,200.13.254.183,200.138.220.15,200.139.115.54,200.14.86.12,200.145.208.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (44)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500086; rev:2010;) alert udp [196.44.181.136,196.7.36.166,199.216.244.36,200.100.183.249,200.100.8.48,200.104.54.221,200.105.232.253,200.105.234.210,200.107.250.9,200.110.19.218,200.110.232.210,200.111.67.80,200.115.218.230,200.115.225.241,200.115.247.99,200.116.22.72,200.117.131.229,200.117.234.163,200.119.136.35,200.122.98.113,200.123.110.118,200.125.73.33,200.126.80.98,200.126.81.36,200.127.52.19,200.13.254.183,200.138.220.15,200.139.115.54,200.14.86.12,200.145.208.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (44)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500087; rev:2010;) alert tcp [200.150.14.215,200.150.38.138,200.158.165.221,200.162.124.49,200.17.222.114,200.171.225.115,200.175.53.231,200.179.103.143,200.180.72.114,200.181.90.246,200.183.227.150,200.193.129.172,200.195.151.85,200.195.192.45,200.196.48.17,200.206.107.59,200.207.131.118,200.209.149.74,200.21.228.168,200.21.228.182,200.21.7.69,200.213.47.155,200.215.71.2,200.219.151.100,200.225.198.121,200.231.59.9,200.24.102.242,200.24.196.30,200.24.221.83,200.242.107.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (45)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500088; rev:2010;) alert udp [200.150.14.215,200.150.38.138,200.158.165.221,200.162.124.49,200.17.222.114,200.171.225.115,200.175.53.231,200.179.103.143,200.180.72.114,200.181.90.246,200.183.227.150,200.193.129.172,200.195.151.85,200.195.192.45,200.196.48.17,200.206.107.59,200.207.131.118,200.209.149.74,200.21.228.168,200.21.228.182,200.21.7.69,200.213.47.155,200.215.71.2,200.219.151.100,200.225.198.121,200.231.59.9,200.24.102.242,200.24.196.30,200.24.221.83,200.242.107.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (45)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500089; rev:2010;) alert tcp [200.242.162.147,200.242.94.133,200.250.147.10,200.251.56.195,200.253.153.44,200.253.155.72,200.27.107.14,200.27.108.155,200.27.203.50,200.27.57.10,200.29.131.44,200.31.42.3,200.34.142.12,200.36.53.9,200.38.69.244,200.40.191.194,200.42.138.162,200.42.211.7,200.50.100.46,200.50.45.139,200.54.180.242,200.55.198.68,200.55.208.103,200.6.162.31,200.6.189.118,200.6.20.178,200.61.42.145,200.63.98.10,200.68.5.94,200.68.91.137] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (46)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500090; rev:2010;) alert udp [200.242.162.147,200.242.94.133,200.250.147.10,200.251.56.195,200.253.153.44,200.253.155.72,200.27.107.14,200.27.108.155,200.27.203.50,200.27.57.10,200.29.131.44,200.31.42.3,200.34.142.12,200.36.53.9,200.38.69.244,200.40.191.194,200.42.138.162,200.42.211.7,200.50.100.46,200.50.45.139,200.54.180.242,200.55.198.68,200.55.208.103,200.6.162.31,200.6.189.118,200.6.20.178,200.61.42.145,200.63.98.10,200.68.5.94,200.68.91.137] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (46)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500091; rev:2010;) alert tcp [200.69.103.60,200.69.114.190,200.69.142.43,200.71.191.4,200.72.1.94,200.72.34.114,200.73.229.226,200.73.4.179,200.74.244.94,200.75.250.117,200.75.43.152,200.78.231.252,200.8.96.79,200.83.124.211,200.83.235.38,200.88.114.181,200.89.54.206,200.91.28.133,200.93.147.19,200.93.229.194,201.0.181.20,201.0.181.240,201.116.227.202,201.12.151.38,201.12.70.80,201.13.172.188,201.13.179.242,201.13.182.221,201.13.201.44,201.13.206.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (47)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500092; rev:2010;) alert udp [200.69.103.60,200.69.114.190,200.69.142.43,200.71.191.4,200.72.1.94,200.72.34.114,200.73.229.226,200.73.4.179,200.74.244.94,200.75.250.117,200.75.43.152,200.78.231.252,200.8.96.79,200.83.124.211,200.83.235.38,200.88.114.181,200.89.54.206,200.91.28.133,200.93.147.19,200.93.229.194,201.0.181.20,201.0.181.240,201.116.227.202,201.12.151.38,201.12.70.80,201.13.172.188,201.13.179.242,201.13.182.221,201.13.201.44,201.13.206.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (47)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500093; rev:2010;) alert tcp [201.13.33.109,201.13.63.161,201.13.96.237,201.137.0.113,201.144.117.98,201.144.254.14,201.149.10.205,201.15.62.241,201.151.224.179,201.155.195.39,201.158.74.152,201.16.228.107,201.160.131.37,201.160.216.68,201.160.250.97,201.160.94.241,201.160.94.62,201.161.9.118,201.163.145.204,201.166.2.84,201.166.53.126,201.166.60.222,201.167.64.54,201.17.52.29,201.172.169.141,201.174.65.39,201.19.119.48,201.193.206.93,201.20.22.138,201.204.122.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (48)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500094; rev:2010;) alert udp [201.13.33.109,201.13.63.161,201.13.96.237,201.137.0.113,201.144.117.98,201.144.254.14,201.149.10.205,201.15.62.241,201.151.224.179,201.155.195.39,201.158.74.152,201.16.228.107,201.160.131.37,201.160.216.68,201.160.250.97,201.160.94.241,201.160.94.62,201.161.9.118,201.163.145.204,201.166.2.84,201.166.53.126,201.166.60.222,201.167.64.54,201.17.52.29,201.172.169.141,201.174.65.39,201.19.119.48,201.193.206.93,201.20.22.138,201.204.122.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (48)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500095; rev:2010;) alert tcp [201.21.1.194,201.212.134.153,201.212.40.224,201.213.138.186,201.213.221.125,201.213.24.8,201.214.8.68,201.215.186.120,201.216.249.205,201.217.214.51,201.218.247.54,201.218.4.162,201.218.7.186,201.219.10.133,201.219.132.2,201.219.3.225,201.219.62.229,201.222.146.97,201.222.205.129,201.223.201.4,201.223.212.78,201.223.218.68,201.223.221.44,201.223.9.54,201.225.20.244,201.225.226.68,201.229.205.254,201.23.79.162,201.230.107.115,201.231.111.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (49)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500096; rev:2010;) alert udp [201.21.1.194,201.212.134.153,201.212.40.224,201.213.138.186,201.213.221.125,201.213.24.8,201.214.8.68,201.215.186.120,201.216.249.205,201.217.214.51,201.218.247.54,201.218.4.162,201.218.7.186,201.219.10.133,201.219.132.2,201.219.3.225,201.219.62.229,201.222.146.97,201.222.205.129,201.223.201.4,201.223.212.78,201.223.218.68,201.223.221.44,201.223.9.54,201.225.20.244,201.225.226.68,201.229.205.254,201.23.79.162,201.230.107.115,201.231.111.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (49)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500097; rev:2010;) alert tcp [201.232.179.44,201.232.91.36,201.233.205.23,201.236.96.108,201.238.138.133,201.238.198.110,201.24.36.3,201.241.57.166,201.244.137.106,201.244.139.129,201.244.71.206,201.246.141.91,201.246.59.49,201.249.238.100,201.250.169.154,201.250.251.150,201.255.253.67,201.26.15.217,201.26.164.38,201.26.47.142,201.27.154.149,201.27.154.165,201.27.43.41,201.27.52.178,201.27.77.221,201.27.89.93,201.30.32.167,201.33.181.93,201.33.24.105,201.37.206.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (50)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500098; rev:2010;) alert udp [201.232.179.44,201.232.91.36,201.233.205.23,201.236.96.108,201.238.138.133,201.238.198.110,201.24.36.3,201.241.57.166,201.244.137.106,201.244.139.129,201.244.71.206,201.246.141.91,201.246.59.49,201.249.238.100,201.250.169.154,201.250.251.150,201.255.253.67,201.26.15.217,201.26.164.38,201.26.47.142,201.27.154.149,201.27.154.165,201.27.43.41,201.27.52.178,201.27.77.221,201.27.89.93,201.30.32.167,201.33.181.93,201.33.24.105,201.37.206.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (50)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500099; rev:2010;) alert tcp [201.38.138.2,201.41.32.194,201.42.162.158,201.42.211.237,201.43.119.82,201.43.133.98,201.43.166.230,201.43.200.101,201.46.43.33,201.48.87.109,201.48.90.20,201.54.226.85,201.57.207.67,201.58.60.35,201.59.159.53,201.6.106.227,201.6.145.203,201.62.188.75,201.63.34.211,201.65.225.153,201.65.24.142,201.65.95.68,201.68.110.116,201.68.127.225,201.68.142.89,201.68.161.96,201.68.168.180,201.68.170.92,201.68.173.100,201.68.212.124] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (51)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500100; rev:2010;) alert udp [201.38.138.2,201.41.32.194,201.42.162.158,201.42.211.237,201.43.119.82,201.43.133.98,201.43.166.230,201.43.200.101,201.46.43.33,201.48.87.109,201.48.90.20,201.54.226.85,201.57.207.67,201.58.60.35,201.59.159.53,201.6.106.227,201.6.145.203,201.62.188.75,201.63.34.211,201.65.225.153,201.65.24.142,201.65.95.68,201.68.110.116,201.68.127.225,201.68.142.89,201.68.161.96,201.68.168.180,201.68.170.92,201.68.173.100,201.68.212.124] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (51)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500101; rev:2010;) alert tcp [201.68.230.158,201.68.36.76,201.68.48.197,201.68.52.52,201.68.67.23,201.68.95.210,201.71.131.4,201.71.49.10,201.73.187.100,201.76.133.110,201.76.180.102,201.76.22.124,201.77.76.108,201.86.212.189,201.92.10.196,201.92.215.230,201.92.235.65,201.92.238.170,201.92.68.3,201.92.79.122,201.93.158.222,201.93.197.246,201.93.209.248,201.95.187.72,201.95.19.28,201.95.28.82,201.95.70.253,201.95.70.42,201.95.8.123,201.95.82.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (52)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500102; rev:2010;) alert udp [201.68.230.158,201.68.36.76,201.68.48.197,201.68.52.52,201.68.67.23,201.68.95.210,201.71.131.4,201.71.49.10,201.73.187.100,201.76.133.110,201.76.180.102,201.76.22.124,201.77.76.108,201.86.212.189,201.92.10.196,201.92.215.230,201.92.235.65,201.92.238.170,201.92.68.3,201.92.79.122,201.93.158.222,201.93.197.246,201.93.209.248,201.95.187.72,201.95.19.28,201.95.28.82,201.95.70.253,201.95.70.42,201.95.8.123,201.95.82.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (52)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500103; rev:2010;) alert tcp [201.95.92.156,202.100.108.25,202.100.85.17,202.101.36.65,202.102.108.42,202.102.233.29,202.102.95.211,202.103.168.113,202.106.185.227,202.107.228.137,202.107.228.179,202.107.233.163,202.107.248.167,202.108.100.196,202.108.39.160,202.110.72.106,202.111.175.176,202.117.3.30,202.120.111.110,202.120.126.33,202.120.126.34,202.120.143.135,202.123.240.14,202.126.44.9,202.129.196.60,202.129.32.167,202.136.120.7,202.137.21.100,202.137.26.114,202.141.128.119] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (53)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500104; rev:2010;) alert udp [201.95.92.156,202.100.108.25,202.100.85.17,202.101.36.65,202.102.108.42,202.102.233.29,202.102.95.211,202.103.168.113,202.106.185.227,202.107.228.137,202.107.228.179,202.107.233.163,202.107.248.167,202.108.100.196,202.108.39.160,202.110.72.106,202.111.175.176,202.117.3.30,202.120.111.110,202.120.126.33,202.120.126.34,202.120.143.135,202.123.240.14,202.126.44.9,202.129.196.60,202.129.32.167,202.136.120.7,202.137.21.100,202.137.26.114,202.141.128.119] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (53)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500105; rev:2010;) alert tcp [202.141.148.99,202.153.232.84,202.153.39.73,202.155.39.70,202.157.4.223,202.159.18.194,202.160.120.195,202.162.214.106,202.162.220.53,202.163.170.148,202.163.187.41,202.163.72.106,202.165.187.133,202.169.196.194,202.169.39.92,202.169.54.157,202.169.76.237,202.170.67.34,202.172.18.120,202.172.41.39,202.177.204.11,202.181.232.182,202.183.167.247,202.187.239.208,202.194.15.192,202.196.160.16,202.201.14.232,202.201.14.252,202.207.192.110,202.209.206.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (54)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500106; rev:2010;) alert udp [202.141.148.99,202.153.232.84,202.153.39.73,202.155.39.70,202.157.4.223,202.159.18.194,202.160.120.195,202.162.214.106,202.162.220.53,202.163.170.148,202.163.187.41,202.163.72.106,202.165.187.133,202.169.196.194,202.169.39.92,202.169.54.157,202.169.76.237,202.170.67.34,202.172.18.120,202.172.41.39,202.177.204.11,202.181.232.182,202.183.167.247,202.187.239.208,202.194.15.192,202.196.160.16,202.201.14.232,202.201.14.252,202.207.192.110,202.209.206.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (54)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500107; rev:2010;) alert tcp [202.212.80.62,202.213.156.232,202.225.50.64,202.231.34.214,202.238.97.4,202.28.248.242,202.29.18.240,202.3.217.125,202.4.112.106,202.43.177.78,202.43.35.12,202.43.44.4,202.53.224.253,202.54.158.57,202.54.61.99,202.57.42.162,202.63.106.120,202.63.96.22,202.64.155.152,202.65.134.180,202.69.15.126,202.70.136.97,202.70.36.242,202.71.101.62,202.71.103.140,202.71.136.151,202.71.251.46,202.75.63.50,202.76.158.24,202.78.217.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (55)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500108; rev:2010;) alert udp [202.212.80.62,202.213.156.232,202.225.50.64,202.231.34.214,202.238.97.4,202.28.248.242,202.29.18.240,202.3.217.125,202.4.112.106,202.43.177.78,202.43.35.12,202.43.44.4,202.53.224.253,202.54.158.57,202.54.61.99,202.57.42.162,202.63.106.120,202.63.96.22,202.64.155.152,202.65.134.180,202.69.15.126,202.70.136.97,202.70.36.242,202.71.101.62,202.71.103.140,202.71.136.151,202.71.251.46,202.75.63.50,202.76.158.24,202.78.217.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (55)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500109; rev:2010;) alert tcp [202.79.202.134,202.79.217.218,202.79.217.220,202.85.222.196,202.87.33.200,202.88.238.170,202.90.158.63,202.96.1.26,202.96.155.72,202.97.134.71,202.98.29.234,202.99.172.179,202.99.29.27,202.99.63.4,202.99.82.69,203.101.103.227,203.107.154.16,203.110.245.250,203.110.81.13,203.113.122.74,203.113.130.203,203.114.102.4,203.114.219.209,203.114.227.94,203.122.17.146,203.123.189.44,203.125.9.82,203.126.53.110,203.128.89.14,203.129.203.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (56)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500110; rev:2010;) alert udp [202.79.202.134,202.79.217.218,202.79.217.220,202.85.222.196,202.87.33.200,202.88.238.170,202.90.158.63,202.96.1.26,202.96.155.72,202.97.134.71,202.98.29.234,202.99.172.179,202.99.29.27,202.99.63.4,202.99.82.69,203.101.103.227,203.107.154.16,203.110.245.250,203.110.81.13,203.113.122.74,203.113.130.203,203.114.102.4,203.114.219.209,203.114.227.94,203.122.17.146,203.123.189.44,203.125.9.82,203.126.53.110,203.128.89.14,203.129.203.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (56)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500111; rev:2010;) alert tcp [203.130.205.73,203.130.242.207,203.138.232.157,203.140.215.115,203.141.142.203,203.142.65.115,203.142.65.118,203.143.119.196,203.147.4.68,203.150.221.135,203.150.224.159,203.150.228.183,203.157.177.11,203.160.56.150,203.162.35.103,203.165.32.201,203.171.30.106,203.172.165.68,203.172.204.252,203.175.18.113,203.177.16.172,203.177.89.210,203.183.65.185,203.185.50.59,203.187.197.81,203.187.199.126,203.187.208.51,203.187.211.120,203.187.254.66,203.188.255.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (57)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500112; rev:2010;) alert udp [203.130.205.73,203.130.242.207,203.138.232.157,203.140.215.115,203.141.142.203,203.142.65.115,203.142.65.118,203.143.119.196,203.147.4.68,203.150.221.135,203.150.224.159,203.150.228.183,203.157.177.11,203.160.56.150,203.162.35.103,203.165.32.201,203.171.30.106,203.172.165.68,203.172.204.252,203.175.18.113,203.177.16.172,203.177.89.210,203.183.65.185,203.185.50.59,203.187.197.81,203.187.199.126,203.187.208.51,203.187.211.120,203.187.254.66,203.188.255.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (57)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500113; rev:2010;) alert tcp [203.194.98.213,203.197.118.95,203.197.126.118,203.198.129.106,203.198.79.20,203.199.200.86,203.200.137.45,203.200.166.34,203.206.233.211,203.211.129.205,203.211.45.142,203.217.144.10,203.217.177.4,203.221.216.190,203.223.131.29,203.223.188.152,203.230.9.197,203.231.35.40,203.234.220.187,203.234.75.14,203.235.212.154,203.236.210.210,203.237.66.71,203.240.203.30,203.246.44.35,203.252.182.23,203.254.170.81,203.64.208.172,203.64.208.173,203.64.208.174] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (58)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500114; rev:2010;) alert udp [203.194.98.213,203.197.118.95,203.197.126.118,203.198.129.106,203.198.79.20,203.199.200.86,203.200.137.45,203.200.166.34,203.206.233.211,203.211.129.205,203.211.45.142,203.217.144.10,203.217.177.4,203.221.216.190,203.223.131.29,203.223.188.152,203.230.9.197,203.231.35.40,203.234.220.187,203.234.75.14,203.235.212.154,203.236.210.210,203.237.66.71,203.240.203.30,203.246.44.35,203.252.182.23,203.254.170.81,203.64.208.172,203.64.208.173,203.64.208.174] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (58)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500115; rev:2010;) alert tcp [203.64.208.175,203.66.135.50,203.70.146.109,203.76.98.22,203.79.125.143,203.79.232.35,203.81.81.36,203.83.112.215,203.86.41.25,203.86.46.202,203.86.48.53,203.90.136.108,203.90.136.76,203.98.116.54,203.98.181.132,204.108.14.127,204.112.158.139,204.12.250.34,204.186.26.126,204.215.65.203,204.238.82.17,204.244.123.8,204.51.98.46,204.92.123.118,205.134.252.251,205.178.189.129,205.234.243.220,205.242.219.108,206.107.220.92,206.125.46.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (59)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500116; rev:2010;) alert udp [203.64.208.175,203.66.135.50,203.70.146.109,203.76.98.22,203.79.125.143,203.79.232.35,203.81.81.36,203.83.112.215,203.86.41.25,203.86.46.202,203.86.48.53,203.90.136.108,203.90.136.76,203.98.116.54,203.98.181.132,204.108.14.127,204.112.158.139,204.12.250.34,204.186.26.126,204.215.65.203,204.238.82.17,204.244.123.8,204.51.98.46,204.92.123.118,205.134.252.251,205.178.189.129,205.234.243.220,205.242.219.108,206.107.220.92,206.125.46.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (59)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500117; rev:2010;) alert tcp [206.173.123.172,206.225.11.2,206.51.232.210,206.74.118.63,207.112.121.224,207.118.4.221,207.126.167.55,207.136.202.67,207.179.103.60,207.182.140.197,207.182.98.11,207.189.231.12,207.191.191.21,207.210.83.143,207.210.83.178,207.241.240.41,207.248.228.226,207.35.172.214,207.47.9.4,207.47.96.254,207.55.247.216,207.58.132.114,207.58.177.96,207.6.56.185,207.61.241.100,207.70.158.87,208.100.3.12,208.101.19.98,208.101.9.140,208.110.72.