#
# $Id: emerging-compromised.rules
# Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources
#
#Sources include:
#
#  Daniel Gerzo's BruteForceBlocker
#  http://danger.rulez.sk/projects/bruteforceblocker/
#
#  Abuse.ch's Zeus Tracker (aka WNSPoem, etc)
#  https://zeustracker.abuse.ch/faq.php
#
#  The CZ Honeynet Project
#  http://www.honeynet.cz
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2010, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 2003

#  Generated 2010-09-02 00:03:02 EDT

alert tcp [109.120.1.31,109.123.91.67,109.123.95.174,109.169.200.233,109.169.218.193,109.169.56.3,109.184.115.42,109.189.97.55,109.195.109.9,109.195.64.250,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.200.105.2,109.207.1.133,109.70.26.36,109.72.241.22,109.74.139.148,109.74.3.219,109.86.194.103,110.133.119.39,110.137.70.196,110.15.0.74,110.162.97.181,110.172.174.50,110.2.183.129,110.45.138.146,110.45.144.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (1)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510000; rev:2003; fwsam: src, 24 hours;)
alert udp [109.120.1.31,109.123.91.67,109.123.95.174,109.169.200.233,109.169.218.193,109.169.56.3,109.184.115.42,109.189.97.55,109.195.109.9,109.195.64.250,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.200.105.2,109.207.1.133,109.70.26.36,109.72.241.22,109.74.139.148,109.74.3.219,109.86.194.103,110.133.119.39,110.137.70.196,110.15.0.74,110.162.97.181,110.172.174.50,110.2.183.129,110.45.138.146,110.45.144.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (1)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510001; rev:2003; fwsam: src, 24 hours;)
alert tcp [110.45.146.31,110.52.11.52,110.67.62.187,110.77.129.165,110.77.129.166,111.1.8.105,111.119.170.183,111.119.203.14,111.119.231.90,111.125.224.128,111.125.242.29,111.171.205.176,111.177.111.82,111.252.3.236,111.67.203.114,111.67.205.118,112.104.116.155,112.137.141.10,112.137.147.186,112.137.162.138,112.140.176.129,112.166.159.215,112.172.129.87,112.175.141.21,112.175.232.155,112.175.242.101,112.200.215.98,112.201.181.195,112.202.42.39,112.202.73.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (2)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510002; rev:2003; fwsam: src, 24 hours;)
alert udp [110.45.146.31,110.52.11.52,110.67.62.187,110.77.129.165,110.77.129.166,111.1.8.105,111.119.170.183,111.119.203.14,111.119.231.90,111.125.224.128,111.125.242.29,111.171.205.176,111.177.111.82,111.252.3.236,111.67.203.114,111.67.205.118,112.104.116.155,112.137.141.10,112.137.147.186,112.137.162.138,112.140.176.129,112.166.159.215,112.172.129.87,112.175.141.21,112.175.232.155,112.175.242.101,112.200.215.98,112.201.181.195,112.202.42.39,112.202.73.132] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (2)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510003; rev:2003; fwsam: src, 24 hours;)
alert tcp [112.213.87.159,112.216.151.10,112.216.161.138,112.216.62.85,112.216.72.125,112.68.55.251,112.70.17.91,112.76.116.249,112.76.33.11,112.78.113.167,112.78.114.165,112.78.114.91,112.78.115.228,112.78.116.185,112.78.116.26,112.78.124.135,112.78.124.23,112.78.124.60,112.78.127.210,112.78.127.217,112.78.127.245,112.78.127.30,112.78.192.248,112.78.193.156,112.78.196.15,112.78.196.52,112.78.196.53,112.78.198.113,112.78.198.121,112.78.198.157] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (3)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510004; rev:2003; fwsam: src, 24 hours;)
alert udp [112.213.87.159,112.216.151.10,112.216.161.138,112.216.62.85,112.216.72.125,112.68.55.251,112.70.17.91,112.76.116.249,112.76.33.11,112.78.113.167,112.78.114.165,112.78.114.91,112.78.115.228,112.78.116.185,112.78.116.26,112.78.124.135,112.78.124.23,112.78.124.60,112.78.127.210,112.78.127.217,112.78.127.245,112.78.127.30,112.78.192.248,112.78.193.156,112.78.196.15,112.78.196.52,112.78.196.53,112.78.198.113,112.78.198.121,112.78.198.157] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (3)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510005; rev:2003; fwsam: src, 24 hours;)
alert tcp [112.78.198.169,112.78.198.19,112.78.198.191,112.78.198.72,112.78.198.74,112.78.43.98,112.78.6.210,112.90.146.2,112.95.144.231,113.105.128.148,113.105.169.131,113.105.8.171,113.106.197.134,113.106.99.202,113.108.108.82,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.11.194.251,113.130.85.35,113.14.147.234,113.192.11.195,113.193.5.100,113.193.5.140,113.193.5.70,113.193.71.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (4)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510006; rev:2003; fwsam: src, 24 hours;)
