#
# $Id: emerging-drop.rules $
# Emerging Threats Spamhaus DROP List rules.
#
# Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2010, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 1846


#  Generated 2010-03-15 00:03:00 EDT

alert tcp [128.168.0.0/16,128.199.0.0/16,132.232.0.0/16,132.240.0.0/16,134.33.0.0/16,138.252.0.0/16,138.43.0.0/16,139.167.0.0/16,140.170.0.0/16,143.135.0.0/16,143.49.0.0/16,148.178.0.0/16,148.248.0.0/16,150.141.0.0/16,150.230.0.0/16,152.147.0.0/16,167.28.0.0/16,167.97.0.0/16,168.151.0.0/16,170.67.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401000; rev:1846; fwsam: src, 30 days;)
alert tcp [188.210.240.0/20,188.211.28.0/23,188.240.0.0/20,188.241.192.0/20,188.241.194.0/23,188.241.200.0/23,188.241.202.0/23,188.241.204.0/23,190.112.0.0/19,192.160.44.0/24,192.223.64.0/18,192.26.25.0/24,192.31.212.0/23,192.43.153.0/24,192.43.154.0/23,192.43.156.0/22,192.43.160.0/24,192.43.175.0/24,192.43.176.0/21,192.43.184.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401001; rev:1846; fwsam: src, 30 days;)
alert tcp [193.104.153.0/24,193.104.176.0/24,193.104.22.0/24,193.104.27.0/24,193.104.41.0/24,193.104.94.0/24,193.105.0.0/24,193.105.141.0/24,193.110.136.0/24,193.138.172.0/22,193.142.244.0/24,193.16.100.0/24,193.169.250.0/23,193.238.36.0/22,193.27.246.0/23,194.110.160.0/22,194.116.146.0/23,194.126.193.0/24,194.143.130.0/23,194.146.204.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401002; rev:1846; fwsam: src, 30 days;)
alert tcp [195.238.242.0/24,195.5.168.0/24,195.74.88.0/23,195.78.122.0/23,195.88.190.0/23,195.88.226.0/23,195.88.32.0/23,195.93.184.0/23,195.93.208.0/23,195.95.151.0/24,195.95.155.0/24,195.95.161.0/24,196.1.176.0/20,196.32.216.0/21,198.151.152.0/22,198.186.16.0/20,198.186.25.0/24,198.204.0.0/21,199.120.163.0/24,199.166.200.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401003; rev:1846; fwsam: src, 30 days;)
alert tcp [200.123.224.0/20,200.124.160.0/21,200.22.0.0/16,200.50.192.0/19,201.158.96.0/21,201.71.0.0/20,203.19.101.0/24,203.31.88.0/23,203.34.205.0/24,203.34.70.0/23,203.34.71.0/24,204.13.32.0/21,204.236.0.0/19,204.52.255.0/24,204.89.224.0/24,205.210.137.0/24,205.235.64.0/20,205.236.189.0/24,206.197.175.0/24,206.197.176.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401004; rev:1846; fwsam: src, 30 days;)
alert tcp [208.82.136.0/21,208.84.96.0/21,208.87.152.0/21,208.90.0.0/21,209.165.224.0/20,209.213.48.0/20,213.109.176.0/20,213.109.208.0/20,213.109.96.0/22,216.243.240.0/20,41.221.112.0/20,58.83.12.0/22,58.83.8.0/22,62.122.32.0/21,62.182.152.0/21,64.15.0.0/20,64.28.176.0/20,66.206.32.0/22,67.210.0.0/20,67.211.208.0/20] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401005; rev:1846; fwsam: src, 30 days;)
alert tcp [72.50.192.0/19,78.155.220.0/23,78.157.128.0/19,78.31.184.0/21,79.110.16.0/20,79.110.160.0/20,79.110.176.0/20,79.110.48.0/20,85.202.192.0/20,85.255.112.0/20,86.105.230.0/24,88.135.64.0/20,88.135.64.0/21,88.214.211.0/24,89.35.0.0/23,91.196.232.0/22,91.199.112.0/24,91.200.164.0/22,91.200.248.0/22,91.201.124.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401006; rev:1846; fwsam: src, 30 days;)
alert tcp [91.208.0.0/24,91.208.162.0/24,91.208.228.0/24,91.209.14.0/24,91.209.183.0/24,91.209.184.0/24,91.209.186.0/24,91.209.48.0/24,91.209.58.0/24,91.210.172.0/22,91.211.224.0/22,91.211.64.0/22,91.211.88.0/22,91.212.107.0/24,91.212.123.0/24,91.212.132.0/24,91.212.163.0/24,91.212.201.0/24,91.212.220.0/24,91.212.45.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401007; rev:1846; fwsam: src, 30 days;)
alert tcp [91.213.33.0/24,91.213.72.0/24,91.213.75.0/24,91.213.93.0/24,91.213.94.0/24,93.118.0.0/20,93.118.128.0/18,93.118.96.0/20,93.120.32.0/19,93.168.18.0/23,93.168.20.0/23,93.168.22.0/23,93.168.24.0/23,93.175.240.0/20,93.188.160.0/21,94.130.0.0/15,94.154.0.0/18,94.154.128.0/18,94.154.64.0/18,94.158.240.0/20] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401008; rev:1846; fwsam: src, 30 days;)
alert tcp [94.176.176.0/20,94.232.248.0/21,94.48.0.0/18,95.129.144.0/23,95.129.146.0/24,95.177.128.0/18,95.215.192.0/22,95.216.0.0/15] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2401009; rev:1846; fwsam: src, 30 days;)