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (60)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500118; rev:2010;) alert udp [206.173.123.172,206.225.11.2,206.51.232.210,206.74.118.63,207.112.121.224,207.118.4.221,207.126.167.55,207.136.202.67,207.179.103.60,207.182.140.197,207.182.98.11,207.189.231.12,207.191.191.21,207.210.83.143,207.210.83.178,207.241.240.41,207.248.228.226,207.35.172.214,207.47.9.4,207.47.96.254,207.55.247.216,207.58.132.114,207.58.177.96,207.6.56.185,207.61.241.100,207.70.158.87,208.100.3.12,208.101.19.98,208.101.9.140,208.110.72.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (60)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500119; rev:2010;) alert tcp [208.110.86.246,208.111.39.110,208.111.39.248,208.116.233.21,208.17.74.32,208.176.232.85,208.2.135.10,208.4.181.28,208.4.80.37,208.57.154.144,208.71.129.216,208.71.169.136,208.71.89.218,208.73.210.28,208.73.36.18,208.74.160.105,208.78.242.184,208.82.108.36,208.82.117.89,208.87.1.213,208.87.79.209,208.89.215.144,208.96.213.149,209.104.199.92,209.117.137.218,209.124.47.27,209.124.50.16,209.160.33.15,209.172.55.186,209.172.57.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (61)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500120; rev:2010;) alert udp [208.110.86.246,208.111.39.110,208.111.39.248,208.116.233.21,208.17.74.32,208.176.232.85,208.2.135.10,208.4.181.28,208.4.80.37,208.57.154.144,208.71.129.216,208.71.169.136,208.71.89.218,208.73.210.28,208.73.36.18,208.74.160.105,208.78.242.184,208.82.108.36,208.82.117.89,208.87.1.213,208.87.79.209,208.89.215.144,208.96.213.149,209.104.199.92,209.117.137.218,209.124.47.27,209.124.50.16,209.160.33.15,209.172.55.186,209.172.57.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (61)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500121; rev:2010;) alert tcp [209.172.59.131,209.177.229.74,209.190.73.87,209.206.227.238,209.211.7.1,209.216.203.192,209.237.226.14,209.45.40.174,209.51.195.117,209.59.216.180,209.59.221.180,209.62.91.98,210.0.201.114,210.1.31.83,210.105.102.98,210.112.101.96,210.115.47.189,210.116.103.118,210.118.74.155,210.13.77.66,210.131.96.105,210.135.84.186,210.15.238.82,210.17.16.105,210.17.246.30,210.171.29.144,210.171.29.78,210.174.30.209,210.175.243.52,210.187.51.36] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (62)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500122; rev:2010;) alert udp [209.172.59.131,209.177.229.74,209.190.73.87,209.206.227.238,209.211.7.1,209.216.203.192,209.237.226.14,209.45.40.174,209.51.195.117,209.59.216.180,209.59.221.180,209.62.91.98,210.0.201.114,210.1.31.83,210.105.102.98,210.112.101.96,210.115.47.189,210.116.103.118,210.118.74.155,210.13.77.66,210.131.96.105,210.135.84.186,210.15.238.82,210.17.16.105,210.17.246.30,210.171.29.144,210.171.29.78,210.174.30.209,210.175.243.52,210.187.51.36] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (62)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500123; rev:2010;) alert tcp [210.187.51.38,210.187.51.56,210.188.216.91,210.188.25.16,210.19.202.202,210.194.238.176,210.202.34.161,210.203.194.156,210.205.6.42,210.207.102.149,210.21.220.84,210.21.221.156,210.211.98.57,210.212.216.228,210.213.241.18,210.217.3.66,210.22.108.78,210.22.13.45,210.225.214.30,210.233.69.234,210.236.94.241,210.240.125.5,210.240.134.144,210.242.175.71,210.245.84.3,210.251.177.171,210.26.48.33,210.27.80.28,210.4.125.176,210.48.149.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (63)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500124; rev:2010;) alert udp [210.187.51.38,210.187.51.56,210.188.216.91,210.188.25.16,210.19.202.202,210.194.238.176,210.202.34.161,210.203.194.156,210.205.6.42,210.207.102.149,210.21.220.84,210.21.221.156,210.211.98.57,210.212.216.228,210.213.241.18,210.217.3.66,210.22.108.78,210.22.13.45,210.225.214.30,210.233.69.234,210.236.94.241,210.240.125.5,210.240.134.144,210.242.175.71,210.245.84.3,210.251.177.171,210.26.48.33,210.27.80.28,210.4.125.176,210.48.149.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (63)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500125; rev:2010;) alert tcp [210.51.166.225,210.51.17.222,210.51.180.212,210.51.184.105,210.51.187.193,210.51.225.185,210.51.47.167,210.51.57.252,210.60.63.28,210.68.243.46,210.70.162.20,210.75.18.38,210.75.215.5,210.82.49.53,211.100.30.157,211.101.19.9,211.103.244.179,211.106.104.3,211.106.179.2,211.109.179.47,211.110.60.3,211.115.125.130,211.116.156.118,211.12.212.215,211.124.93.32,211.13.127.193,211.138.85.34,211.142.248.21,211.144.110.138,211.144.132.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (64)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500126; rev:2010;) alert udp [210.51.166.225,210.51.17.222,210.51.180.212,210.51.184.105,210.51.187.193,210.51.225.185,210.51.47.167,210.51.57.252,210.60.63.28,210.68.243.46,210.70.162.20,210.75.18.38,210.75.215.5,210.82.49.53,211.100.30.157,211.101.19.9,211.103.244.179,211.106.104.3,211.106.179.2,211.109.179.47,211.110.60.3,211.115.125.130,211.116.156.118,211.12.212.215,211.124.93.32,211.13.127.193,211.138.85.34,211.142.248.21,211.144.110.138,211.144.132.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (64)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500127; rev:2010;) alert tcp [211.144.136.44,211.144.158.130,211.144.207.44,211.144.95.7,211.148.1.19,211.151.67.81,211.151.67.82,211.151.79.100,211.152.35.61,211.152.55.194,211.154.133.20,211.154.142.153,211.154.145.152,211.154.215.174,211.154.43.11,211.155.229.130,211.156.193.87,211.16.227.25,211.162.68.107,211.174.61.80,211.191.168.107,211.191.168.223,211.191.168.25,211.202.2.229,211.206.120.177,211.21.155.187,211.210.38.112,211.210.38.94,211.220.146.217,211.220.195.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (65)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500128; rev:2010;) alert udp [211.144.136.44,211.144.158.130,211.144.207.44,211.144.95.7,211.148.1.19,211.151.67.81,211.151.67.82,211.151.79.100,211.152.35.61,211.152.55.194,211.154.133.20,211.154.142.153,211.154.145.152,211.154.215.174,211.154.43.11,211.155.229.130,211.156.193.87,211.16.227.25,211.162.68.107,211.174.61.80,211.191.168.107,211.191.168.223,211.191.168.25,211.202.2.229,211.206.120.177,211.21.155.187,211.210.38.112,211.210.38.94,211.220.146.217,211.220.195.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (65)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500129; rev:2010;) alert tcp [211.223.140.23,211.227.76.253,211.232.105.19,211.233.38.86,211.233.66.45,211.234.119.3,211.234.119.56,211.234.119.8,211.234.122.134,211.235.245.121,211.236.174.172,211.237.24.241,211.237.38.115,211.25.254.234,211.254.130.116,211.40.193.5,211.43.195.170,211.47.189.21,211.62.35.223,211.72.160.156,211.72.229.49,211.78.18.90,211.86.56.192,211.88.20.15,211.92.40.42,211.94.156.169,211.94.189.120,212.1.248.30,212.103.194.188,212.107.137.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (66)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500130; rev:2010;) alert udp [211.223.140.23,211.227.76.253,211.232.105.19,211.233.38.86,211.233.66.45,211.234.119.3,211.234.119.56,211.234.119.8,211.234.122.134,211.235.245.121,211.236.174.172,211.237.24.241,211.237.38.115,211.25.254.234,211.254.130.116,211.40.193.5,211.43.195.170,211.47.189.21,211.62.35.223,211.72.160.156,211.72.229.49,211.78.18.90,211.86.56.192,211.88.20.15,211.92.40.42,211.94.156.169,211.94.189.120,212.1.248.30,212.103.194.188,212.107.137.34] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (66)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500131; rev:2010;) alert tcp [212.112.114.130,212.117.165.219,212.117.174.163,212.117.187.10,212.117.4.235,212.117.9.82,212.124.175.131,212.128.144.98,212.13.195.55,212.142.104.137,212.146.68.64,212.150.123.120,212.150.176.98,212.152.111.117,212.154.153.88,212.154.211.207,212.156.65.78,212.156.70.146,212.166.231.96,212.166.63.125,212.174.252.40,212.186.161.12,212.19.8.189,212.191.90.142,212.193.230.207,212.199.103.94,212.202.124.69,212.202.87.195,212.21.20.78,212.21.6.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (67)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500132; rev:2010;) alert udp [212.112.114.130,212.117.165.219,212.117.174.163,212.117.187.10,212.117.4.235,212.117.9.82,212.124.175.131,212.128.144.98,212.13.195.55,212.142.104.137,212.146.68.64,212.150.123.120,212.150.176.98,212.152.111.117,212.154.153.88,212.154.211.207,212.156.65.78,212.156.70.146,212.166.231.96,212.166.63.125,212.174.252.40,212.186.161.12,212.19.8.189,212.191.90.142,212.193.230.207,212.199.103.94,212.202.124.69,212.202.87.195,212.21.20.78,212.21.6.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (67)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500133; rev:2010;) alert tcp [212.225.244.92,212.230.185.152,212.235.82.4,212.244.249.103,212.244.27.250,212.244.6.200,212.25.72.185,212.251.139.217,212.251.177.57,212.252.32.68,212.252.32.69,212.252.32.71,212.33.27.26,212.33.72.201,212.43.245.234,212.46.128.9,212.51.223.139,212.60.66.203,212.61.228.162,212.62.112.140,212.73.128.138,212.73.54.154,212.86.41.30,212.90.163.154,212.91.166.140,212.95.54.216,212.96.47.151,212.96.47.22,213.114.174.113,213.128.67.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (68)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500134; rev:2010;) alert udp [212.225.244.92,212.230.185.152,212.235.82.4,212.244.249.103,212.244.27.250,212.244.6.200,212.25.72.185,212.251.139.217,212.251.177.57,212.252.32.68,212.252.32.69,212.252.32.71,212.33.27.26,212.33.72.201,212.43.245.234,212.46.128.9,212.51.223.139,212.60.66.203,212.61.228.162,212.62.112.140,212.73.128.138,212.73.54.154,212.86.41.30,212.90.163.154,212.91.166.140,212.95.54.216,212.96.47.151,212.96.47.22,213.114.174.113,213.128.67.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (68)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500135; rev:2010;) alert tcp [213.128.82.135,213.144.99.113,213.146.180.253,213.149.138.43,213.150.107.74,213.151.175.136,213.155.24.236,213.157.70.41,213.16.105.133,213.163.35.114,213.165.79.73,213.171.53.19,213.172.36.130,213.175.203.74,213.178.224.168,213.179.142.117,213.180.77.102,213.180.89.204,213.180.92.170,213.184.192.82,213.186.33.87,213.188.200.44,213.192.6.30,213.193.231.204,213.202.225.90,213.210.87.237,213.218.142.201,213.228.226.54,213.232.110.183,213.232.24.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (69)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500136; rev:2010;) alert udp [213.128.82.135,213.144.99.113,213.146.180.253,213.149.138.43,213.150.107.74,213.151.175.136,213.155.24.236,213.157.70.41,213.16.105.133,213.163.35.114,213.165.79.73,213.171.53.19,213.172.36.130,213.175.203.74,213.178.224.168,213.179.142.117,213.180.77.102,213.180.89.204,213.180.92.170,213.184.192.82,213.186.33.87,213.188.200.44,213.192.6.30,213.193.231.204,213.202.225.90,213.210.87.237,213.218.142.201,213.228.226.54,213.232.110.183,213.232.24.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (69)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500137; rev:2010;) alert tcp [213.239.213.81,213.239.216.190,213.242.100.252,213.246.196.11,213.248.70.250,213.252.174.51,213.29.58.52,213.5.65.169,213.5.65.200,213.6.229.46,213.80.73.45,213.81.135.106,213.82.56.66,213.92.109.64,213.97.40.36,213.98.87.199,216.1.10.228,216.103.65.60,216.107.124.165,216.109.73.21,216.12.207.250,216.121.5.180,216.127.170.50,216.129.106.89,216.139.181.67,216.14.115.44,216.162.203.193,216.167.179.37,216.167.238.32,216.187.185.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (70)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500138; rev:2010;) alert udp [213.239.213.81,213.239.216.190,213.242.100.252,213.246.196.11,213.248.70.250,213.252.174.51,213.29.58.52,213.5.65.169,213.5.65.200,213.6.229.46,213.80.73.45,213.81.135.106,213.82.56.66,213.92.109.64,213.97.40.36,213.98.87.199,216.1.10.228,216.103.65.60,216.107.124.165,216.109.73.21,216.12.207.250,216.121.5.180,216.127.170.50,216.129.106.89,216.139.181.67,216.14.115.44,216.162.203.193,216.167.179.37,216.167.238.32,216.187.185.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (70)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500139; rev:2010;) alert tcp [216.187.95.134,216.205.103.46,216.206.242.200,216.218.207.155,216.24.163.135,216.240.180.195,216.250.243.62,216.40.33.31,216.46.131.246,216.55.143.239,216.55.164.20,216.58.80.54,216.83.51.180,216.86.207.27,217.11.253.210,217.112.118.194,217.112.135.3,217.113.129.100,217.113.131.204,217.113.138.17,217.114.210.190,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.117.28.119,217.118.181.118,217.119.124.43,217.119.124.50,217.120.19.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (71)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500140; rev:2010;) alert udp [216.187.95.134,216.205.103.46,216.206.242.200,216.218.207.155,216.24.163.135,216.240.180.195,216.250.243.62,216.40.33.31,216.46.131.246,216.55.143.239,216.55.164.20,216.58.80.54,216.83.51.180,216.86.207.27,217.11.253.210,217.112.118.194,217.112.135.3,217.113.129.100,217.113.131.204,217.113.138.17,217.114.210.190,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.117.28.119,217.118.181.118,217.119.124.43,217.119.124.50,217.120.19.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (71)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500141; rev:2010;) alert tcp [217.127.105.46,217.127.157.42,217.127.167.90,217.127.71.155,217.128.229.129,217.13.196.152,217.132.65.9,217.139.134.107,217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.147.44.187,217.148.216.6,217.148.84.181,217.149.245.166,217.15.117.102,217.151.118.19,217.151.135.192,217.151.135.77,217.16.28.65,217.16.83.178,217.160.171.207,217.162.117.185,217.162.204.57,217.162.224.124,217.162.34.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (72)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500142; rev:2010;) alert udp [217.127.105.46,217.127.157.42,217.127.167.90,217.127.71.155,217.128.229.129,217.13.196.152,217.132.65.9,217.139.134.107,217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.147.44.187,217.148.216.6,217.148.84.181,217.149.245.166,217.15.117.102,217.151.118.19,217.151.135.192,217.151.135.77,217.16.28.65,217.16.83.178,217.160.171.207,217.162.117.185,217.162.204.57,217.162.224.124,217.162.34.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (72)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500143; rev:2010;) alert tcp [217.162.35.92,217.162.54.59,217.165.236.245,217.165.6.27,217.165.94.34,217.166.58.100,217.169.15.53,217.171.129.66,217.173.26.248,217.174.103.232,217.174.104.187,217.175.10.207,217.175.33.42,217.175.43.165,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83,217.195.17.3,217.196.160.50,217.196.166.138,217.196.213.103,217.197.241.56,217.197.249.50,217.198.115.18,217.198.210.230,217.20.47.86,217.201.107.239,217.201.14.23,217.201.158.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (73)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500144; rev:2010;) alert udp [217.162.35.92,217.162.54.59,217.165.236.245,217.165.6.27,217.165.94.34,217.166.58.100,217.169.15.53,217.171.129.66,217.173.26.248,217.174.103.232,217.174.104.187,217.175.10.207,217.175.33.42,217.175.43.165,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83,217.195.17.3,217.196.160.50,217.196.166.138,217.196.213.103,217.197.241.56,217.197.249.50,217.198.115.18,217.198.210.230,217.20.47.86,217.201.107.239,217.201.14.23,217.201.158.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (73)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500145; rev:2010;) alert tcp [217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.207.217.148,217.216.65.110,217.216.65.8,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.83.174,217.218.98.254,217.219.115.151,217.219.211.85,217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.231.230.238] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (74)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500146; rev:2010;) alert udp [217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.207.217.148,217.216.65.110,217.216.65.8,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.83.174,217.218.98.254,217.219.115.151,217.219.211.85,217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.231.230.238] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (74)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500147; rev:2010;) alert tcp [217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.24.125.134,217.24.240.102,217.24.240.68,217.243.191.229,217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.227.130,217.253.184.197,217.255.212.221,217.29.93.66,217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.56.105.26,217.63.66.133,217.64.25.111,217.64.28.55] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (75)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500148; rev:2010;) alert udp [217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.24.125.134,217.24.240.102,217.24.240.68,217.243.191.229,217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.227.130,217.253.184.197,217.255.212.221,217.29.93.66,217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.56.105.26,217.63.66.133,217.64.25.111,217.64.28.55] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (75)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500149; rev:2010;) alert tcp [217.64.29.234,217.67.22.144,217.68.171.13,217.68.173.23,217.70.51.79,217.71.167.229,217.72.154.52,217.72.249.198,217.76.92.24,217.79.189.239,217.79.93.196,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166,217.83.103.152,217.85.179.191,217.87.201.186,217.87.97.1,217.91.102.84,217.91.63.216,217.92.52.205,217.92.59.216,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.165.73,218.0.1.3,218.1.69.241] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (76)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500150; rev:2010;) alert udp [217.64.29.234,217.67.22.144,217.68.171.13,217.68.173.23,217.70.51.79,217.71.167.229,217.72.154.52,217.72.249.198,217.76.92.24,217.79.189.239,217.79.93.196,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166,217.83.103.152,217.85.179.191,217.87.201.186,217.87.97.1,217.91.102.84,217.91.63.216,217.92.52.205,217.92.59.216,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.165.73,218.0.1.3,218.1.69.241] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (76)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500151; rev:2010;) alert tcp [218.101.6.204,218.104.207.110,218.106.246.202,218.106.246.65,218.108.0.77,218.108.234.208,218.108.235.86,218.12.198.70,218.14.203.205,218.145.128.230,218.145.31.34,218.149.128.214,218.16.122.239,218.16.143.53,218.163.177.245,218.163.92.217,218.169.81.77,218.18.9.155,218.189.173.47,218.19.140.4,218.2.129.43,218.201.150.75,218.201.150.78,218.203.185.125,218.206.170.134,218.206.224.134,218.208.209.94,218.21.240.105,218.216.75.100,218.22.180.