#
# $Id: emerging-bro-drop.rules $
#
# Emerging Threats BRO Spamhaus DROP List rules.
#
# Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2008, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 1215


#  Generated 2008-07-01 11:51:36 EDT

signature sid-2400000 {
	ip-proto == ip
	src-ip == local_nets
	dst-ip == 116.50.8.0/21,128.199.0.0/16,132.232.0.0/16,134.175.0.0/16,134.33.0.0/16,138.252.0.0/16,139.167.0.0/16,141.193.0.0/16,143.49.0.0/16,148.51.0.0/16,148.7.0.0/16,149.47.0.0/16,152.147.0.0/16,167.97.0.0/16,170.26.0.0/16,170.67.0.0/16,192.160.44.0/24,192.67.16.0/24,193.110.136.0/24,193.142.244.0/24,193.16.100.0/24,193.19.120.0/23,193.200.29.0/24,193.238.36.0/22,193.33.128.0/23,193.93.236.0/22,194.110.69.0/24,194.116.146.0/23,194.126.193.0/24,194.146.204.0/22
	event "ET Spamhaus DROP Listed Traffic"
}

signature sid-2400001 {
	ip-proto == ip
	src-ip == local_nets
	dst-ip == 195.114.16.0/23,195.114.8.0/23,195.225.176.0/22,195.234.159.0/24,195.238.242.0/24,195.64.162.0/23,195.74.88.0/23,195.95.161.0/24,198.151.152.0/22,198.186.16.0/20,198.186.25.0/24,198.204.0.0/21,199.120.163.0/24,199.166.200.0/22,199.245.138.0/24,199.60.102.0/24,200.108.160.0/20,200.124.64.0/20,201.158.96.0/21,201.71.0.0/20,203.19.101.0/24,203.31.88.0/23,203.33.120.0/24,203.34.205.0/24,203.34.70.0/23,203.34.71.0/24,204.13.32.0/21,204.14.24.0/21,204.153.248.0/21,204.236.0.0/19
	event "ET Spamhaus DROP Listed Traffic"
}

signature sid-2400002 {
	ip-proto == ip
	src-ip == local_nets
	dst-ip == 204.52.255.0/24,204.89.224.0/24,205.210.137.0/24,205.235.64.0/20,205.236.189.0/24,206.197.175.0/24,206.197.176.0/24,206.197.177.0/24,206.197.28.0/24,206.197.29.0/24,208.64.44.0/22,208.76.48.0/21,208.77.224.0/21,208.81.136.0/21,208.87.152.0/21,209.165.224.0/20,209.205.192.0/19,209.205.224.0/20,209.213.48.0/20,216.188.128.0/19,216.243.240.0/20,216.255.176.0/20,58.65.232.0/21,58.83.12.0/22,64.255.128.0/19,64.28.176.0/20,67.213.128.0/20,69.42.160.0/20,69.50.160.0/19,69.8.176.0/20
	event "ET Spamhaus DROP Listed Traffic"
}

signature sid-2400003 {
	ip-proto == ip
	src-ip == local_nets
	dst-ip == 72.2.176.0/20,78.108.176.0/20,78.95.128.0/20,79.142.144.0/21,79.142.152.0/21,81.17.16.0/20,81.29.240.0/20,81.95.144.0/20,83.223.224.0/19,83.223.240.0/22,85.255.112.0/20,86.105.230.0/24,86.111.128.0/19,86.59.128.0/17,86.59.160.0/19,88.206.0.0/17,88.206.64.0/20,88.206.8.0/21,88.206.80.0/20,89.145.128.0/20,89.187.192.0/19,89.187.48.0/24,89.208.122.0/23,89.233.64.0/18,89.35.0.0/23,91.146.112.0/20,91.146.64.0/18,91.193.152.0/22,91.193.192.0/22,91.193.216.0/22
	event "ET Spamhaus DROP Listed Traffic"
}

signature sid-2400004 {
	ip-proto == ip
	src-ip == local_nets
	dst-ip == 91.193.40.0/22,91.193.88.0/22,91.194.140.0/23,91.195.116.0/23,91.196.216.0/22,91.196.232.0/22,91.198.71.0/24,91.200.124.0/22,91.200.132.0/22,91.200.164.0/22,91.200.176.0/22,91.200.56.0/22,91.200.72.0/22,93.188.160.0/24
	event "ET Spamhaus DROP Listed Traffic"
}