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (77)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500152; rev:2010;) alert udp [218.101.6.204,218.104.207.110,218.106.246.202,218.106.246.65,218.108.0.77,218.108.234.208,218.108.235.86,218.12.198.70,218.14.203.205,218.145.128.230,218.145.31.34,218.149.128.214,218.16.122.239,218.16.143.53,218.163.177.245,218.163.92.217,218.169.81.77,218.18.9.155,218.189.173.47,218.19.140.4,218.2.129.43,218.201.150.75,218.201.150.78,218.203.185.125,218.206.170.134,218.206.224.134,218.208.209.94,218.21.240.105,218.216.75.100,218.22.180.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (77)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500153; rev:2010;) alert tcp [218.22.21.11,218.220.3.31,218.220.66.211,218.222.16.112,218.225.67.152,218.228.151.225,218.234.21.57,218.236.58.165,218.237.65.13,218.240.28.46,218.240.28.7,218.240.40.25,218.240.43.149,218.241.138.231,218.241.139.67,218.241.157.30,218.241.158.18,218.241.181.132,218.242.7.2,218.244.176.35,218.248.42.133,218.25.89.40,218.25.99.135,218.251.29.144,218.251.32.117,218.26.115.54,218.26.117.113,218.28.221.103,218.29.86.86,218.29.97.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (78)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500154; rev:2010;) alert udp [218.22.21.11,218.220.3.31,218.220.66.211,218.222.16.112,218.225.67.152,218.228.151.225,218.234.21.57,218.236.58.165,218.237.65.13,218.240.28.46,218.240.28.7,218.240.40.25,218.240.43.149,218.241.138.231,218.241.139.67,218.241.157.30,218.241.158.18,218.241.181.132,218.242.7.2,218.244.176.35,218.248.42.133,218.25.89.40,218.25.99.135,218.251.29.144,218.251.32.117,218.26.115.54,218.26.117.113,218.28.221.103,218.29.86.86,218.29.97.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (78)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500155; rev:2010;) alert tcp [218.29.97.209,218.3.166.194,218.38.136.38,218.38.16.66,218.38.18.159,218.38.19.252,218.4.157.178,218.4.205.201,218.41.60.118,218.43.197.215,218.44.119.188,218.44.36.109,218.45.55.220,218.47.238.108,218.5.64.100,218.50.190.60,218.52.60.54,218.55.227.178,218.56.32.108,218.6.15.29,218.6.16.133,218.60.1.95,218.63.241.157,218.64.215.239,218.64.5.131,218.64.53.176,218.69.106.52,218.69.248.24,218.70.66.187,218.75.22.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (79)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500156; rev:2010;) alert udp [218.29.97.209,218.3.166.194,218.38.136.38,218.38.16.66,218.38.18.159,218.38.19.252,218.4.157.178,218.4.205.201,218.41.60.118,218.43.197.215,218.44.119.188,218.44.36.109,218.45.55.220,218.47.238.108,218.5.64.100,218.50.190.60,218.52.60.54,218.55.227.178,218.56.32.108,218.6.15.29,218.6.16.133,218.60.1.95,218.63.241.157,218.64.215.239,218.64.5.131,218.64.53.176,218.69.106.52,218.69.248.24,218.70.66.187,218.75.22.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (79)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500157; rev:2010;) alert tcp [218.75.79.18,218.75.79.19,218.76.215.174,218.78.209.253,218.8.245.165,218.8.82.99,218.80.244.42,218.83.160.76,218.87.32.248,218.90.174.146,218.90.183.190,218.93.18.163,218.93.205.118,218.93.205.205,218.93.248.112,218.93.9.237,218.94.11.45,218.97.194.94,219.110.175.102,219.111.16.42,219.115.27.120,219.117.230.241,219.117.236.182,219.117.237.180,219.122.209.251,219.122.229.172,219.133.59.40,219.139.243.236,219.140.173.216,219.140.177.101] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (80)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500158; rev:2010;) alert udp [218.75.79.18,218.75.79.19,218.76.215.174,218.78.209.253,218.8.245.165,218.8.82.99,218.80.244.42,218.83.160.76,218.87.32.248,218.90.174.146,218.90.183.190,218.93.18.163,218.93.205.118,218.93.205.205,218.93.248.112,218.93.9.237,218.94.11.45,218.97.194.94,219.110.175.102,219.111.16.42,219.115.27.120,219.117.230.241,219.117.236.182,219.117.237.180,219.122.209.251,219.122.229.172,219.133.59.40,219.139.243.236,219.140.173.216,219.140.177.101] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (80)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500159; rev:2010;) alert tcp [219.142.121.43,219.142.69.203,219.143.116.159,219.143.208.17,219.143.33.158,219.143.35.173,219.143.38.232,219.143.38.233,219.147.134.22,219.147.255.179,219.147.9.114,219.148.34.95,219.149.43.254,219.150.144.58,219.154.210.118,219.154.210.76,219.159.77.90,219.160.25.50,219.160.250.95,219.165.195.56,219.218.160.80,219.228.15.34,219.232.237.151,219.234.133.138,219.235.227.73,219.235.4.123,219.237.201.88,219.238.129.26,219.238.147.45,219.240.39.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (81)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500160; rev:2010;) alert udp [219.142.121.43,219.142.69.203,219.143.116.159,219.143.208.17,219.143.33.158,219.143.35.173,219.143.38.232,219.143.38.233,219.147.134.22,219.147.255.179,219.147.9.114,219.148.34.95,219.149.43.254,219.150.144.58,219.154.210.118,219.154.210.76,219.159.77.90,219.160.25.50,219.160.250.95,219.165.195.56,219.218.160.80,219.228.15.34,219.232.237.151,219.234.133.138,219.235.227.73,219.235.4.123,219.237.201.88,219.238.129.26,219.238.147.45,219.240.39.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (81)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500161; rev:2010;) alert tcp [219.254.35.191,219.35.76.15,219.75.212.179,219.84.99.80,219.85.138.20,219.85.169.121,219.86.132.86,219.91.108.158,219.91.136.37,219.91.242.82,219.94.148.63,219.94.153.142,219.94.167.66,219.94.190.167,219.94.190.27,219.94.193.216,219.94.197.158,219.94.198.155,219.94.198.156,219.95.235.58,219.96.53.213,219.99.107.58,219.99.218.113,220.104.188.195,220.104.3.136,220.110.162.178,220.110.181.132,220.110.194.170,220.110.70.50,220.128.226.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (82)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500162; rev:2010;) alert udp [219.254.35.191,219.35.76.15,219.75.212.179,219.84.99.80,219.85.138.20,219.85.169.121,219.86.132.86,219.91.108.158,219.91.136.37,219.91.242.82,219.94.148.63,219.94.153.142,219.94.167.66,219.94.190.167,219.94.190.27,219.94.193.216,219.94.197.158,219.94.198.155,219.94.198.156,219.95.235.58,219.96.53.213,219.99.107.58,219.99.218.113,220.104.188.195,220.104.3.136,220.110.162.178,220.110.181.132,220.110.194.170,220.110.70.50,220.128.226.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (82)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500163; rev:2010;) alert tcp [220.130.192.251,220.130.208.174,220.130.208.243,220.130.79.104,220.133.136.182,220.134.195.125,220.135.212.6,220.135.73.67,220.140.65.146,220.146.16.250,220.150.116.196,220.150.128.105,220.150.151.213,220.156.230.163,220.157.225.74,220.162.241.11,220.163.11.27,220.165.28.67,220.165.4.26,220.167.166.51,220.168.198.195,220.173.136.52,220.178.2.205,220.181.53.231,220.181.53.236,220.181.53.244,220.181.53.245,220.182.3.22,220.182.50.84,220.189.219.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (83)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500164; rev:2010;) alert udp [220.130.192.251,220.130.208.174,220.130.208.243,220.130.79.104,220.133.136.182,220.134.195.125,220.135.212.6,220.135.73.67,220.140.65.146,220.146.16.250,220.150.116.196,220.150.128.105,220.150.151.213,220.156.230.163,220.157.225.74,220.162.241.11,220.163.11.27,220.165.28.67,220.165.4.26,220.167.166.51,220.168.198.195,220.173.136.52,220.178.2.205,220.181.53.231,220.181.53.236,220.181.53.244,220.181.53.245,220.182.3.22,220.182.50.84,220.189.219.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (83)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500165; rev:2010;) alert tcp [220.194.62.71,220.220.148.211,220.220.149.164,220.221.175.39,220.225.126.182,220.225.196.107,220.225.215.165,220.225.225.228,220.225.237.174,220.225.242.181,220.225.247.166,220.225.48.227,220.225.70.248,220.225.80.135,220.226.204.57,220.226.4.44,220.227.52.98,220.229.218.74,220.233.235.231,220.233.253.114,220.241.138.210,220.245.16.149,220.248.195.27,220.248.225.91,220.248.4.202,220.255.7.223,220.255.7.227,220.66.7.248,220.67.151.7,220.68.100.248] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (84)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500166; rev:2010;) alert udp [220.194.62.71,220.220.148.211,220.220.149.164,220.221.175.39,220.225.126.182,220.225.196.107,220.225.215.165,220.225.225.228,220.225.237.174,220.225.242.181,220.225.247.166,220.225.48.227,220.225.70.248,220.225.80.135,220.226.204.57,220.226.4.44,220.227.52.98,220.229.218.74,220.233.235.231,220.233.253.114,220.241.138.210,220.245.16.149,220.248.195.27,220.248.225.91,220.248.4.202,220.255.7.223,220.255.7.227,220.66.7.248,220.67.151.7,220.68.100.248] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (84)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500167; rev:2010;) alert tcp [220.70.2.137,220.73.163.48,221.0.194.203,221.10.252.223,221.11.1.82,221.11.4.10,221.116.142.90,221.118.137.163,221.120.107.203,221.121.130.10,221.122.104.46,221.122.122.71,221.122.79.40,221.122.79.61,221.128.66.192,221.131.83.196,221.133.91.21,221.139.49.73,221.141.2.13,221.143.20.186,221.143.46.31,221.143.48.15,221.147.245.7,221.148.81.47,221.179.186.91,221.181.1.155,221.184.161.176,221.186.214.237,221.187.166.65,221.188.141.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (85)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500168; rev:2010;) alert udp [220.70.2.137,220.73.163.48,221.0.194.203,221.10.252.223,221.11.1.82,221.11.4.10,221.116.142.90,221.118.137.163,221.120.107.203,221.121.130.10,221.122.104.46,221.122.122.71,221.122.79.40,221.122.79.61,221.128.66.192,221.131.83.196,221.133.91.21,221.139.49.73,221.141.2.13,221.143.20.186,221.143.46.31,221.143.48.15,221.147.245.7,221.148.81.47,221.179.186.91,221.181.1.155,221.184.161.176,221.186.214.237,221.187.166.65,221.188.141.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (85)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500169; rev:2010;) alert tcp [221.188.238.229,221.189.133.225,221.191.105.193,221.191.210.29,221.191.231.95,221.192.133.1,221.194.37.91,221.195.68.74,221.199.11.148,221.204.246.54,221.208.180.12,221.208.194.208,221.210.182.190,221.214.16.178,221.230.131.234,221.238.21.37,221.242.0.194,221.3.153.20,221.4.179.226,221.4.242.180,221.7.40.47,221.8.67.43,221.8.71.36,221.8.71.48,221.87.0.46,222.103.197.5,222.112.183.173,222.117.124.136,222.122.163.116,222.122.45.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500170; rev:2010;) alert udp [221.188.238.229,221.189.133.225,221.191.105.193,221.191.210.29,221.191.231.95,221.192.133.1,221.194.37.91,221.195.68.74,221.199.11.148,221.204.246.54,221.208.180.12,221.208.194.208,221.210.182.190,221.214.16.178,221.230.131.234,221.238.21.37,221.242.0.194,221.3.153.20,221.4.179.226,221.4.242.180,221.7.40.47,221.8.67.43,221.8.71.36,221.8.71.48,221.87.0.46,222.103.197.5,222.112.183.173,222.117.124.136,222.122.163.116,222.122.45.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500171; rev:2010;) alert tcp [222.122.47.47,222.124.1.66,222.124.193.12,222.124.197.180,222.124.197.189,222.127.1.118,222.14.157.122,222.149.126.224,222.150.10.15,222.150.42.30,222.158.214.180,222.159.244.128,222.165.133.208,222.168.44.110,222.168.5.236,222.169.224.226,222.169.224.67,222.177.24.35,222.178.119.145,222.184.232.14,222.185.254.132,222.185.254.18,222.186.36.238,222.188.10.59,222.19.138.18,222.190.124.108,222.209.209.25,222.218.124.110,222.221.17.40,222.221.2.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500172; rev:2010;) alert udp [222.122.47.47,222.124.1.66,222.124.193.12,222.124.197.180,222.124.197.189,222.127.1.118,222.14.157.122,222.149.126.224,222.150.10.15,222.150.42.30,222.158.214.180,222.159.244.128,222.165.133.208,222.168.44.110,222.168.5.236,222.169.224.226,222.169.224.67,222.177.24.35,222.178.119.145,222.184.232.14,222.185.254.132,222.185.254.18,222.186.36.238,222.188.10.59,222.19.138.18,222.190.124.108,222.209.209.25,222.218.124.110,222.221.17.40,222.221.2.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500173; rev:2010;) alert tcp [222.222.32.174,222.231.62.40,222.231.63.126,222.236.44.32,222.236.46.241,222.236.46.250,222.236.47.191,222.236.47.79,222.236.47.89,222.237.153.209,222.237.78.139,222.237.78.163,222.237.78.89,222.239.223.72,222.239.223.73,222.243.128.2,222.247.48.186,222.247.54.20,222.247.90.41,222.255.236.141,222.3.249.242,222.33.176.78,222.35.143.202,222.35.2.94,222.35.62.137,222.38.2.245,222.45.235.77,222.66.156.194,222.73.161.149,222.73.228.7] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500174; rev:2010;) alert udp [222.222.32.174,222.231.62.40,222.231.63.126,222.236.44.32,222.236.46.241,222.236.46.250,222.236.47.191,222.236.47.79,222.236.47.89,222.237.153.209,222.237.78.139,222.237.78.163,222.237.78.89,222.239.223.72,222.239.223.73,222.243.128.2,222.247.48.186,222.247.54.20,222.247.90.41,222.255.236.141,222.3.249.242,222.33.176.78,222.35.143.202,222.35.2.94,222.35.62.137,222.38.2.245,222.45.235.77,222.66.156.194,222.73.161.149,222.73.228.7] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500175; rev:2010;) alert tcp [222.73.249.156,222.73.42.16,222.73.57.15,222.73.93.143,222.78.251.54,222.87.204.3,222.89.136.149,222.91.160.63,222.91.97.74,222.92.117.250,24.100.103.15,24.103.144.3,24.106.244.110,24.107.114.22,24.107.14.9,24.144.11.60,24.158.16.2,24.16.184.156,24.173.95.196,24.176.128.137,24.181.93.165,24.197.24.44,24.201.102.199,24.211.198.181,24.225.3.230,24.232.170.65,24.244.160.6,24.254.195.22,24.42.36.253,24.8.190.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500176; rev:2010;) alert udp [222.73.249.156,222.73.42.16,222.73.57.15,222.73.93.143,222.78.251.54,222.87.204.3,222.89.136.149,222.91.160.63,222.91.97.74,222.92.117.250,24.100.103.15,24.103.144.3,24.106.244.110,24.107.114.22,24.107.14.9,24.144.11.60,24.158.16.2,24.16.184.156,24.173.95.196,24.176.128.137,24.181.93.165,24.197.24.44,24.201.102.199,24.211.198.181,24.225.3.230,24.232.170.65,24.244.160.6,24.254.195.22,24.42.36.253,24.8.190.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500177; rev:2010;) alert tcp [24.90.50.244,24.97.8.227,24.99.44.164,38.108.46.5,38.97.225.166,38.99.186.51,41.132.144.196,41.138.0.17,41.138.0.26,41.140.113.192,41.201.218.217,41.201.65.242,41.204.218.60,41.207.106.242,41.216.192.116,41.220.239.251,41.221.150.26,41.223.209.59,41.249.110.33,41.250.165.156,41.254.33.118,41.72.137.212,41.78.76.3,58.0.21.137,58.1.236.80,58.137.214.33,58.17.163.103,58.180.159.112,58.180.17.52,58.184.88.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500178; rev:2010;) alert udp [24.90.50.244,24.97.8.227,24.99.44.164,38.108.46.5,38.97.225.166,38.99.186.51,41.132.144.196,41.138.0.17,41.138.0.26,41.140.113.192,41.201.218.217,41.201.65.242,41.204.218.60,41.207.106.242,41.216.192.116,41.220.239.251,41.221.150.26,41.223.209.59,41.249.110.33,41.250.165.156,41.254.33.118,41.72.137.212,41.78.76.3,58.0.21.137,58.1.236.80,58.137.214.33,58.17.163.103,58.180.159.112,58.180.17.52,58.184.88.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500179; rev:2010;) alert tcp [58.184.88.3,58.185.56.218,58.190.8.28,58.211.1.163,58.211.16.95,58.213.165.158,58.215.78.118,58.216.213.178,58.221.34.18,58.221.41.86,58.222.200.226,58.223.143.148,58.223.251.212,58.224.170.148,58.227.42.102,58.23.64.233,58.241.12.41,58.248.189.155,58.248.253.171,58.251.136.100,58.27.48.180,58.30.143.198,58.30.143.201,58.30.226.49,58.39.145.121,58.40.18.81,58.49.104.164,58.59.7.51,58.6.7.103,58.60.10.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500180; rev:2010;) alert udp [58.184.88.3,58.185.56.218,58.190.8.28,58.211.1.163,58.211.16.95,58.213.165.158,58.215.78.118,58.216.213.178,58.221.34.18,58.221.41.86,58.222.200.226,58.223.143.148,58.223.251.212,58.224.170.148,58.227.42.102,58.23.64.233,58.241.12.41,58.248.189.155,58.248.253.171,58.251.136.100,58.27.48.180,58.30.143.198,58.30.143.201,58.30.226.49,58.39.145.121,58.40.18.81,58.49.104.164,58.59.7.51,58.6.7.103,58.60.10.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500181; rev:2010;) alert tcp [58.68.108.110,58.68.140.25,58.68.69.70,58.68.97.164,58.83.134.152,58.85.109.65,58.86.43.69,58.89.32.85,58.91.188.163,59.106.25.161,59.106.89.201,59.108.116.67,59.108.76.164,59.108.85.75,59.120.119.49,59.120.217.111,59.120.72.252,59.124.114.238,59.124.214.5,59.124.69.49,59.125.155.70,59.125.184.250,59.125.227.173,59.125.251.118,59.125.50.27,59.126.12.182,59.133.219.169,59.151.119.180,59.151.17.200,59.161.82.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500182; rev:2010;) alert udp [58.68.108.110,58.68.140.25,58.68.69.70,58.68.97.164,58.83.134.152,58.85.109.65,58.86.43.69,58.89.32.85,58.91.188.163,59.106.25.161,59.106.89.201,59.108.116.67,59.108.76.164,59.108.85.75,59.120.119.49,59.120.217.111,59.120.72.252,59.124.114.238,59.124.214.5,59.124.69.49,59.125.155.70,59.125.184.250,59.125.227.173,59.125.251.118,59.125.50.27,59.126.12.182,59.133.219.169,59.151.119.180,59.151.17.200,59.161.82.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500183; rev:2010;) alert tcp [59.166.3.34,59.175.146.230,59.176.129.222,59.19.109.45,59.190.164.160,59.25.185.119,59.36.98.154,59.37.54.52,59.45.63.189,59.49.14.12,59.53.91.121,59.53.91.130,59.53.91.188,59.53.91.195,59.53.92.220,59.58.163.75,59.90.140.171,59.92.243.114,59.92.68.95,59.93.166.84,59.93.210.206,59.93.49.49,59.94.180.226,59.94.254.97,59.94.68.57,59.95.49.83,59.95.54.29,59.99.1.114,59.99.144.178,59.99.16.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500184; rev:2010;) alert udp [59.166.3.34,59.175.146.230,59.176.129.222,59.19.109.45,59.190.164.160,59.25.185.119,59.36.98.154,59.37.54.52,59.45.63.189,59.49.14.12,59.53.91.121,59.53.91.130,59.53.91.188,59.53.91.195,59.53.92.220,59.58.163.75,59.90.140.171,59.92.243.114,59.92.68.95,59.93.166.84,59.93.210.206,59.93.49.49,59.94.180.226,59.94.254.97,59.94.68.57,59.95.49.83,59.95.54.29,59.99.1.114,59.99.144.178,59.99.16.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500185; rev:2010;) alert tcp [59.99.18.22,59.99.18.226,59.99.18.42,59.99.57.157,59.99.59.12,60.10.132.42,60.12.233.54,60.13.129.139,60.13.142.62,60.171.75.147,60.190.31.214,60.191.187.227,60.191.187.228,60.191.187.234,60.191.187.246,60.195.250.54,60.196.143.134,60.208.113.131,60.21.216.14,60.212.42.11,60.216.104.82,60.216.89.30,60.217.234.142,60.221.255.145,60.224.34.145,60.229.250.221,60.236.155.234,60.237.58.218,60.238.241.68,60.242.167.253] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500186; rev:2010;) alert udp [59.99.18.22,59.99.18.226,59.99.18.42,59.99.57.157,59.99.59.12,60.10.132.42,60.12.233.54,60.13.129.139,60.13.142.62,60.171.75.147,60.190.31.214,60.191.187.227,60.191.187.228,60.191.187.234,60.191.187.246,60.195.250.54,60.196.143.134,60.208.113.131,60.21.216.14,60.212.42.11,60.216.104.82,60.216.89.30,60.217.234.142,60.221.255.145,60.224.34.145,60.229.250.221,60.236.155.234,60.237.58.218,60.238.241.68,60.242.167.253] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500187; rev:2010;) alert tcp [60.248.112.2,60.248.158.23,60.248.175.30,60.248.43.193,60.248.84.111,60.249.116.30,60.249.14.157,60.249.14.160,60.249.168.50,60.249.19.38,60.249.222.176,60.249.223.180,60.249.84.115,60.249.95.169,60.250.164.177,60.250.200.59,60.250.33.188,60.251.101.45,60.251.255.130,60.251.55.173,60.251.83.106,60.253.101.245,60.28.101.10,60.28.81.251,60.29.236.126,60.29.80.50,60.30.32.26,60.32.214.106,60.32.81.102,60.38.220.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500188; rev:2010;) alert udp [60.248.112.2,60.248.158.23,60.248.175.30,60.248.43.193,60.248.84.111,60.249.116.30,60.249.14.157,60.249.14.160,60.249.168.50,60.249.19.38,60.249.222.176,60.249.223.180,60.249.84.115,60.249.95.169,60.250.164.177,60.250.200.59,60.250.33.188,60.251.101.45,60.251.255.130,60.251.55.173,60.251.83.106,60.253.101.245,60.28.101.10,60.28.81.251,60.29.236.126,60.29.80.50,60.30.32.26,60.32.214.106,60.32.81.102,60.38.220.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500189; rev:2010;) alert tcp [60.39.245.171,60.40.86.239,60.49.153.153,60.51.181.253,60.56.119.234,61.100.4.28,61.100.5.136,61.111.18.20,61.114.230.34,61.115.196.205,61.115.213.18,61.125.76.89,61.128.121.138,61.128.122.13,61.129.112.168,61.129.64.137,61.129.86.186,61.132.87.130,61.132.90.43,61.133.63.11,61.134.52.82,61.135.134.109,61.135.151.38,61.135.181.186,61.136.150.238,61.136.93.30,61.139.33.205,61.142.80.222,61.143.251.219,61.143.62.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500190; rev:2010;) alert udp [60.39.245.171,60.40.86.239,60.49.153.153,60.51.181.253,60.56.119.234,61.100.4.28,61.100.5.136,61.111.18.20,61.114.230.34,61.115.196.205,61.115.213.18,61.125.76.89,61.128.121.138,61.128.122.13,61.129.112.168,61.129.64.137,61.129.86.186,61.132.87.130,61.132.90.43,61.133.63.11,61.134.52.82,61.135.134.109,61.135.151.38,61.135.181.186,61.136.150.238,61.136.93.30,61.139.33.205,61.142.80.222,61.143.251.219,61.143.62.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500191; rev:2010;) alert tcp [61.143.62.4,61.144.123.18,61.145.119.60,61.145.123.26,61.147.107.16,61.147.69.97,61.147.75.61,61.148.61.26,61.150.72.170,61.151.246.140,61.152.223.171,61.152.96.116,61.153.216.101,61.153.224.178,61.153.83.93,61.154.127.212,61.155.169.146,61.155.169.148,61.155.218.66,61.155.41.149,61.158.105.121,61.158.105.211,61.158.105.212,61.158.205.224,61.16.240.36,61.160.83.12,61.161.141.3,61.163.253.199,61.163.78.132,61.164.12.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500192; rev:2010;) alert udp [61.143.62.4,61.144.123.18,61.145.119.60,61.145.123.26,61.147.107.16,61.147.69.97,61.147.75.61,61.148.61.26,61.150.72.170,61.151.246.140,61.152.223.171,61.152.96.116,61.153.216.101,61.153.224.178,61.153.83.93,61.154.127.212,61.155.169.146,61.155.169.148,61.155.218.66,61.155.41.149,61.158.105.121,61.158.105.211,61.158.105.212,61.158.205.224,61.16.240.36,61.160.83.12,61.161.141.3,61.163.253.199,61.163.78.132,61.164.12.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500193; rev:2010;) alert tcp [61.164.128.164,61.164.159.13,61.164.38.19,61.164.41.144,61.168.227.12,61.17.164.173,61.17.165.109,61.17.200.247,61.172.250.179,61.175.198.146,61.178.65.75,61.178.71.16,61.181.255.139,61.19.114.179,61.19.117.212,61.19.244.251,61.19.252.180,61.19.255.12,61.19.78.41,61.190.131.2,61.190.37.56,61.191.206.6,61.196.101.165,61.196.211.163,61.213.71.166,61.214.70.41,61.218.36.21,61.219.127.138,61.219.20.179,61.219.56.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500194; rev:2010;) alert udp [61.164.128.164,61.164.159.13,61.164.38.19,61.164.41.144,61.168.227.12,61.17.164.173,61.17.165.109,61.17.200.247,61.172.250.179,61.175.198.146,61.178.65.75,61.178.71.16,61.181.255.139,61.19.114.179,61.19.117.212,61.19.244.251,61.19.252.180,61.19.255.12,61.19.78.41,61.190.131.2,61.190.37.56,61.191.206.6,61.196.101.165,61.196.211.163,61.213.71.166,61.214.70.41,61.218.36.21,61.219.127.138,61.219.20.179,61.219.56.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500195; rev:2010;) alert tcp [61.220.139.2,61.220.23.211,61.221.104.182,61.221.176.144,61.221.57.118,61.222.145.236,61.228.73.151,61.233.76.137,61.238.158.39,61.250.81.24,61.30.102.4,61.30.11.166,61.31.161.31,61.32.246.9,61.4.189.151,61.4.190.206,61.4.190.207,61.4.82.11,61.4.82.170,61.4.82.18,61.4.82.210,61.41.172.10,61.41.172.20,61.41.172.80,61.41.173.212,61.41.173.214,61.41.173.215,61.41.173.216,61.41.173.3,61.41.173.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500196; rev:2010;) alert udp [61.220.139.2,61.220.23.211,61.221.104.182,61.221.176.144,61.221.57.118,61.222.145.236,61.228.73.151,61.233.76.137,61.238.158.39,61.250.81.24,61.30.102.4,61.30.11.166,61.31.161.31,61.32.246.9,61.4.189.151,61.4.190.206,61.4.190.207,61.4.82.11,61.4.82.170,61.4.82.18,61.4.82.210,61.41.172.10,61.41.172.20,61.41.172.80,61.41.173.212,61.41.173.214,61.41.173.215,61.41.173.216,61.41.173.3,61.41.173.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500197; rev:2010;) alert tcp [61.46.154.27,61.49.18.189,61.49.51.158,61.49.60.47,61.49.60.48,61.54.82.251,61.6.163.30,61.62.86.142,61.63.33.210,61.63.60.123,61.67.130.119,61.67.14.249,61.7.158.116,61.7.213.123,61.7.253.244,61.72.254.251,61.74.232.138,61.78.72.242,61.84.218.123,61.9.80.21,61.90.198.172,61.91.121.26,61.91.83.150,62.112.206.93,62.128.148.137,62.129.179.220,62.129.243.122,62.129.50.35,62.133.190.154,62.141.33.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500198; rev:2010;) alert udp [61.46.154.27,61.49.18.189,61.49.51.158,61.49.60.47,61.49.60.48,61.54.82.251,61.6.163.30,61.62.86.142,61.63.33.210,61.63.60.123,61.67.130.119,61.67.14.249,61.7.158.116,61.7.213.123,61.7.253.244,61.72.254.251,61.74.232.138,61.78.72.242,61.84.218.123,61.9.80.21,61.90.198.172,61.91.121.26,61.91.83.150,62.112.206.93,62.128.148.137,62.129.179.220,62.129.243.122,62.129.50.35,62.133.190.154,62.141.33.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500199; rev:2010;) alert tcp [62.141.42.32,62.147.181.18,62.149.204.178,62.149.206.235,62.149.218.129,62.149.225.250,62.168.59.67,62.182.70.182,62.183.250.199,62.193.226.206,62.193.226.36,62.193.237.53,62.194.114.222,62.20.7.138,62.206.198.90,62.212.9.114,62.215.158.153,62.215.188.50,62.231.244.219,62.238.249.48,62.240.68.98,62.241.5.86,62.25.53.153,62.28.113.229,62.28.78.74,62.43.193.163,62.48.69.70,62.57.191.168,62.57.232.234,62.72.116.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500200; rev:2010;) alert udp [62.141.42.32,62.147.181.18,62.149.204.178,62.149.206.235,62.149.218.129,62.149.225.250,62.168.59.67,62.182.70.182,62.183.250.199,62.193.226.206,62.193.226.36,62.193.237.53,62.194.114.222,62.20.7.138,62.206.198.90,62.212.9.114,62.215.158.153,62.215.188.50,62.231.244.219,62.238.249.48,62.240.68.98,62.241.5.86,62.25.53.153,62.28.113.229,62.28.78.74,62.43.193.163,62.48.69.70,62.57.191.168,62.57.232.234,62.72.116.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500201; rev:2010;) alert tcp [62.82.27.26,62.87.160.66,62.93.239.57,62.93.76.149,62.97.120.155,62.99.205.196,63.111.11.24,63.138.156.205,63.150.5.15,63.151.109.189,63.193.182.184,63.193.73.148,63.232.28.5,63.247.137.71,63.255.109.11,63.73.227.239,63.82.7.23,63.82.7.25,64.105.92.18,64.118.87.10,64.118.89.180,64.120.180.218,64.120.201.240,64.120.227.154,64.120.41.210,64.120.80.51,64.128.174.3,64.15.159.171,64.151.225.19,64.151.89.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500202; rev:2010;) alert udp [62.82.27.26,62.87.160.66,62.93.239.57,62.93.76.149,62.97.120.155,62.99.205.196,63.111.11.24,63.138.156.205,63.150.5.15,63.151.109.189,63.193.182.184,63.193.73.148,63.232.28.5,63.247.137.71,63.255.109.11,63.73.227.239,63.82.7.23,63.82.7.25,64.105.92.18,64.118.87.10,64.118.89.180,64.120.180.218,64.120.201.240,64.120.227.154,64.120.41.210,64.120.80.51,64.128.174.3,64.15.159.171,64.151.225.19,64.151.89.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500203; rev:2010;) alert tcp [64.17.232.108,64.186.129.142,64.186.131.206,64.186.135.207,64.190.167.84,64.191.26.135,64.20.69.223,64.233.167.99,64.246.188.4,64.34.164.69,64.34.170.47,64.34.176.35,64.34.178.166,64.34.39.105,64.38.69.167,64.40.123.31,64.62.181.43,64.69.35.43,64.69.38.145,64.69.41.8,64.70.19.33,64.74.140.25,64.74.223.36,64.79.79.227,64.85.170.57,64.90.182.185,64.95.64.197,65.100.230.26,65.107.118.194,65.111.184.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500204; rev:2010;) alert udp [64.17.232.108,64.186.129.142,64.186.131.206,64.186.135.207,64.190.167.84,64.191.26.135,64.20.69.223,64.233.167.99,64.246.188.4,64.34.164.69,64.34.170.47,64.34.176.35,64.34.178.166,64.34.39.105,64.38.69.167,64.40.123.31,64.62.181.43,64.69.35.43,64.69.38.145,64.69.41.8,64.70.19.33,64.74.140.25,64.74.223.36,64.79.79.227,64.85.170.57,64.90.182.185,64.95.64.197,65.100.230.26,65.107.118.194,65.111.184.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500205; rev:2010;) alert tcp [65.23.129.126,65.23.153.34,65.23.158.13,65.23.158.34,65.29.120.148,65.32.57.210,65.38.221.194,65.38.91.225,65.39.248.216,65.44.224.10,65.82.14.175,65.82.69.7,65.89.46.195,65.98.11.2,65.98.52.172,65.99.209.89,66.11.150.104,66.128.53.189,66.128.59.200,66.133.64.111,66.135.32.248,66.135.37.211,66.152.191.103,66.159.18.9,66.17.23.100,66.177.9.53,66.197.240.53,66.197.250.230,66.198.244.11,66.214.226.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500206; rev:2010;) alert udp [65.23.129.126,65.23.153.34,65.23.158.13,65.23.158.34,65.29.120.148,65.32.57.210,65.38.221.194,65.38.91.225,65.39.248.216,65.44.224.10,65.82.14.175,65.82.69.7,65.89.46.195,65.98.11.2,65.98.52.172,65.99.209.89,66.11.150.104,66.128.53.189,66.128.59.200,66.133.64.111,66.135.32.248,66.135.37.211,66.152.191.103,66.159.18.9,66.17.23.100,66.177.9.53,66.197.240.53,66.197.250.230,66.198.244.11,66.214.226.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500207; rev:2010;) alert tcp [66.219.22.133,66.220.0.250,66.240.199.69,66.240.52.5,66.249.160.170,66.250.40.5,66.251.242.3,66.254.228.118,66.31.185.58,66.40.10.12,66.45.230.101,66.48.71.42,66.49.221.145,66.6.216.244,66.65.5.154,66.7.149.243,66.7.221.26,66.71.246.164,66.71.250.89,66.71.252.47,66.78.21.172,66.96.146.81,66.96.146.90,66.96.16.32,66.96.223.2,66.96.238.245,66.96.241.140,67.101.115.108,67.106.82.228,67.106.82.233] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500208; rev:2010;) alert udp [66.219.22.133,66.220.0.250,66.240.199.69,66.240.52.5,66.249.160.170,66.250.40.5,66.251.242.3,66.254.228.118,66.31.185.58,66.40.10.12,66.45.230.101,66.48.71.42,66.49.221.145,66.6.216.244,66.65.5.154,66.7.149.243,66.7.221.26,66.71.246.164,66.71.250.89,66.71.252.47,66.78.21.172,66.96.146.81,66.96.146.90,66.96.16.32,66.96.223.2,66.96.238.245,66.96.241.140,67.101.115.108,67.106.82.228,67.106.82.233] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500209; rev:2010;) alert tcp [67.109.65.37,67.118.41.164,67.133.102.2,67.18.208.53,67.181.140.60,67.186.211.219,67.19.188.234,67.19.29.250,67.190.88.207,67.191.50.233,67.202.108.110,67.202.84.98,67.205.102.209,67.205.103.24,67.205.66.228,67.205.89.121,67.206.220.79,67.207.132.52,67.212.186.186,67.212.189.90,67.212.66.226,67.214.161.149,67.222.135.196,67.228.130.45,67.228.137.9,67.23.178.54,67.23.19.37,67.23.232.21,67.23.236.45,67.23.237.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500210; rev:2010;) alert udp [67.109.65.37,67.118.41.164,67.133.102.2,67.18.208.53,67.181.140.60,67.186.211.219,67.19.188.234,67.19.29.250,67.190.88.207,67.191.50.233,67.202.108.110,67.202.84.98,67.205.102.209,67.205.103.24,67.205.66.228,67.205.89.121,67.206.220.79,67.207.132.52,67.212.186.186,67.212.189.90,67.212.66.226,67.214.161.149,67.222.135.196,67.228.130.45,67.228.137.9,67.23.178.54,67.23.19.37,67.23.232.21,67.23.236.45,67.23.237.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500211; rev:2010;) alert tcp [67.23.36.228,67.23.43.38,67.23.46.76,67.242.197.139,67.34.178.96,67.39.95.188,67.55.171.240,67.59.188.60,67.90.117.219,67.90.194.2,68.116.199.231,68.122.21.230,68.142.141.210,68.143.86.154,68.149.186.111,68.15.91.138,68.168.208.116,68.168.222.158,68.169.239.80,68.169.44.221,68.169.44.222,68.169.45.89,68.169.46.143,68.178.232.100,68.179.86.125,68.180.151.96,68.183.230.70,68.190.22.250,68.197.160.106,68.208.187.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500212; rev:2010;) alert udp [67.23.36.228,67.23.43.38,67.23.46.76,67.242.197.139,67.34.178.96,67.39.95.188,67.55.171.240,67.59.188.60,67.90.117.219,67.90.194.2,68.116.199.231,68.122.21.230,68.142.141.210,68.143.86.154,68.149.186.111,68.15.91.138,68.168.208.116,68.168.222.158,68.169.239.80,68.169.44.221,68.169.44.222,68.169.45.89,68.169.46.143,68.178.232.100,68.179.86.125,68.180.151.96,68.183.230.70,68.190.22.250,68.197.160.106,68.208.187.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500213; rev:2010;) alert tcp [68.234.15.46,68.234.221.102,68.236.181.133,68.59.219.117,68.62.57.15,68.72.235.250,68.75.40.72,68.92.9.83,69.105.225.55,69.113.114.107,69.120.2.123,69.144.244.163,69.161.142.177,69.162.125.77,69.162.71.20,69.163.153.121,69.164.193.70,69.164.199.225,69.164.215.223,69.164.220.37,69.167.177.160,69.169.145.90,69.169.183.21,69.170.135.92,69.174.242.21,69.174.245.148,69.174.246.162,69.175.108.234,69.175.111.238,69.175.112.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500214; rev:2010;) alert udp [68.234.15.46,68.234.221.102,68.236.181.133,68.59.219.117,68.62.57.15,68.72.235.250,68.75.40.72,68.92.9.83,69.105.225.55,69.113.114.107,69.120.2.123,69.144.244.163,69.161.142.177,69.162.125.77,69.162.71.20,69.163.153.121,69.164.193.70,69.164.199.225,69.164.215.223,69.164.220.37,69.167.177.160,69.169.145.90,69.169.183.21,69.170.135.92,69.174.242.21,69.174.245.148,69.174.246.162,69.175.108.234,69.175.111.238,69.175.112.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500215; rev:2010;) alert tcp [69.175.122.178,69.175.35.138,69.175.6.102,69.175.87.66,69.175.99.42,69.198.160.190,69.199.219.57,69.20.239.58,69.208.138.109,69.231.158.6,69.233.234.226,69.235.236.171,69.235.30.151,69.235.42.93,69.245.36.36,69.246.129.20,69.30.218.72,69.36.13.85,69.36.15.218,69.36.2.88,69.38.139.76,69.42.69.6,69.42.89.214,69.43.136.151,69.50.217.210,69.50.217.91,69.55.238.173,69.55.45.40,69.55.75.184,69.59.177.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500216; rev:2010;) alert udp [69.175.122.178,69.175.35.138,69.175.6.102,69.175.87.66,69.175.99.42,69.198.160.190,69.199.219.57,69.20.239.58,69.208.138.109,69.231.158.6,69.233.234.226,69.235.236.171,69.235.30.151,69.235.42.93,69.245.36.36,69.246.129.20,69.30.218.72,69.36.13.85,69.36.15.218,69.36.2.88,69.38.139.76,69.42.69.6,69.42.89.214,69.43.136.151,69.50.217.210,69.50.217.91,69.55.238.173,69.55.45.40,69.55.75.184,69.59.177.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500217; rev:2010;) alert tcp [69.60.116.208,69.60.125.44,69.60.160.149,69.64.147.211,69.64.210.120,69.64.52.233,69.64.52.234,69.64.62.50,69.65.40.138,69.65.40.43,69.65.42.85,69.7.46.19,69.70.74.242,69.73.154.103,69.73.155.139,69.73.170.112,69.73.230.90,69.80.228.12,69.90.188.183,69.90.47.236,69.93.157.18,69.94.110.5,70.103.134.16,70.106.61.246,70.113.36.214,70.130.186.19,70.143.2.137,70.164.40.83,70.169.138.177,70.184.243.102] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500218; rev:2010;) alert udp [69.60.116.208,69.60.125.44,69.60.160.149,69.64.147.211,69.64.210.120,69.64.52.233,69.64.52.234,69.64.62.50,69.65.40.138,69.65.40.43,69.65.42.85,69.7.46.19,69.70.74.242,69.73.154.103,69.73.155.139,69.73.170.112,69.73.230.90,69.80.228.12,69.90.188.183,69.90.47.236,69.93.157.18,69.94.110.5,70.103.134.16,70.106.61.246,70.113.36.214,70.130.186.19,70.143.2.137,70.164.40.83,70.169.138.177,70.184.243.102] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500219; rev:2010;) alert tcp [70.237.193.20,70.28.53.140,70.28.71.70,70.33.179.242,70.34.192.69,70.38.38.138,70.38.54.101,70.38.54.102,70.38.54.206,70.38.78.211,70.66.213.81,70.84.62.194,70.85.129.101,70.85.31.210,70.85.52.99,70.85.95.170,70.86.30.226,70.86.44.154,70.87.222.248,70.91.189.73,71.0.80.118,71.127.77.134,71.137.227.73,71.156.48.210,71.161.55.80,71.176.1.226,71.193.161.213,71.200.48.91,71.201.148.7,71.205.41.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500220; rev:2010;) alert udp [70.237.193.20,70.28.53.140,70.28.71.70,70.33.179.242,70.34.192.69,70.38.38.138,70.38.54.101,70.38.54.102,70.38.54.206,70.38.78.211,70.66.213.81,70.84.62.194,70.85.129.101,70.85.31.210,70.85.52.99,70.85.95.170,70.86.30.226,70.86.44.154,70.87.222.248,70.91.189.73,71.0.80.118,71.127.77.134,71.137.227.73,71.156.48.210,71.161.55.80,71.176.1.226,71.193.161.213,71.200.48.91,71.201.148.7,71.205.41.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500221; rev:2010;) alert tcp [71.205.6.46,71.251.120.226,71.54.72.118,71.56.94.96,71.6.142.25,71.6.150.121,71.6.165.245,71.80.207.153,71.86.225.66,72.129.105.189,72.14.186.132,72.14.188.99,72.14.207.121,72.16.171.185,72.16.252.90,72.167.165.222,72.172.167.34,72.189.243.92,72.232.219.152,72.232.255.162,72.233.53.55,72.240.198.39,72.245.169.150,72.245.219.51,72.249.83.84,72.251.214.202,72.26.201.166,72.26.224.58,72.29.72.189,72.29.89.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500222; rev:2010;) alert udp [71.205.6.46,71.251.120.226,71.54.72.118,71.56.94.96,71.6.142.25,71.6.150.121,71.6.165.245,71.80.207.153,71.86.225.66,72.129.105.189,72.14.186.132,72.14.188.99,72.14.207.121,72.16.171.185,72.16.252.90,72.167.165.222,72.172.167.34,72.189.243.92,72.232.219.152,72.232.255.162,72.233.53.55,72.240.198.39,72.245.169.150,72.245.219.51,72.249.83.84,72.251.214.202,72.26.201.166,72.26.224.58,72.29.72.189,72.29.89.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500223; rev:2010;) alert tcp [72.3.182.114,72.3.236.120,72.34.226.100,72.34.234.40,72.35.27.41,72.44.84.165,72.45.200.18,72.46.129.202,72.47.200.226,72.47.209.133,72.51.224.160,72.51.41.34,72.52.128.195,72.52.191.225,72.52.205.189,72.52.208.117,72.52.220.32,72.52.65.205,72.54.123.34,72.55.137.204,72.55.140.75,72.55.143.148,72.55.148.232,72.55.153.75,72.55.156.23,72.55.164.240,72.55.174.109,72.55.174.135,72.55.174.42,72.9.147.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500224; rev:2010;) alert udp [72.3.182.114,72.3.236.120,72.34.226.100,72.34.234.40,72.35.27.41,72.44.84.165,72.45.200.18,72.46.129.202,72.47.200.226,72.47.209.133,72.51.224.160,72.51.41.34,72.52.128.195,72.52.191.225,72.52.205.189,72.52.208.117,72.52.220.32,72.52.65.205,72.54.123.34,72.55.137.204,72.55.140.75,72.55.143.148,72.55.148.232,72.55.153.75,72.55.156.23,72.55.164.240,72.55.174.109,72.55.174.135,72.55.174.42,72.9.147.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500225; rev:2010;) alert tcp [72.9.245.82,74.119.217.170,74.126.23.81,74.200.72.170,74.207.237.145,74.207.244.247,74.208.123.7,74.208.170.66,74.208.195.11,74.208.43.218,74.208.44.17,74.213.171.215,74.222.1.99,74.50.115.136,74.50.3.108,74.50.49.34,74.50.52.43,74.50.53.198,74.50.99.232,74.52.107.114,74.52.48.66,74.52.52.156,74.53.203.66,74.54.135.106,74.54.156.73,74.54.223.198,74.54.79.25,74.54.82.223,74.54.82.224,74.55.122.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500226; rev:2010;) alert udp [72.9.245.82,74.119.217.170,74.126.23.81,74.200.72.170,74.207.237.145,74.207.244.247,74.208.123.7,74.208.170.66,74.208.195.11,74.208.43.218,74.208.44.17,74.213.171.215,74.222.1.99,74.50.115.136,74.50.3.108,74.50.49.34,74.50.52.43,74.50.53.198,74.50.99.232,74.52.107.114,74.52.48.66,74.52.52.156,74.53.203.66,74.54.135.106,74.54.156.73,74.54.223.198,74.54.79.25,74.54.82.223,74.54.82.224,74.55.122.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500227; rev:2010;) alert tcp [74.55.14.2,74.55.15.74,74.55.201.138,74.55.250.210,74.55.6.60,74.62.154.168,74.63.232.46,74.63.252.139,74.65.195.239,74.7.153.18,74.82.51.107,74.82.51.130,74.85.199.98,74.85.64.154,74.86.121.10,74.86.147.26,74.86.161.138,74.86.181.26,74.86.84.207,74.86.85.120,74.92.91.97,74.93.189.173,74.94.160.6,74.95.12.13,74.95.46.54,74.95.79.97,75.125.118.158,75.125.131.34,75.125.149.90,75.125.183.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500228; rev:2010;) alert udp [74.55.14.2,74.55.15.74,74.55.201.138,74.55.250.210,74.55.6.60,74.62.154.168,74.63.232.46,74.63.252.139,74.65.195.239,74.7.153.18,74.82.51.107,74.82.51.130,74.85.199.98,74.85.64.154,74.86.121.10,74.86.147.26,74.86.161.138,74.86.181.26,74.86.84.207,74.86.85.120,74.92.91.97,74.93.189.173,74.94.160.6,74.95.12.13,74.95.46.54,74.95.79.97,75.125.118.158,75.125.131.34,75.125.149.90,75.125.183.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500229; rev:2010;) alert tcp [75.125.61.167,75.126.137.166,75.126.186.101,75.127.110.52,75.127.81.15,75.127.81.29,75.127.97.23,75.131.242.118,75.144.254.25,75.147.60.33,75.147.62.198,75.149.55.204,75.149.85.71,75.15.199.60,75.151.77.169,75.16.206.104,75.179.23.111,75.22.138.23,75.22.22.148,75.37.127.100,75.45.0.127,75.45.11.77,75.50.108.131,75.53.145.116,75.59.219.22,75.7.82.23,75.83.54.1,76.107.49.232,76.11.140.188,76.12.116.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500230; rev:2010;) alert udp [75.125.61.167,75.126.137.166,75.126.186.101,75.127.110.52,75.127.81.15,75.127.81.29,75.127.97.23,75.131.242.118,75.144.254.25,75.147.60.33,75.147.62.198,75.149.55.204,75.149.85.71,75.15.199.60,75.151.77.169,75.16.206.104,75.179.23.111,75.22.138.23,75.22.22.148,75.37.127.100,75.45.0.127,75.45.11.77,75.50.108.131,75.53.145.116,75.59.219.22,75.7.82.23,75.83.54.1,76.107.49.232,76.11.140.188,76.12.116.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500231; rev:2010;) alert tcp [76.12.12.123,76.12.147.199,76.12.88.168,76.163.25.140,76.164.45.18,76.180.176.208,76.188.169.250,76.194.93.214,76.201.177.136,76.21.243.13,76.229.169.181,76.229.207.41,76.241.121.124,76.248.69.52,76.254.236.90,76.73.125.202,76.74.218.12,76.74.239.156,76.74.252.170,76.74.253.57,76.76.101.70,76.76.11.73,76.76.18.227,76.76.189.250,76.76.96.188,76.76.99.91,76.79.200.203,76.99.115.237,77.103.12.129,77.104.235.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500232; rev:2010;) alert udp [76.12.12.123,76.12.147.199,76.12.88.168,76.163.25.140,76.164.45.18,76.180.176.208,76.188.169.250,76.194.93.214,76.201.177.136,76.21.243.13,76.229.169.181,76.229.207.41,76.241.121.124,76.248.69.52,76.254.236.90,76.73.125.202,76.74.218.12,76.74.239.156,76.74.252.170,76.74.253.57,76.76.101.70,76.76.11.73,76.76.18.227,76.76.189.250,76.76.96.188,76.76.99.91,76.79.200.203,76.99.115.237,77.103.12.129,77.104.235.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500233; rev:2010;) alert tcp [77.109.85.227,77.111.69.213,77.111.89.200,77.127.6.197,77.162.98.211,77.211.251.221,77.213.225.13,77.221.134.218,77.221.140.102,77.221.140.15,77.221.148.74,77.221.148.82,77.221.148.98,77.222.134.90,77.222.40.206,77.222.43.170,77.222.43.44,77.222.56.126,77.223.141.49,77.232.225.65,77.234.201.89,77.235.43.185,77.237.85.19,77.239.29.71,77.241.83.140,77.241.83.35,77.241.83.40,77.241.89.68,77.242.96.66,77.244.242.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500234; rev:2010;) alert udp [77.109.85.227,77.111.69.213,77.111.89.200,77.127.6.197,77.162.98.211,77.211.251.221,77.213.225.13,77.221.134.218,77.221.140.102,77.221.140.15,77.221.148.74,77.221.148.82,77.221.148.98,77.222.134.90,77.222.40.206,77.222.43.170,77.222.43.44,77.222.56.126,77.223.141.49,77.232.225.65,77.234.201.89,77.235.43.185,77.237.85.19,77.239.29.71,77.241.83.140,77.241.83.35,77.241.83.40,77.241.89.68,77.242.96.66,77.244.242.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500235; rev:2010;) alert tcp [77.244.249.12,77.245.145.193,77.245.145.197,77.245.64.114,77.245.78.58,77.246.179.117,77.247.208.35,77.247.235.11,77.249.255.30,77.253.210.2,77.254.168.171,77.29.106.233,77.29.109.150,77.29.122.4,77.29.28.42,77.37.136.14,77.37.163.250,77.39.16.122,77.40.244.75,77.41.122.141,77.43.21.70,77.47.185.110,77.48.42.5,77.48.63.206,77.68.37.74,77.68.60.22,77.70.78.189,77.74.197.4,77.75.34.106,77.76.137.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500236; rev:2010;) alert udp [77.244.249.12,77.245.145.193,77.245.145.197,77.245.64.114,77.245.78.58,77.246.179.117,77.247.208.35,77.247.235.11,77.249.255.30,77.253.210.2,77.254.168.171,77.29.106.233,77.29.109.150,77.29.122.4,77.29.28.42,77.37.136.14,77.37.163.250,77.39.16.122,77.40.244.75,77.41.122.141,77.43.21.70,77.47.185.110,77.48.42.5,77.48.63.206,77.68.37.74,77.68.60.22,77.70.78.189,77.74.197.4,77.75.34.106,77.76.137.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500237; rev:2010;) alert tcp [77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.172,77.78.248.74,77.78.249.130,77.78.249.30,77.79.115.167,77.79.65.86,77.86.49.191,77.88.66.251,77.89.132.146,77.92.143.120,77.92.68.201,77.92.75.135,77.92.77.234,77.92.77.28,77.92.77.38,77.92.93.2,77.93.240.42,77.93.254.208,77.94.189.23,77.94.242.118,78.101.160.58,78.102.77.245,78.108.178.210,78.111.218.178,78.111.236.62,78.111.99.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500238; rev:2010;) alert udp [77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.172,77.78.248.74,77.78.249.130,77.78.249.30,77.79.115.167,77.79.65.86,77.86.49.191,77.88.66.251,77.89.132.146,77.92.143.120,77.92.68.201,77.92.75.135,77.92.77.234,77.92.77.28,77.92.77.38,77.92.93.2,77.93.240.42,77.93.254.208,77.94.189.23,77.94.242.118,78.101.160.58,78.102.77.245,78.108.178.210,78.111.218.178,78.111.236.62,78.111.99.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500239; rev:2010;) alert tcp [78.129.174.227,78.134.117.44,78.137.168.230,78.138.115.71,78.140.1.71,78.140.143.7,78.143.30.2,78.156.48.250,78.159.112.66,78.225.2.212,78.231.0.100,78.24.222.123,78.3.253.176,78.30.209.187,78.30.212.133,78.30.232.112,78.37.83.203,78.39.243.50,78.4.19.170,78.4.40.147,78.42.220.112,78.46.103.150,78.46.104.66,78.46.105.82,78.46.15.219,78.46.32.194,78.46.42.233,78.46.71.139,78.46.72.115,78.46.73.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500240; rev:2010;) alert udp [78.129.174.227,78.134.117.44,78.137.168.230,78.138.115.71,78.140.1.71,78.140.143.7,78.143.30.2,78.156.48.250,78.159.112.66,78.225.2.212,78.231.0.100,78.24.222.123,78.3.253.176,78.30.209.187,78.30.212.133,78.30.232.112,78.37.83.203,78.39.243.50,78.4.19.170,78.4.40.147,78.42.220.112,78.46.103.150,78.46.104.66,78.46.105.82,78.46.15.219,78.46.32.194,78.46.42.233,78.46.71.139,78.46.72.115,78.46.73.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500241; rev:2010;) alert tcp [78.46.83.76,78.46.84.200,78.46.90.202,78.46.91.173,78.46.99.171,78.47.238.49,78.5.143.241,78.55.108.41,78.56.181.61,78.8.4.208,78.90.16.53,78.90.52.165,79.101.1.9,79.107.100.248,79.107.100.249,79.107.100.250,79.107.100.251,79.107.100.252,79.107.100.253,79.107.100.254,79.113.225.22,79.116.208.142,79.117.117.250,79.118.202.106,79.118.207.176,79.118.255.242,79.126.21.113,79.132.192.22,79.132.229.12,79.135.152.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500242; rev:2010;) alert udp [78.46.83.76,78.46.84.200,78.46.90.202,78.46.91.173,78.46.99.171,78.47.238.49,78.5.143.241,78.55.108.41,78.56.181.61,78.8.4.208,78.90.16.53,78.90.52.165,79.101.1.9,79.107.100.248,79.107.100.249,79.107.100.250,79.107.100.251,79.107.100.252,79.107.100.253,79.107.100.254,79.113.225.22,79.116.208.142,79.117.117.250,79.118.202.106,79.118.207.176,79.118.255.242,79.126.21.113,79.132.192.22,79.132.229.12,79.135.152.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500243; rev:2010;) alert tcp [79.136.63.149,79.136.98.156,79.138.178.89,79.142.112.193,79.148.118.225,79.174.64.15,79.174.64.220,79.174.64.246,79.174.65.179,79.174.65.26,79.174.65.85,79.174.66.200,79.174.66.229,79.174.66.28,79.174.66.79,79.174.67.102,79.174.67.181,79.174.67.28,79.174.78.81,79.174.79.108,79.174.79.112,79.174.79.131,79.174.79.132,79.174.79.136,79.174.79.254,79.174.79.32,79.174.79.34,79.174.79.35,79.174.79.36,79.174.79.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500244; rev:2010;) alert udp [79.136.63.149,79.136.98.156,79.138.178.89,79.142.112.193,79.148.118.225,79.174.64.15,79.174.64.220,79.174.64.246,79.174.65.179,79.174.65.26,79.174.65.85,79.174.66.200,79.174.66.229,79.174.66.28,79.174.66.79,79.174.67.102,79.174.67.181,79.174.67.28,79.174.78.81,79.174.79.108,79.174.79.112,79.174.79.131,79.174.79.132,79.174.79.136,79.174.79.254,79.174.79.32,79.174.79.34,79.174.79.35,79.174.79.36,79.174.79.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500245; rev:2010;) alert tcp [79.174.79.45,79.174.79.68,79.174.79.71,79.174.79.84,79.174.79.99,79.18.239.38,79.181.114.83,79.181.122.102,79.181.127.63,79.183.7.117,79.185.199.181,79.186.160.80,79.187.8.20,79.190.28.162,79.190.43.178,79.190.71.234,79.191.24.157,79.25.129.83,79.29.40.63,79.36.220.16,79.38.222.4,79.38.86.58,79.48.78.74,79.5.155.1,79.5.254.204,79.5.97.184,79.54.62.158,79.98.27.196,8.12.230.71,8.2.208.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500246; rev:2010;) alert udp [79.174.79.45,79.174.79.68,79.174.79.71,79.174.79.84,79.174.79.99,79.18.239.38,79.181.114.83,79.181.122.102,79.181.127.63,79.183.7.117,79.185.199.181,79.186.160.80,79.187.8.20,79.190.28.162,79.190.43.178,79.190.71.234,79.191.24.157,79.25.129.83,79.29.40.63,79.36.220.16,79.38.222.4,79.38.86.58,79.48.78.74,79.5.155.1,79.5.254.204,79.5.97.184,79.54.62.158,79.98.27.196,8.12.230.71,8.2.208.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500247; rev:2010;) alert tcp [8.25.128.69,8.5.1.36,80.11.56.27,80.112.234.218,80.12.80.125,80.13.106.175,80.13.247.112,80.138.192.223,80.14.98.174,80.146.177.67,80.152.212.6,80.152.229.62,80.153.1.172,80.153.155.40,80.154.42.54,80.160.71.231,80.160.71.235,80.168.88.252,80.168.90.75,80.169.87.101,80.179.155.55,80.191.149.83,80.191.161.160,80.191.180.102,80.191.214.7,80.194.247.163,80.196.101.246,80.203.201.46,80.207.42.85,80.237.178.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500248; rev:2010;) alert udp [8.25.128.69,8.5.1.36,80.11.56.27,80.112.234.218,80.12.80.125,80.13.106.175,80.13.247.112,80.138.192.223,80.14.98.174,80.146.177.67,80.152.212.6,80.152.229.62,80.153.1.172,80.153.155.40,80.154.42.54,80.160.71.231,80.160.71.235,80.168.88.252,80.168.90.75,80.169.87.101,80.179.155.55,80.191.149.83,80.191.161.160,80.191.180.102,80.191.214.7,80.194.247.163,80.196.101.246,80.203.201.46,80.207.42.85,80.237.178.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500249; rev:2010;) alert tcp [80.237.178.187,80.237.178.189,80.237.209.59,80.240.202.170,80.241.16.33,80.241.245.6,80.243.212.104,80.244.34.138,80.245.39.142,80.245.39.147,80.246.178.104,80.247.210.16,80.248.213.168,80.248.71.140,80.249.166.152,80.249.210.2,80.249.239.48,80.251.250.22,80.254.160.203,80.33.141.151,80.34.120.85,80.35.193.53,80.36.161.34,80.38.118.86,80.38.244.97,80.48.2.2,80.51.214.113,80.52.213.251,80.52.244.27,80.53.122.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500250; rev:2010;) alert udp [80.237.178.187,80.237.178.189,80.237.209.59,80.240.202.170,80.241.16.33,80.241.245.6,80.243.212.104,80.244.34.138,80.245.39.142,80.245.39.147,80.246.178.104,80.247.210.16,80.248.213.168,80.248.71.140,80.249.166.152,80.249.210.2,80.249.239.48,80.251.250.22,80.254.160.203,80.33.141.151,80.34.120.85,80.35.193.53,80.36.161.34,80.38.118.86,80.38.244.97,80.48.2.2,80.51.214.113,80.52.213.251,80.52.244.27,80.53.122.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500251; rev:2010;) alert tcp [80.55.121.5,80.55.186.238,80.59.169.239,80.59.39.81,80.6.22.239,80.65.230.139,80.68.90.63,80.70.208.108,80.70.96.167,80.73.192.42,80.74.113.26,80.74.142.85,80.74.157.211,80.74.99.180,80.80.162.130,80.81.115.188,80.81.208.138,80.81.254.168,80.82.17.136,80.86.167.182,80.86.198.13,80.86.92.117,80.87.131.126,80.87.131.156,80.87.221.26,80.89.34.187,80.91.191.247,80.92.200.196,80.93.62.127,80.95.160.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500252; rev:2010;) alert udp [80.55.121.5,80.55.186.238,80.59.169.239,80.59.39.81,80.6.22.239,80.65.230.139,80.68.90.63,80.70.208.108,80.70.96.167,80.73.192.42,80.74.113.26,80.74.142.85,80.74.157.211,80.74.99.180,80.80.162.130,80.81.115.188,80.81.208.138,80.81.254.168,80.82.17.136,80.86.167.182,80.86.198.13,80.86.92.117,80.87.131.126,80.87.131.156,80.87.221.26,80.89.34.187,80.91.191.247,80.92.200.196,80.93.62.127,80.95.160.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500253; rev:2010;) alert tcp [81.0.104.90,81.0.214.212,81.0.228.182,81.0.237.125,81.112.238.90,81.13.68.140,81.169.132.156,81.169.132.184,81.169.152.52,81.169.165.123,81.169.167.181,81.169.181.190,81.171.35.60,81.175.61.223,81.176.236.226,81.176.66.98,81.177.33.156,81.180.127.115,81.180.167.201,81.183.216.186,81.19.118.199,81.19.151.195,81.190.44.14,81.193.123.49,81.196.20.134,81.196.221.186,81.20.168.4,81.201.105.107,81.202.109.93,81.202.115.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500254; rev:2010;) alert udp [81.0.104.90,81.0.214.212,81.0.228.182,81.0.237.125,81.112.238.90,81.13.68.140,81.169.132.156,81.169.132.184,81.169.152.52,81.169.165.123,81.169.167.181,81.169.181.190,81.171.35.60,81.175.61.223,81.176.236.226,81.176.66.98,81.177.33.156,81.180.127.115,81.180.167.201,81.183.216.186,81.19.118.199,81.19.151.195,81.190.44.14,81.193.123.49,81.196.20.134,81.196.221.186,81.20.168.4,81.201.105.107,81.202.109.93,81.202.115.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500255; rev:2010;) alert tcp [81.202.27.206,81.208.11.194,81.208.35.109,81.208.35.84,81.208.62.115,81.21.32.198,81.215.195.175,81.219.54.77,81.223.155.37,81.23.121.38,81.24.147.76,81.24.32.230,81.25.120.192,81.252.196.50,81.255.91.101,81.27.44.248,81.28.96.203,81.28.96.74,81.28.97.18,81.28.97.60,81.28.97.73,81.28.97.84,81.29.146.34,81.29.146.49,81.29.197.196,81.30.151.42,81.30.64.130,81.38.245.237,81.47.130.26,81.56.112.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500256; rev:2010;) alert udp [81.202.27.206,81.208.11.194,81.208.35.109,81.208.35.84,81.208.62.115,81.21.32.198,81.215.195.175,81.219.54.77,81.223.155.37,81.23.121.38,81.24.147.76,81.24.32.230,81.25.120.192,81.252.196.50,81.255.91.101,81.27.44.248,81.28.96.203,81.28.96.74,81.28.97.18,81.28.97.60,81.28.97.73,81.28.97.84,81.29.146.34,81.29.146.49,81.29.197.196,81.30.151.42,81.30.64.130,81.38.245.237,81.47.130.26,81.56.112.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500257; rev:2010;) alert tcp [81.56.201.37,81.56.203.73,81.7.71.182,81.80.40.214,81.83.10.210,81.83.12.68,81.83.13.175,81.88.212.70,81.88.54.234,81.89.103.168,81.89.103.80,81.89.110.57,81.89.48.85,81.89.61.38,82.104.144.82,82.107.159.18,82.112.192.102,82.113.106.207,82.113.121.103,82.113.121.99,82.113.153.100,82.113.49.38,82.114.175.37,82.114.224.205,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (130)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500258; rev:2010;) alert udp [81.56.201.37,81.56.203.73,81.7.71.182,81.80.40.214,81.83.10.210,81.83.12.68,81.83.13.175,81.88.212.70,81.88.54.234,81.89.103.168,81.89.103.80,81.89.110.57,81.89.48.85,81.89.61.38,82.104.144.82,82.107.159.18,82.112.192.102,82.113.106.207,82.113.121.103,82.113.121.99,82.113.153.100,82.113.49.38,82.114.175.37,82.114.224.205,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (130)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500259; rev:2010;) alert tcp [82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.225.62,82.127.114.250,82.127.66.230,82.128.245.136,82.128.253.201,82.130.119.4,82.130.177.254,82.131.192.212,82.132.26.234,82.135.139.6,82.135.231.145,82.135.231.21,82.135.41.2,82.135.69.69,82.135.88.150,82.139.23.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (131)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500260; rev:2010;) alert udp [82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.225.62,82.127.114.250,82.127.66.230,82.128.245.136,82.128.253.201,82.130.119.4,82.130.177.254,82.131.192.212,82.132.26.234,82.135.139.6,82.135.231.145,82.135.231.21,82.135.41.2,82.135.69.69,82.135.88.150,82.139.23.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (131)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500261; rev:2010;) alert tcp [82.139.71.187,82.140.153.153,82.142.126.251,82.146.61.95,82.147.175.55,82.148.23.83,82.148.29.250,82.148.31.212,82.152.59.9,82.154.248.147,82.155.0.78,82.155.51.55,82.158.128.129,82.160.135.13,82.177.18.212,82.179.71.52,82.187.110.74,82.193.234.212,82.197.153.201,82.198.126.7,82.200.29.94,82.204.31.223,82.207.102.11,82.207.113.150,82.207.238.78,82.208.10.183,82.210.130.234,82.210.31.12,82.221.32.6,82.224.119.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (132)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500262; rev:2010;) alert udp [82.139.71.187,82.140.153.153,82.142.126.251,82.146.61.95,82.147.175.55,82.148.23.83,82.148.29.250,82.148.31.212,82.152.59.9,82.154.248.147,82.155.0.78,82.155.51.55,82.158.128.129,82.160.135.13,82.177.18.212,82.179.71.52,82.187.110.74,82.193.234.212,82.197.153.201,82.198.126.7,82.200.29.94,82.204.31.223,82.207.102.11,82.207.113.150,82.207.238.78,82.208.10.183,82.210.130.234,82.210.31.12,82.221.32.6,82.224.119.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (132)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500263; rev:2010;) alert tcp [82.224.245.110,82.224.34.103,82.225.233.120,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.126.154,82.228.150.242,82.228.44.201,82.229.122.192,82.229.227.1,82.230.149.95,82.230.207.7,82.230.42.230,82.231.151.134,82.231.21.217,82.231.69.123,82.231.75.20,82.232.13.212,82.232.183.109,82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.152.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (133)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500264; rev:2010;) alert udp [82.224.245.110,82.224.34.103,82.225.233.120,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.126.154,82.228.150.242,82.228.44.201,82.229.122.192,82.229.227.1,82.230.149.95,82.230.207.7,82.230.42.230,82.231.151.134,82.231.21.217,82.231.69.123,82.231.75.20,82.232.13.212,82.232.183.109,82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.152.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (133)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500265; rev:2010;) alert tcp [82.233.167.2,82.234.161.15,82.234.79.36,82.235.113.121,82.235.119.25,82.235.127.164,82.235.96.131,82.236.11.160,82.237.17.189,82.237.170.208,82.237.191.169,82.237.28.34,82.237.48.196,82.238.133.192,82.238.210.201,82.238.226.103,82.238.37.41,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.243.43.232,82.244.221.227,82.244.231.46,82.244.58.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (134)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500266; rev:2010;) alert udp [82.233.167.2,82.234.161.15,82.234.79.36,82.235.113.121,82.235.119.25,82.235.127.164,82.235.96.131,82.236.11.160,82.237.17.189,82.237.170.208,82.237.191.169,82.237.28.34,82.237.48.196,82.238.133.192,82.238.210.201,82.238.226.103,82.238.37.41,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.243.43.232,82.244.221.227,82.244.231.46,82.244.58.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (134)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500267; rev:2010;) alert tcp [82.245.156.195,82.245.173.106,82.245.237.84,82.245.72.57,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.124.59,82.247.195.164,82.247.200.74,82.248.211.212,82.250.101.249,82.250.160.218,82.250.211.183,82.251.124.13,82.251.125.61,82.251.232.13,82.251.249.60,82.252.156.220,82.254.248.225,82.255.113.164,82.39.212.129,82.49.189.156,82.51.145.80,82.53.174.211,82.57.29.206,82.60.67.225,82.64.130.152,82.64.185.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (135)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500268; rev:2010;) alert udp [82.245.156.195,82.245.173.106,82.245.237.84,82.245.72.57,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.124.59,82.247.195.164,82.247.200.74,82.248.211.212,82.250.101.249,82.250.160.218,82.250.211.183,82.251.124.13,82.251.125.61,82.251.232.13,82.251.249.60,82.252.156.220,82.254.248.225,82.255.113.164,82.39.212.129,82.49.189.156,82.51.145.80,82.53.174.211,82.57.29.206,82.60.67.225,82.64.130.152,82.64.185.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (135)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500269; rev:2010;) alert tcp [82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.65.66.39,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.70.177.150,82.76.165.29,82.77.216.130,82.77.232.250,82.78.195.122,82.82.135.179,82.82.224.124,82.83.248.238,82.83.91.13,82.85.90.87,82.95.224.38,82.97.15.139,82.98.86.167,83.10.222.194,83.101.24.213,83.103.127.122,83.103.127.243,83.103.171.23,83.11.161.211,83.11.63.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (136)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500270; rev:2010;) alert udp [82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.65.66.39,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.70.177.150,82.76.165.29,82.77.216.130,82.77.232.250,82.78.195.122,82.82.135.179,82.82.224.124,82.83.248.238,82.83.91.13,82.85.90.87,82.95.224.38,82.97.15.139,82.98.86.167,83.10.222.194,83.101.24.213,83.103.127.122,83.103.127.243,83.103.171.23,83.11.161.211,83.11.63.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (136)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500271; rev:2010;) alert tcp [83.11.72.49,83.12.134.162,83.12.155.202,83.12.243.234,83.12.251.154,83.12.75.42,83.13.162.26,83.13.220.122,83.13.3.10,83.135.140.37,83.137.130.146,83.137.193.200,83.138.135.122,83.138.141.138,83.14.53.114,83.140.191.168,83.142.208.44,83.143.217.206,83.145.103.208,83.149.70.53,83.149.72.198,83.149.74.6,83.149.85.116,83.149.95.160,83.15.19.141,83.15.19.142,83.15.211.170,83.15.59.243,83.150.121.253,83.150.156.127] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (137)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500272; rev:2010;) alert udp [83.11.72.49,83.12.134.162,83.12.155.202,83.12.243.234,83.12.251.154,83.12.75.42,83.13.162.26,83.13.220.122,83.13.3.10,83.135.140.37,83.137.130.146,83.137.193.200,83.138.135.122,83.138.141.138,83.14.53.114,83.140.191.168,83.142.208.44,83.143.217.206,83.145.103.208,83.149.70.53,83.149.72.198,83.149.74.6,83.149.85.116,83.149.95.160,83.15.19.141,83.15.19.142,83.15.211.170,83.15.59.243,83.150.121.253,83.150.156.127] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (137)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500273; rev:2010;) alert tcp [83.151.29.133,83.151.31.26,83.16.227.242,83.167.238.123,83.169.0.250,83.17.156.90,83.170.112.218,83.170.112.250,83.170.115.110,83.170.115.84,83.170.83.204,83.170.85.139,83.170.85.180,83.170.85.61,83.170.88.210,83.172.144.47,83.175.70.17,83.18.168.58,83.18.59.178,83.2.224.2,83.2.81.91,83.202.204.151,83.21.35.18,83.211.93.140,83.212.127.238,83.216.149.245,83.216.43.201,83.221.34.4,83.222.110.209,83.222.127.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (138)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500274; rev:2010;) alert udp [83.151.29.133,83.151.31.26,83.16.227.242,83.167.238.123,83.169.0.250,83.17.156.90,83.170.112.218,83.170.112.250,83.170.115.110,83.170.115.84,83.170.83.204,83.170.85.139,83.170.85.180,83.170.85.61,83.170.88.210,83.172.144.47,83.175.70.17,83.18.168.58,83.18.59.178,83.2.224.2,83.2.81.91,83.202.204.151,83.21.35.18,83.211.93.140,83.212.127.238,83.216.149.245,83.216.43.201,83.221.34.4,83.222.110.209,83.222.127.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (138)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500275; rev:2010;) alert tcp [83.226.186.238,83.227.154.200,83.227.73.193,83.227.77.160,83.228.37.12,83.231.61.8,83.233.149.162,83.233.246.237,83.236.192.11,83.238.187.53,83.240.163.234,83.243.42.8,83.245.202.137,83.245.63.121,83.25.194.58,83.25.238.126,83.254.58.189,83.26.63.46,83.27.118.250,83.28.24.71,83.29.239.140,83.29.247.1,83.29.54.31,83.30.159.109,83.31.86.172,83.31.96.1,83.42.61.86,83.5.125.138,83.59.151.24,83.6.113.143] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (139)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500276; rev:2010;) alert udp [83.226.186.238,83.227.154.200,83.227.73.193,83.227.77.160,83.228.37.12,83.231.61.8,83.233.149.162,83.233.246.237,83.236.192.11,83.238.187.53,83.240.163.234,83.243.42.8,83.245.202.137,83.245.63.121,83.25.194.58,83.25.238.126,83.254.58.189,83.26.63.46,83.27.118.250,83.28.24.71,83.29.239.140,83.29.247.1,83.29.54.31,83.30.159.109,83.31.86.172,83.31.96.1,83.42.61.86,83.5.125.138,83.59.151.24,83.6.113.143] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (139)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500277; rev:2010;) alert tcp [83.6.208.127,83.64.6.117,83.8.216.95,83.87.224.30,83.88.199.75,83.9.18.229,83.9.34.211,83.96.235.40,83.97.161.213,83.98.128.109,84.10.156.60,84.104.240.14,84.106.83.73,84.109.63.225,84.115.85.207,84.120.248.233,84.120.61.39,84.123.185.81,84.123.39.91,84.124.106.11,84.124.11.117,84.124.27.36,84.124.75.143,84.126.112.181,84.127.197.48,84.15.40.80,84.158.68.249,84.16.226.87,84.16.230.120,84.16.250.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (140)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500278; rev:2010;) alert udp [83.6.208.127,83.64.6.117,83.8.216.95,83.87.224.30,83.88.199.75,83.9.18.229,83.9.34.211,83.96.235.40,83.97.161.213,83.98.128.109,84.10.156.60,84.104.240.14,84.106.83.73,84.109.63.225,84.115.85.207,84.120.248.233,84.120.61.39,84.123.185.81,84.123.39.91,84.124.106.11,84.124.11.117,84.124.27.36,84.124.75.143,84.126.112.181,84.127.197.48,84.15.40.80,84.158.68.249,84.16.226.87,84.16.230.120,84.16.250.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (140)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500279; rev:2010;) alert tcp [84.16.75.103,84.19.186.146,84.2.35.53,84.20.10.36,84.200.231.12,84.205.160.1,84.242.134.203,84.243.234.20,84.244.73.50,84.245.188.71,84.246.224.155,84.246.247.122,84.253.134.114,84.253.142.220,84.253.34.33,84.255.213.22,84.255.228.20,84.33.201.12,84.37.19.125,84.38.64.159,84.38.65.217,84.38.66.212,84.38.66.215,84.38.66.242,84.38.67.120,84.38.67.250,84.45.73.5,84.48.55.139,84.51.251.9,84.52.115.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (141)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500280; rev:2010;) alert udp [84.16.75.103,84.19.186.146,84.2.35.53,84.20.10.36,84.200.231.12,84.205.160.1,84.242.134.203,84.243.234.20,84.244.73.50,84.245.188.71,84.246.224.155,84.246.247.122,84.253.134.114,84.253.142.220,84.253.34.33,84.255.213.22,84.255.228.20,84.33.201.12,84.37.19.125,84.38.64.159,84.38.65.217,84.38.66.212,84.38.66.215,84.38.66.242,84.38.67.120,84.38.67.250,84.45.73.5,84.48.55.139,84.51.251.9,84.52.115.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (141)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500281; rev:2010;) alert tcp [84.52.71.84,84.52.98.134,84.55.14.29,84.55.151.154,84.62.75.20,84.73.233.110,84.75.116.84,84.79.69.222,84.89.61.97,84.95.241.157,85.10.192.231,85.10.193.241,85.10.194.176,85.10.195.252,85.10.199.101,85.10.199.203,85.10.202.3,85.10.203.208,85.10.227.71,85.105.205.167,85.11.33.12,85.112.126.15,85.112.126.8,85.114.130.162,85.114.130.247,85.114.132.96,85.114.133.83,85.114.141.22,85.114.143.39,85.114.143.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (142)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500282; rev:2010;) alert udp [84.52.71.84,84.52.98.134,84.55.14.29,84.55.151.154,84.62.75.20,84.73.233.110,84.75.116.84,84.79.69.222,84.89.61.97,84.95.241.157,85.10.192.231,85.10.193.241,85.10.194.176,85.10.195.252,85.10.199.101,85.10.199.203,85.10.202.3,85.10.203.208,85.10.227.71,85.105.205.167,85.11.33.12,85.112.126.15,85.112.126.8,85.114.130.162,85.114.130.247,85.114.132.96,85.114.133.83,85.114.141.22,85.114.143.39,85.114.143.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (142)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500283; rev:2010;) alert tcp [85.114.181.162,85.118.160.24,85.119.158.47,85.12.17.157,85.12.24.87,85.12.24.89,85.12.33.10,85.12.33.24,85.12.43.219,85.120.224.59,85.124.142.46,85.124.148.170,85.125.151.19,85.125.237.82,85.125.80.181,85.125.86.111,85.125.96.226,85.130.233.79,85.131.247.251,85.14.138.236,85.14.178.21,85.14.84.234,85.142.60.146,85.152.90.240,85.155.145.33,85.158.254.155,85.17.10.189,85.17.138.39,85.17.138.8,85.17.148.201] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (143)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500284; rev:2010;) alert udp [85.114.181.162,85.118.160.24,85.119.158.47,85.12.17.157,85.12.24.87,85.12.24.89,85.12.33.10,85.12.33.24,85.12.43.219,85.120.224.59,85.124.142.46,85.124.148.170,85.125.151.19,85.125.237.82,85.125.80.181,85.125.86.111,85.125.96.226,85.130.233.79,85.131.247.251,85.14.138.236,85.14.178.21,85.14.84.234,85.142.60.146,85.152.90.240,85.155.145.33,85.158.254.155,85.17.10.189,85.17.138.39,85.17.138.8,85.17.148.201] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (143)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500285; rev:2010;) alert tcp [85.17.154.86,85.17.183.147,85.17.19.205,85.17.211.12,85.17.212.11,85.17.250.240,85.17.36.108,85.17.59.138,85.17.90.77,85.17.92.134,85.17.92.141,85.17.92.35,85.17.92.9,85.17.94.5,85.18.107.165,85.18.135.252,85.18.163.174,85.180.119.53,85.186.255.54,85.187.47.253,85.193.59.43,85.199.179.22,85.201.160.202,85.207.237.33,85.214.120.54,85.214.131.133,85.214.133.151,85.214.133.190,85.214.38.111,85.214.44.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (144)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500286; rev:2010;) alert udp [85.17.154.86,85.17.183.147,85.17.19.205,85.17.211.12,85.17.212.11,85.17.250.240,85.17.36.108,85.17.59.138,85.17.90.77,85.17.92.134,85.17.92.141,85.17.92.35,85.17.92.9,85.17.94.5,85.18.107.165,85.18.135.252,85.18.163.174,85.180.119.53,85.186.255.54,85.187.47.253,85.193.59.43,85.199.179.22,85.201.160.202,85.207.237.33,85.214.120.54,85.214.131.133,85.214.133.151,85.214.133.190,85.214.38.111,85.214.44.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (144)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500287; rev:2010;) alert tcp [85.214.52.197,85.214.56.75,85.214.84.157,85.214.84.59,85.214.90.220,85.218.152.241,85.219.184.129,85.219.198.221,85.219.236.100,85.219.6.116,85.221.23.4,85.223.51.11,85.224.185.84,85.225.108.193,85.225.112.56,85.225.134.179,85.228.159.175,85.231.30.180,85.233.69.40,85.234.133.114,85.234.190.52,85.239.208.226,85.24.138.219,85.24.165.206,85.24.184.118,85.249.223.151,85.25.124.189,85.25.135.189,85.25.141.122,85.25.52.49] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (145)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500288; rev:2010;) alert udp [85.214.52.197,85.214.56.75,85.214.84.157,85.214.84.59,85.214.90.220,85.218.152.241,85.219.184.129,85.219.198.221,85.219.236.100,85.219.6.116,85.221.23.4,85.223.51.11,85.224.185.84,85.225.108.193,85.225.112.56,85.225.134.179,85.228.159.175,85.231.30.180,85.233.69.40,85.234.133.114,85.234.190.52,85.239.208.226,85.24.138.219,85.24.165.206,85.24.184.118,85.249.223.151,85.25.124.189,85.25.135.189,85.25.141.122,85.25.52.49] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (145)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500289; rev:2010;) alert tcp [85.255.194.163,85.31.107.14,85.31.187.32,85.67.214.76,85.77.237.200,85.92.137.214,85.92.138.206,85.92.139.133,85.92.139.192,85.92.139.194,85.92.144.102,85.92.146.193,85.93.146.154,85.94.160.143,86.110.192.77,86.110.67.42,86.110.96.29,86.111.244.181,86.111.245.183,86.111.97.31,86.120.88.125,86.121.214.49,86.125.25.163,86.168.14.36,86.34.137.186,86.34.187.82,86.39.131.92,86.39.146.3,86.39.165.192,86.47.226.61] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (146)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500290; rev:2010;) alert udp [85.255.194.163,85.31.107.14,85.31.187.32,85.67.214.76,85.77.237.200,85.92.137.214,85.92.138.206,85.92.139.133,85.92.139.192,85.92.139.194,85.92.144.102,85.92.146.193,85.93.146.154,85.94.160.143,86.110.192.77,86.110.67.42,86.110.96.29,86.111.244.181,86.111.245.183,86.111.97.31,86.120.88.125,86.121.214.49,86.125.25.163,86.168.14.36,86.34.137.186,86.34.187.82,86.39.131.92,86.39.146.3,86.39.165.192,86.47.226.61] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (146)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500291; rev:2010;) alert tcp [86.53.239.179,86.55.177.93,86.55.211.116,86.55.211.117,86.55.236.254,86.57.246.138,86.59.29.53,86.64.222.3,86.64.248.252,86.66.20.21,86.9.79.253,87.1.33.237,87.101.232.106,87.101.50.7,87.101.50.8,87.106.102.76,87.106.212.112,87.106.241.9,87.106.254.55,87.106.4.125,87.106.5.82,87.106.59.162,87.106.86.155,87.106.99.106,87.107.20.5,87.107.20.8,87.110.220.5,87.117.200.206,87.117.205.9,87.118.100.7] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (147)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500292; rev:2010;) alert udp [86.53.239.179,86.55.177.93,86.55.211.116,86.55.211.117,86.55.236.254,86.57.246.138,86.59.29.53,86.64.222.3,86.64.248.252,86.66.20.21,86.9.79.253,87.1.33.237,87.101.232.106,87.101.50.7,87.101.50.8,87.106.102.76,87.106.212.112,87.106.241.9,87.106.254.55,87.106.4.125,87.106.5.82,87.106.59.162,87.106.86.155,87.106.99.106,87.107.20.5,87.107.20.8,87.110.220.5,87.117.200.206,87.117.205.9,87.118.100.7] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (147)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500293; rev:2010;) alert tcp [87.118.104.89,87.118.106.243,87.118.112.236,87.118.112.46,87.118.112.71,87.118.114.243,87.118.116.95,87.118.203.43,87.118.82.57,87.118.84.17,87.118.87.217,87.118.88.109,87.118.88.74,87.118.90.222,87.118.94.137,87.118.98.95,87.119.198.20,87.120.152.223,87.121.27.115,87.139.22.199,87.14.165.32,87.16.124.231,87.163.205.161,87.19.76.183,87.19.94.66,87.193.138.136,87.193.142.242,87.194.159.100,87.194.19.132,87.194.36.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (148)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500294; rev:2010;) alert udp [87.118.104.89,87.118.106.243,87.118.112.236,87.118.112.46,87.118.112.71,87.118.114.243,87.118.116.95,87.118.203.43,87.118.82.57,87.118.84.17,87.118.87.217,87.118.88.109,87.118.88.74,87.118.90.222,87.118.94.137,87.118.98.95,87.119.198.20,87.120.152.223,87.121.27.115,87.139.22.199,87.14.165.32,87.16.124.231,87.163.205.161,87.19.76.183,87.19.94.66,87.193.138.136,87.193.142.242,87.194.159.100,87.194.19.132,87.194.36.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (148)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500295; rev:2010;) alert tcp [87.200.105.98,87.204.217.2,87.204.23.215,87.205.149.152,87.216.176.66,87.225.128.25,87.226.12.92,87.229.30.113,87.230.56.40,87.230.78.232,87.230.83.81,87.230.85.194,87.230.92.134,87.233.156.163,87.234.44.208,87.236.232.109,87.236.232.111,87.236.232.18,87.237.106.195,87.237.184.108,87.237.56.233,87.238.75.118,87.24.9.163,87.240.72.77,87.242.73.96,87.242.98.199,87.244.206.3,87.246.53.11,87.249.108.9,87.255.18.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (149)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500296; rev:2010;) alert udp [87.200.105.98,87.204.217.2,87.204.23.215,87.205.149.152,87.216.176.66,87.225.128.25,87.226.12.92,87.229.30.113,87.230.56.40,87.230.78.232,87.230.83.81,87.230.85.194,87.230.92.134,87.233.156.163,87.234.44.208,87.236.232.109,87.236.232.111,87.236.232.18,87.237.106.195,87.237.184.108,87.237.56.233,87.238.75.118,87.24.9.163,87.240.72.77,87.242.73.96,87.242.98.199,87.244.206.3,87.246.53.11,87.249.108.9,87.255.18.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (149)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500297; rev:2010;) alert tcp [87.3.146.251,87.3.32.99,87.5.220.171,87.54.134.250,87.56.181.14,87.56.252.158,87.60.133.149,87.63.36.152,87.69.12.66,87.86.238.221,87.96.215.3,87.96.215.6,87.97.30.25,87.97.96.79,87.98.253.89,88.100.93.160,88.107.10.169,88.132.58.248,88.146.86.72,88.149.195.30,88.149.202.196,88.151.97.150,88.156.100.248,88.156.239.181,88.159.160.228,88.159.8.164,88.159.82.234,88.160.116.150,88.165.22.177,88.167.176.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (150)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500298; rev:2010;) alert udp [87.3.146.251,87.3.32.99,87.5.220.171,87.54.134.250,87.56.181.14,87.56.252.158,87.60.133.149,87.63.36.152,87.69.12.66,87.86.238.221,87.96.215.3,87.96.215.6,87.97.30.25,87.97.96.79,87.98.253.89,88.100.93.160,88.107.10.169,88.132.58.248,88.146.86.72,88.149.195.30,88.149.202.196,88.151.97.150,88.156.100.248,88.156.239.181,88.159.160.228,88.159.8.164,88.159.82.234,88.160.116.150,88.165.22.177,88.167.176.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (150)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500299; rev:2010;) alert tcp [88.169.214.123,88.177.160.128,88.177.173.231,88.178.4.175,88.190.12.164,88.191.102.156,88.191.104.156,88.191.119.141,88.191.124.211,88.191.14.154,88.191.16.115,88.191.17.209,88.191.18.98,88.191.23.69,88.191.30.24,88.191.37.200,88.191.38.208,88.191.50.140,88.191.63.231,88.191.68.82,88.191.71.10,88.191.73.174,88.191.73.232,88.191.77.125,88.191.77.215,88.191.79.37,88.191.83.8,88.191.92.122,88.191.92.243,88.191.93.244] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (151)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500300; rev:2010;) alert udp [88.169.214.123,88.177.160.128,88.177.173.231,88.178.4.175,88.190.12.164,88.191.102.156,88.191.104.156,88.191.119.141,88.191.124.211,88.191.14.154,88.191.16.115,88.191.17.209,88.191.18.98,88.191.23.69,88.191.30.24,88.191.37.200,88.191.38.208,88.191.50.140,88.191.63.231,88.191.68.82,88.191.71.10,88.191.73.174,88.191.73.232,88.191.77.125,88.191.77.215,88.191.79.37,88.191.83.8,88.191.92.122,88.191.92.243,88.191.93.244] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (151)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500301; rev:2010;) alert tcp [88.191.94.204,88.191.94.244,88.191.94.64,88.191.95.217,88.198.13.233,88.198.14.53,88.198.25.138,88.198.250.165,88.198.28.14,88.198.33.104,88.198.33.87,88.198.34.250,88.198.36.163,88.198.41.243,88.198.48.209,88.198.48.240,88.198.50.108,88.198.50.120,88.198.52.99,88.198.57.75,88.198.60.15,88.198.62.40,88.198.66.13,88.198.68.52,88.198.9.220,88.199.84.3,88.203.200.26,88.204.168.251,88.208.201.226,88.208.207.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (152)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500302; rev:2010;) alert udp [88.191.94.204,88.191.94.244,88.191.94.64,88.191.95.217,88.198.13.233,88.198.14.53,88.198.25.138,88.198.250.165,88.198.28.14,88.198.33.104,88.198.33.87,88.198.34.250,88.198.36.163,88.198.41.243,88.198.48.209,88.198.48.240,88.198.50.108,88.198.50.120,88.198.52.99,88.198.57.75,88.198.60.15,88.198.62.40,88.198.66.13,88.198.68.52,88.198.9.220,88.199.84.3,88.203.200.26,88.204.168.251,88.208.201.226,88.208.207.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (152)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500303; rev:2010;) alert tcp [88.208.208.242,88.208.219.97,88.208.232.36,88.208.236.192,88.209.212.139,88.209.222.233,88.209.249.225,88.212.3.2,88.214.193.116,88.214.193.35,88.214.194.28,88.222.116.19,88.233.9.252,88.245.103.84,88.248.153.142,88.248.50.13,88.255.131.82,88.255.225.103,88.255.239.62,88.26.206.74,88.41.48.170,88.44.214.142,88.46.90.90,88.49.255.210,88.55.61.35,88.56.189.226,88.69.182.109,88.80.0.102,88.80.6.178,88.81.165.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (153)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500304; rev:2010;) alert udp [88.208.208.242,88.208.219.97,88.208.232.36,88.208.236.192,88.209.212.139,88.209.222.233,88.209.249.225,88.212.3.2,88.214.193.116,88.214.193.35,88.214.194.28,88.222.116.19,88.233.9.252,88.245.103.84,88.248.153.142,88.248.50.13,88.255.131.82,88.255.225.103,88.255.239.62,88.26.206.74,88.41.48.170,88.44.214.142,88.46.90.90,88.49.255.210,88.55.61.35,88.56.189.226,88.69.182.109,88.80.0.102,88.80.6.178,88.81.165.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (153)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500305; rev:2010;) alert tcp [88.84.137.198,88.84.137.199,88.84.142.88,88.84.148.186,88.84.150.180,88.84.156.220,88.84.156.45,88.85.87.30,88.86.121.209,88.87.216.120,88.87.36.102,89.105.196.150,89.105.197.203,89.107.226.2,89.108.119.163,89.108.120.191,89.108.125.14,89.108.68.81,89.108.70.16,89.108.70.215,89.108.70.247,89.108.70.47,89.108.71.28,89.108.71.32,89.108.79.104,89.108.79.107,89.108.79.147,89.108.79.69,89.109.15.188,89.110.128.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (154)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500306; rev:2010;) alert udp [88.84.137.198,88.84.137.199,88.84.142.88,88.84.148.186,88.84.150.180,88.84.156.220,88.84.156.45,88.85.87.30,88.86.121.209,88.87.216.120,88.87.36.102,89.105.196.150,89.105.197.203,89.107.226.2,89.108.119.163,89.108.120.191,89.108.125.14,89.108.68.81,89.108.70.16,89.108.70.215,89.108.70.247,89.108.70.47,89.108.71.28,89.108.71.32,89.108.79.104,89.108.79.107,89.108.79.147,89.108.79.69,89.109.15.188,89.110.128.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (154)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500307; rev:2010;) alert tcp [89.110.132.213,89.111.103.138,89.111.184.202,89.111.184.93,89.111.185.100,89.111.185.102,89.111.185.106,89.111.185.125,89.111.185.181,89.111.185.190,89.111.185.43,89.111.185.77,89.111.189.5,89.111.189.8,89.113.247.109,89.115.178.75,89.116.50.113,89.117.4.29,89.120.99.187,89.121.248.205,89.122.154.234,89.128.183.23,89.133.17.148,89.137.242.138,89.138.4.202,89.139.96.93,89.143.128.171,89.143.69.8,89.145.96.166,89.145.97.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (155)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500308; rev:2010;) alert udp [89.110.132.213,89.111.103.138,89.111.184.202,89.111.184.93,89.111.185.100,89.111.185.102,89.111.185.106,89.111.185.125,89.111.185.181,89.111.185.190,89.111.185.43,89.111.185.77,89.111.189.5,89.111.189.8,89.113.247.109,89.115.178.75,89.116.50.113,89.117.4.29,89.120.99.187,89.121.248.205,89.122.154.234,89.128.183.23,89.133.17.148,89.137.242.138,89.138.4.202,89.139.96.93,89.143.128.171,89.143.69.8,89.145.96.166,89.145.97.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (155)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500309; rev:2010;) alert tcp [89.146.153.9,89.146.18.19,89.147.84.239,89.149.242.113,89.149.242.191,89.149.242.192,89.149.242.25,89.149.244.54,89.150.203.80,89.151.173.75,89.151.191.154,89.152.176.32,89.163.145.213,89.165.14.230,89.165.40.10,89.166.186.184,89.166.50.106,89.167.84.169,89.169.103.223,89.169.108.167,89.169.137.216,89.169.147.159,89.171.112.124,89.171.114.142,89.171.55.120,89.173.30.176,89.174.119.240,89.174.182.94,89.178.101.253,89.178.12.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (156)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500310; rev:2010;) alert udp [89.146.153.9,89.146.18.19,89.147.84.239,89.149.242.113,89.149.242.191,89.149.242.192,89.149.242.25,89.149.244.54,89.150.203.80,89.151.173.75,89.151.191.154,89.152.176.32,89.163.145.213,89.165.14.230,89.165.40.10,89.166.186.184,89.166.50.106,89.167.84.169,89.169.103.223,89.169.108.167,89.169.137.216,89.169.147.159,89.171.112.124,89.171.114.142,89.171.55.120,89.173.30.176,89.174.119.240,89.174.182.94,89.178.101.253,89.178.12.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (156)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500311; rev:2010;) alert tcp [89.178.135.131,89.178.14.204,89.178.236.223,89.178.27.43,89.18.16.68,89.18.189.170,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.185.193.116,89.185.210.155,89.185.229.22,89.185.245.160,89.186.103.148,89.187.135.26,89.187.41.6,89.188.107.42,89.19.20.2,89.19.29.60,89.19.5.196,89.19.5.234,89.19.8.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (157)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500312; rev:2010;) alert udp [89.178.135.131,89.178.14.204,89.178.236.223,89.178.27.43,89.18.16.68,89.18.189.170,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.185.193.116,89.185.210.155,89.185.229.22,89.185.245.160,89.186.103.148,89.187.135.26,89.187.41.6,89.188.107.42,89.19.20.2,89.19.29.60,89.19.5.196,89.19.5.234,89.19.8.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (157)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500313; rev:2010;) alert tcp [89.191.224.25,89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.20.140.7,89.200.169.79,89.200.171.46,89.201.210.64,89.202.203.114,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.100,89.208.146.181,89.208.146.193,89.208.155.66,89.21.55.190,89.210.180.128,89.214.76.185,89.214.88.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (158)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500314; rev:2010;) alert udp [89.191.224.25,89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.20.140.7,89.200.169.79,89.200.171.46,89.201.210.64,89.202.203.114,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.100,89.208.146.181,89.208.146.193,89.208.155.66,89.21.55.190,89.210.180.128,89.214.76.185,89.214.88.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (158)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500315; rev:2010;) alert tcp [89.214.99.96,89.216.53.66,89.216.66.206,89.216.66.94,89.216.72.25,89.218.135.53,89.218.6.246,89.221.240.169,89.221.240.183,89.223.52.194,89.231.53.175,89.235.161.242,89.235.197.18,89.235.214.180,89.238.0.106,89.238.219.250,89.239.78.232,89.240.38.7,89.244.174.91,89.244.233.46,89.245.84.130,89.246.178.22,89.246.199.43,89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (159)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500316; rev:2010;) alert udp [89.214.99.96,89.216.53.66,89.216.66.206,89.216.66.94,89.216.72.25,89.218.135.53,89.218.6.246,89.221.240.169,89.221.240.183,89.223.52.194,89.231.53.175,89.235.161.242,89.235.197.18,89.235.214.180,89.238.0.106,89.238.219.250,89.239.78.232,89.240.38.7,89.244.174.91,89.244.233.46,89.245.84.130,89.246.178.22,89.246.199.43,89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (159)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500317; rev:2010;) alert tcp [89.247.40.22,89.247.57.254,89.248.169.110,89.248.174.30,89.248.248.51,89.248.82.93,89.248.86.114,89.249.3.203,89.250.112.130,89.250.112.244,89.250.114.102,89.250.190.12,89.250.195.254,89.250.29.8,89.251.128.55,89.252.8.2,89.253.155.27,89.253.238.249,89.254.129.58,89.28.4.60,89.29.116.98,89.3.83.180,89.31.144.172,89.31.144.208,89.32.94.94,89.33.140.53,89.33.145.137,89.35.137.58,89.36.206.81,89.36.6.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (160)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500318; rev:2010;) alert udp [89.247.40.22,89.247.57.254,89.248.169.110,89.248.174.30,89.248.248.51,89.248.82.93,89.248.86.114,89.249.3.203,89.250.112.130,89.250.112.244,89.250.114.102,89.250.190.12,89.250.195.254,89.250.29.8,89.251.128.55,89.252.8.2,89.253.155.27,89.253.238.249,89.254.129.58,89.28.4.60,89.29.116.98,89.3.83.180,89.31.144.172,89.31.144.208,89.32.94.94,89.33.140.53,89.33.145.137,89.35.137.58,89.36.206.81,89.36.6.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (160)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500319; rev:2010;) alert tcp [89.36.86.188,89.37.45.230,89.39.166.1,89.40.252.3,89.42.158.187,89.42.180.137,89.42.182.64,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.164.119,89.45.3.45,89.46.122.20,89.46.128.254,89.46.198.193,89.46.98.131,89.47.214.127,89.47.238.9,89.96.212.247,89.97.198.3,89.97.217.118,89.97.22.193,89.97.249.87,89.97.5.4,90.15.224.213,90.150.233.8,90.156.145.71,90.156.158.49,90.156.159.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (161)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500320; rev:2010;) alert udp [89.36.86.188,89.37.45.230,89.39.166.1,89.40.252.3,89.42.158.187,89.42.180.137,89.42.182.64,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.164.119,89.45.3.45,89.46.122.20,89.46.128.254,89.46.198.193,89.46.98.131,89.47.214.127,89.47.238.9,89.96.212.247,89.97.198.3,89.97.217.118,89.97.22.193,89.97.249.87,89.97.5.4,90.15.224.213,90.150.233.8,90.156.145.71,90.156.158.49,90.156.159.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (161)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500321; rev:2010;) alert tcp [90.156.159.54,90.156.208.65,90.156.210.185,90.156.210.62,90.156.211.175,90.156.211.178,90.156.211.243,90.156.212.31,90.169.64.92,90.177.104.183,90.178.78.98,90.182.90.186,90.183.101.182,90.183.9.150,90.184.84.152,90.186.58.207,90.190.106.15,90.191.231.113,90.220.11.19,90.231.213.27,90.52.1.156,91.0.246.6,91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.11.67.146,91.112.85.26,91.113.148.11,91.113.24.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (162)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500322; rev:2010;) alert udp [90.156.159.54,90.156.208.65,90.156.210.185,90.156.210.62,90.156.211.175,90.156.211.178,90.156.211.243,90.156.212.31,90.169.64.92,90.177.104.183,90.178.78.98,90.182.90.186,90.183.101.182,90.183.9.150,90.184.84.152,90.186.58.207,90.190.106.15,90.191.231.113,90.220.11.19,90.231.213.27,90.52.1.156,91.0.246.6,91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.11.67.146,91.112.85.26,91.113.148.11,91.113.24.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (162)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500323; rev:2010;) alert tcp [91.113.248.154,91.113.26.222,91.115.111.242,91.117.107.226,91.117.124.26,91.12.54.167,91.12.70.189,91.12.84.193,91.121.147.142,91.121.221.90,91.121.221.94,91.121.75.81,91.121.81.192,91.121.94.24,91.121.96.212,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137,91.126.223.43,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (163)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500324; rev:2010;) alert udp [91.113.248.154,91.113.26.222,91.115.111.242,91.117.107.226,91.117.124.26,91.12.54.167,91.12.70.189,91.12.84.193,91.121.147.142,91.121.221.90,91.121.221.94,91.121.75.81,91.121.81.192,91.121.94.24,91.121.96.212,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137,91.126.223.43,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (163)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500325; rev:2010;) alert tcp [91.138.22.82,91.139.185.134,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254,91.142.242.60,91.143.105.39,91.143.222.122,91.143.63.44,91.144.96.197,91.145.5.73,91.146.161.20,91.148.91.50,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203,91.152.138.220,91.152.222.73,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (164)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500326; rev:2010;) alert udp [91.138.22.82,91.139.185.134,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254,91.142.242.60,91.143.105.39,91.143.222.122,91.143.63.44,91.144.96.197,91.145.5.73,91.146.161.20,91.148.91.50,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203,91.152.138.220,91.152.222.73,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (164)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500327; rev:2010;) alert tcp [91.154.239.93,91.154.244.162,91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45,91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.183.58.190,91.184.4.139,91.184.56.166,91.185.8.152,91.186.1.160,91.188.122.89,91.188.124.144,91.188.59.197,91.188.59.50,91.188.60.179,91.189.113.11,91.189.121.30,91.189.70.73,91.189.82.183,91.189.82.225,91.19.59.86,91.190.224.160,91.190.227.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (165)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500328; rev:2010;) alert udp [91.154.239.93,91.154.244.162,91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45,91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.183.58.190,91.184.4.139,91.184.56.166,91.185.8.152,91.186.1.160,91.188.122.89,91.188.124.144,91.188.59.197,91.188.59.50,91.188.60.179,91.189.113.11,91.189.121.30,91.189.70.73,91.189.82.183,91.189.82.225,91.19.59.86,91.190.224.160,91.190.227.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (165)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500329; rev:2010;) alert tcp [91.191.20.122,91.191.54.125,91.192.170.230,91.192.79.139,91.193.204.136,91.193.64.7,91.193.77.130,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24,91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31,91.194.0.32,91.194.0.33,91.194.0.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (166)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500330; rev:2010;) alert udp [91.191.20.122,91.191.54.125,91.192.170.230,91.192.79.139,91.193.204.136,91.193.64.7,91.193.77.130,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24,91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31,91.194.0.32,91.194.0.33,91.194.0.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (166)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500331; rev:2010;) alert tcp [91.194.0.5,91.194.177.211,91.194.60.131,91.194.75.146,91.194.75.147,91.195.214.12,91.195.60.238,91.196.107.83,91.196.115.52,91.196.53.104,91.197.129.102,91.197.129.117,91.197.129.205,91.197.129.24,91.198.105.78,91.198.106.196,91.198.127.68,91.199.198.21,91.199.4.242,91.2.179.21,91.200.41.72,91.201.253.125,91.201.52.136,91.202.161.134,91.203.132.163,91.203.170.38,91.203.216.57,91.204.161.90,91.205.173.108,91.205.188.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (167)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500332; rev:2010;) alert udp [91.194.0.5,91.194.177.211,91.194.60.131,91.194.75.146,91.194.75.147,91.195.214.12,91.195.60.238,91.196.107.83,91.196.115.52,91.196.53.104,91.197.129.102,91.197.129.117,91.197.129.205,91.197.129.24,91.198.105.78,91.198.106.196,91.198.127.68,91.199.198.21,91.199.4.242,91.2.179.21,91.200.41.72,91.201.253.125,91.201.52.136,91.202.161.134,91.203.132.163,91.203.170.38,91.203.216.57,91.204.161.90,91.205.173.108,91.205.188.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (167)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500333; rev:2010;) alert tcp [91.205.43.184,91.205.62.178,91.205.72.229,91.205.74.7,91.206.30.52,91.206.30.54,91.206.30.56,91.206.42.26,91.206.42.34,91.207.102.26,91.207.103.32,91.207.220.74,91.207.230.32,91.207.5.234,91.207.99.20,91.208.142.21,91.209.238.28,91.209.90.203,91.21.80.93,91.210.151.102,91.210.181.90,91.210.193.19,91.210.194.222,91.210.58.48,91.211.100.138,91.211.117.144,91.211.119.176,91.211.19.68,91.211.245.63,91.212.143.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (168)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500334; rev:2010;) alert udp [91.205.43.184,91.205.62.178,91.205.72.229,91.205.74.7,91.206.30.52,91.206.30.54,91.206.30.56,91.206.42.26,91.206.42.34,91.207.102.26,91.207.103.32,91.207.220.74,91.207.230.32,91.207.5.234,91.207.99.20,91.208.142.21,91.209.238.28,91.209.90.203,91.21.80.93,91.210.151.102,91.210.181.90,91.210.193.19,91.210.194.222,91.210.58.48,91.211.100.138,91.211.117.144,91.211.119.176,91.211.19.68,91.211.245.63,91.212.143.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (168)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500335; rev:2010;) alert tcp [91.212.198.173,91.212.213.3,91.212.219.136,91.212.220.30,91.212.41.14,91.213.117.195,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.214.168.176,91.214.168.67,91.214.45.188,91.215.218.38,91.215.243.162,91.216.141.144,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80,91.218.228.15,91.218.38.161,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (169)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500336; rev:2010;) alert udp [91.212.198.173,91.212.213.3,91.212.219.136,91.212.220.30,91.212.41.14,91.213.117.195,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.214.168.176,91.214.168.67,91.214.45.188,91.215.218.38,91.215.243.162,91.216.141.144,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80,91.218.228.15,91.218.38.161,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (169)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500337; rev:2010;) alert tcp [91.3.110.104,91.33.236.34,91.33.77.248,91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164,91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202,91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (170)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500338; rev:2010;) alert udp [91.3.110.104,91.33.236.34,91.33.77.248,91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164,91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202,91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (170)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500339; rev:2010;) alert tcp [91.39.157.201,91.39.165.96,91.39.166.90,91.39.19.100,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138,91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246,91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (171)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500340; rev:2010;) alert udp [91.39.157.201,91.39.165.96,91.39.166.90,91.39.19.100,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138,91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246,91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (171)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500341; rev:2010;) alert tcp [91.62.127.134,91.62.80.76,91.62.84.139,91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.75.175.88,91.82.251.7,91.83.14.177,91.83.156.191,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.9.189.147,91.9.190.121,91.9.201.200,91.9.228.204,91.90.51.6,91.91.206.40,91.91.206.77,91.95.222.47,91.99.98.150] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (172)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500342; rev:2010;) alert udp [91.62.127.134,91.62.80.76,91.62.84.139,91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.75.175.88,91.82.251.7,91.83.14.177,91.83.156.191,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.9.189.147,91.9.190.121,91.9.201.200,91.9.228.204,91.90.51.6,91.91.206.40,91.91.206.77,91.95.222.47,91.99.98.150] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (172)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500343; rev:2010;) alert tcp [92.103.187.108,92.104.186.251,92.126.140.138,92.128.94.192,92.198.14.157,92.224.136.204,92.240.234.34,92.240.68.153,92.241.190.191,92.241.190.211,92.242.223.210,92.243.113.90,92.243.26.100,92.243.4.63,92.243.5.22,92.243.5.253,92.243.6.25,92.243.75.90,92.243.78.110,92.243.8.203,92.243.84.123,92.243.84.17,92.243.84.22,92.243.84.44,92.243.84.82,92.245.96.228,92.247.13.254,92.249.212.38,92.36.17.13,92.36.181.165] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (173)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500344; rev:2010;) alert udp [92.103.187.108,92.104.186.251,92.126.140.138,92.128.94.192,92.198.14.157,92.224.136.204,92.240.234.34,92.240.68.153,92.241.190.191,92.241.190.211,92.242.223.210,92.243.113.90,92.243.26.100,92.243.4.63,92.243.5.22,92.243.5.253,92.243.6.25,92.243.75.90,92.243.78.110,92.243.8.203,92.243.84.123,92.243.84.17,92.243.84.22,92.243.84.44,92.243.84.82,92.245.96.228,92.247.13.254,92.249.212.38,92.36.17.13,92.36.181.165] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (173)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500345; rev:2010;) alert tcp [92.36.80.91,92.37.241.58,92.38.229.94,92.38.233.26,92.42.250.227,92.46.135.121,92.46.212.223,92.46.98.61,92.47.14.11,92.47.20.115,92.48.101.35,92.48.121.7,92.51.132.242,92.51.133.31,92.51.146.72,92.51.147.164,92.51.155.111,92.51.155.36,92.51.155.44,92.51.157.84,92.53.106.14,92.55.72.3,92.60.114.117,92.60.176.41,92.60.177.241,92.61.149.248,92.61.33.178,92.61.36.103,92.61.37.188,92.63.103.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (174)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500346; rev:2010;) alert udp [92.36.80.91,92.37.241.58,92.38.229.94,92.38.233.26,92.42.250.227,92.46.135.121,92.46.212.223,92.46.98.61,92.47.14.11,92.47.20.115,92.48.101.35,92.48.121.7,92.51.132.242,92.51.133.31,92.51.146.72,92.51.147.164,92.51.155.111,92.51.155.36,92.51.155.44,92.51.157.84,92.53.106.14,92.55.72.3,92.60.114.117,92.60.176.41,92.60.177.241,92.61.149.248,92.61.33.178,92.61.36.103,92.61.37.188,92.63.103.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (174)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500347; rev:2010;) alert tcp [92.63.104.27,92.63.106.184,92.66.90.226,92.74.19.115,92.85.147.249,93.100.105.183,93.114.41.54,93.124.82.232,93.138.35.48,93.139.0.32,93.148.18.126,93.153.189.85,93.155.164.63,93.160.56.156,93.167.196.59,93.17.197.44,93.183.203.38,93.184.6.67,93.184.66.202,93.184.66.209,93.184.69.222,93.184.78.10,93.186.104.46,93.186.126.179,93.186.126.250,93.186.126.43,93.186.176.81,93.186.177.95,93.186.192.131,93.186.201.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (175)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500348; rev:2010;) alert udp [92.63.104.27,92.63.106.184,92.66.90.226,92.74.19.115,92.85.147.249,93.100.105.183,93.114.41.54,93.124.82.232,93.138.35.48,93.139.0.32,93.148.18.126,93.153.189.85,93.155.164.63,93.160.56.156,93.167.196.59,93.17.197.44,93.183.203.38,93.184.6.67,93.184.66.202,93.184.66.209,93.184.69.222,93.184.78.10,93.186.104.46,93.186.126.179,93.186.126.250,93.186.126.43,93.186.176.81,93.186.177.95,93.186.192.131,93.186.201.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (175)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500349; rev:2010;) alert tcp [93.186.60.230,93.187.141.43,93.187.168.35,93.187.168.57,93.41.63.189,93.63.56.95,93.80.7.87,93.84.112.229,93.86.62.147,93.89.10.142,93.89.208.162,93.90.183.162,93.91.156.1,93.91.168.202,93.94.228.181,93.95.100.87,93.97.20.155,93.97.52.166,94.101.180.3,94.101.44.1,94.102.1.218,94.102.11.236,94.102.13.83,94.102.14.50,94.102.14.74,94.102.15.235,94.102.208.254,94.102.208.59,94.102.209.244,94.102.210.187] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (176)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500350; rev:2010;) alert udp [93.186.60.230,93.187.141.43,93.187.168.35,93.187.168.57,93.41.63.189,93.63.56.95,93.80.7.87,93.84.112.229,93.86.62.147,93.89.10.142,93.89.208.162,93.90.183.162,93.91.156.1,93.91.168.202,93.94.228.181,93.95.100.87,93.97.20.155,93.97.52.166,94.101.180.3,94.101.44.1,94.102.1.218,94.102.11.236,94.102.13.83,94.102.14.50,94.102.14.74,94.102.15.235,94.102.208.254,94.102.208.59,94.102.209.244,94.102.210.187] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (176)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500351; rev:2010;) alert tcp [94.102.210.221,94.102.210.65,94.102.211.101,94.102.211.127,94.102.211.195,94.102.211.99,94.102.212.110,94.102.212.195,94.102.212.220,94.102.212.221,94.102.212.226,94.102.212.236,94.102.212.25,94.102.212.58,94.102.212.72,94.102.212.8,94.102.212.93,94.102.49.76,94.102.52.47,94.102.6.219,94.102.63.12,94.102.7.154,94.111.33.242,94.111.43.146,94.112.244.34,94.125.244.152,94.125.49.82,94.125.50.219,94.126.18.216,94.126.40.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (177)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500352; rev:2010;) alert udp [94.102.210.221,94.102.210.65,94.102.211.101,94.102.211.127,94.102.211.195,94.102.211.99,94.102.212.110,94.102.212.195,94.102.212.220,94.102.212.221,94.102.212.226,94.102.212.236,94.102.212.25,94.102.212.58,94.102.212.72,94.102.212.8,94.102.212.93,94.102.49.76,94.102.52.47,94.102.6.219,94.102.63.12,94.102.7.154,94.111.33.242,94.111.43.146,94.112.244.34,94.125.244.152,94.125.49.82,94.125.50.219,94.126.18.216,94.126.40.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (177)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500353; rev:2010;) alert tcp [94.127.67.103,94.127.68.70,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.36.89,94.137.188.138,94.137.27.33,94.137.42.5,94.137.48.197,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.139.63.202,94.141.144.240,94.141.149.89,94.141.29.103,94.142.233.72,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1,94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (178)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500354; rev:2010;) alert udp [94.127.67.103,94.127.68.70,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.36.89,94.137.188.138,94.137.27.33,94.137.42.5,94.137.48.197,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.139.63.202,94.141.144.240,94.141.149.89,94.141.29.103,94.142.233.72,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1,94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (178)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500355; rev:2010;) alert tcp [94.153.181.216,94.153.183.251,94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.178.109.7,94.178.252.233,94.179.45.214,94.180.69.139,94.180.78.251,94.181.12.143,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82,94.197.194.33,94.197.226.58,94.197.23.2,94.197.247.133,94.198.81.140,94.198.99.64,94.209.45.46,94.21.14.23,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (179)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500356; rev:2010;) alert udp [94.153.181.216,94.153.183.251,94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.178.109.7,94.178.252.233,94.179.45.214,94.180.69.139,94.180.78.251,94.181.12.143,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82,94.197.194.33,94.197.226.58,94.197.23.2,94.197.247.133,94.198.81.140,94.198.99.64,94.209.45.46,94.21.14.23,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (179)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500357; rev:2010;) alert tcp [94.219.65.123,94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.48.66,94.222.166.57,94.222.216.118,94.228.210.218,94.228.212.200,94.228.215.225,94.229.35.150,94.229.36.234,94.229.85.89,94.229.93.163,94.230.17.242,94.230.37.0,94.230.38.189,94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.237.121.102,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (180)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500358; rev:2010;) alert udp [94.219.65.123,94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.48.66,94.222.166.57,94.222.216.118,94.228.210.218,94.228.212.200,94.228.215.225,94.229.35.150,94.229.36.234,94.229.85.89,94.229.93.163,94.230.17.242,94.230.37.0,94.230.38.189,94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.237.121.102,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (180)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500359; rev:2010;) alert tcp [94.243.91.249,94.243.92.120,94.243.99.213,94.244.1.12,94.245.201.81,94.245.233.45,94.245.240.130,94.246.211.166,94.248.145.119,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.26.2.18,94.28.82.90,94.30.220.31,94.32.68.12,94.33.10.97,94.40.11.195,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.51.137.177,94.52.219.53,94.52.221.11,94.53.12.138,94.54.1.36,94.55.5.232,94.59.120.99] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (181)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500360; rev:2010;) alert udp [94.243.91.249,94.243.92.120,94.243.99.213,94.244.1.12,94.245.201.81,94.245.233.45,94.245.240.130,94.246.211.166,94.248.145.119,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.26.2.18,94.28.82.90,94.30.220.31,94.32.68.12,94.33.10.97,94.40.11.195,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.51.137.177,94.52.219.53,94.52.221.11,94.53.12.138,94.54.1.36,94.55.5.232,94.59.120.99] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (181)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500361; rev:2010;) alert tcp [94.66.208.108,94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84,94.73.48.201,94.73.9.218,94.74.248.8,94.75.207.115,94.75.209.167,94.75.210.40,94.75.213.129,94.75.213.156,94.75.229.207,94.75.229.230,94.75.242.71,94.76.107.120,94.76.204.102,94.76.204.199,94.76.206.30,94.76.250.85,94.80.140.91,94.80.41.174,94.85.20.50,94.85.213.34,95.0.180.25,95.0.85.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (182)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500362; rev:2010;) alert udp [94.66.208.108,94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84,94.73.48.201,94.73.9.218,94.74.248.8,94.75.207.115,94.75.209.167,94.75.210.40,94.75.213.129,94.75.213.156,94.75.229.207,94.75.229.230,94.75.242.71,94.76.107.120,94.76.204.102,94.76.204.199,94.76.206.30,94.76.250.85,94.80.140.91,94.80.41.174,94.85.20.50,94.85.213.34,95.0.180.25,95.0.85.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (182)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500363; rev:2010;) alert tcp [95.105.180.109,95.110.224.230,95.128.245.35,95.130.12.64,95.131.89.114,95.132.35.241,95.141.226.37,95.146.116.219,95.154.113.9,95.154.229.217,95.156.192.31,95.156.202.120,95.156.202.92,95.168.177.103,95.169.190.139,95.169.190.235,95.170.221.13,95.170.64.177,95.176.158.244,95.211.0.93,95.211.113.247,95.211.118.150,95.211.118.153,95.211.129.181,95.211.129.43,95.211.129.96,95.211.130.79,95.211.19.162,95.211.52.140,95.211.85.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (183)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500364; rev:2010;) alert udp [95.105.180.109,95.110.224.230,95.128.245.35,95.130.12.64,95.131.89.114,95.132.35.241,95.141.226.37,95.146.116.219,95.154.113.9,95.154.229.217,95.156.192.31,95.156.202.120,95.156.202.92,95.168.177.103,95.169.190.139,95.169.190.235,95.170.221.13,95.170.64.177,95.176.158.244,95.211.0.93,95.211.113.247,95.211.118.150,95.211.118.153,95.211.129.181,95.211.129.43,95.211.129.96,95.211.130.79,95.211.19.162,95.211.52.140,95.211.85.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (183)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500365; rev:2010;) alert tcp [95.211.87.202,95.211.98.147,95.211.99.137,95.215.1.6,95.215.36.5,95.215.68.18,95.244.235.24,95.26.36.246,95.27.34.195,95.29.90.61,95.48.193.98,95.48.25.90,95.52.181.38,95.56.158.69,95.56.230.22,95.56.239.66,95.57.251.209,95.58.122.98,95.59.47.131,95.62.147.8,95.65.92.173,95.67.192.47,95.74.64.182,95.83.3.17,95.87.254.146,95.88.20.8,95.90.78.66,95.95.168.49,95.95.32.160,96.237.178.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (184)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500366; rev:2010;) alert udp [95.211.87.202,95.211.98.147,95.211.99.137,95.215.1.6,95.215.36.5,95.215.68.18,95.244.235.24,95.26.36.246,95.27.34.195,95.29.90.61,95.48.193.98,95.48.25.90,95.52.181.38,95.56.158.69,95.56.230.22,95.56.239.66,95.57.251.209,95.58.122.98,95.59.47.131,95.62.147.8,95.65.92.173,95.67.192.47,95.74.64.182,95.83.3.17,95.87.254.146,95.88.20.8,95.90.78.66,95.95.168.49,95.95.32.160,96.237.178.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (184)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500367; rev:2010;) alert tcp [96.4.191.21,96.48.38.230,96.57.192.253,96.57.252.11,96.9.186.245,97.100.186.88,97.107.134.58,97.107.135.103,97.107.141.136,97.67.249.162,97.79.131.69,98.124.198.1,98.124.92.182,98.126.77.227,98.129.178.9,98.141.177.115,98.143.145.40,98.144.99.157,98.172.116.2,98.197.179.69,98.247.187.116,98.30.253.72,99.140.221.21,99.142.5.35,99.156.194.15,99.159.118.10,99.16.175.96,99.192.163.112,99.192.163.113,99.192.163.114] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (185)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500368; rev:2010;) alert udp [96.4.191.21,96.48.38.230,96.57.192.253,96.57.252.11,96.9.186.245,97.100.186.88,97.107.134.58,97.107.135.103,97.107.141.136,97.67.249.162,97.79.131.69,98.124.198.1,98.124.92.182,98.126.77.227,98.129.178.9,98.141.177.115,98.143.145.40,98.144.99.157,98.172.116.2,98.197.179.69,98.247.187.116,98.30.253.72,99.140.221.21,99.142.5.35,99.156.194.15,99.159.118.10,99.16.175.96,99.192.163.112,99.192.163.113,99.192.163.114] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (185)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500369; rev:2010;)