alert udp [112.78.198.169,112.78.198.19,112.78.198.191,112.78.198.72,112.78.198.74,112.78.43.98,112.78.6.210,112.90.146.2,112.95.144.231,113.105.128.148,113.105.169.131,113.105.8.171,113.106.197.134,113.106.99.202,113.108.108.82,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.11.194.251,113.130.85.35,113.14.147.234,113.192.11.195,113.193.5.100,113.193.5.140,113.193.5.70,113.193.71.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (4)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510007; rev:2003; fwsam: src, 24 hours;)
alert tcp [113.20.4.249,113.20.5.49,113.23.128.24,113.237.78.44,113.252.10.56,113.31.18.14,113.32.105.102,113.32.164.153,113.33.180.100,113.35.127.109,113.35.83.197,113.53.235.91,113.53.91.11,113.59.254.6,113.6.252.48,113.61.226.1,114.108.150.136,114.108.150.144,114.108.150.83,114.108.151.12,114.108.177.48,114.111.164.248,114.112.178.25,114.112.188.44,114.127.246.36,114.130.136.59,114.130.35.117,114.130.8.135,114.135.11.187,114.141.193.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (5)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510008; rev:2003; fwsam: src, 24 hours;)
alert udp [113.20.4.249,113.20.5.49,113.23.128.24,113.237.78.44,113.252.10.56,113.31.18.14,113.32.105.102,113.32.164.153,113.33.180.100,113.35.127.109,113.35.83.197,113.53.235.91,113.53.91.11,113.59.254.6,113.6.252.48,113.61.226.1,114.108.150.136,114.108.150.144,114.108.150.83,114.108.151.12,114.108.177.48,114.111.164.248,114.112.178.25,114.112.188.44,114.127.246.36,114.130.136.59,114.130.35.117,114.130.8.135,114.135.11.187,114.141.193.164] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (5)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510009; rev:2003; fwsam: src, 24 hours;)
alert tcp [114.149.21.44,114.150.207.67,114.159.21.64,114.180.251.94,114.181.164.20,114.181.239.177,114.185.23.104,114.198.145.155,114.200.198.148,114.200.198.152,114.200.199.26,114.201.142.130,114.202.247.105,114.203.87.20,114.203.87.28,114.207.112.150,114.207.112.16,114.207.112.37,114.207.113.141,114.207.113.181,114.207.244.146,114.207.245.162,114.207.245.243,114.207.245.84,114.207.245.86,114.207.245.88,114.25.180.87,114.251.16.20,114.31.50.10,114.31.59.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (6)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510010; rev:2003; fwsam: src, 24 hours;)
alert udp [114.149.21.44,114.150.207.67,114.159.21.64,114.180.251.94,114.181.164.20,114.181.239.177,114.185.23.104,114.198.145.155,114.200.198.148,114.200.198.152,114.200.199.26,114.201.142.130,114.202.247.105,114.203.87.20,114.203.87.28,114.207.112.150,114.207.112.16,114.207.112.37,114.207.113.141,114.207.113.181,114.207.244.146,114.207.245.162,114.207.245.243,114.207.245.84,114.207.245.86,114.207.245.88,114.25.180.87,114.251.16.20,114.31.50.10,114.31.59.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (6)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510011; rev:2003; fwsam: src, 24 hours;)
alert tcp [114.32.12.42,114.32.147.164,114.32.208.151,114.32.23.10,114.33.199.48,114.33.213.42,114.33.246.252,114.33.53.25,114.33.74.87,114.33.79.25,114.41.235.224,114.42.195.85,114.44.177.179,114.46.56.112,114.48.241.22,114.56.230.83,114.70.9.15,114.80.105.5,114.80.129.136,114.80.94.183,114.80.96.181,114.80.96.92,114.80.97.69,115.113.135.102,115.113.149.83,115.113.182.131,115.113.214.228,115.115.37.36,115.118.251.163,115.118.26.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (7)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510012; rev:2003; fwsam: src, 24 hours;)
alert udp [114.32.12.42,114.32.147.164,114.32.208.151,114.32.23.10,114.33.199.48,114.33.213.42,114.33.246.252,114.33.53.25,114.33.74.87,114.33.79.25,114.41.235.224,114.42.195.85,114.44.177.179,114.46.56.112,114.48.241.22,114.56.230.83,114.70.9.15,114.80.105.5,114.80.129.136,114.80.94.183,114.80.96.181,114.80.96.92,114.80.97.69,115.113.135.102,115.113.149.83,115.113.182.131,115.113.214.228,115.115.37.36,115.118.251.163,115.118.26.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (7)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510013; rev:2003; fwsam: src, 24 hours;)
alert tcp [115.124.164.227,115.133.13.76,115.135.138.30,115.146.17.125,115.146.18.31,115.146.20.254,115.146.21.160,115.160.128.14,115.163.155.104,115.165.163.51,115.165.177.113,115.165.177.114,115.165.177.38,115.165.177.39,115.165.177.41,115.165.178.144,115.165.178.145,115.165.178.81,115.166.131.202,115.168.66.166,115.178.61.179,115.178.62.27,115.178.73.24,115.186.115.108,115.238.54.117,115.240.8.133,115.240.84.246,115.248.49.217,115.30.133.204,115.30.144.47] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (8)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510014; rev:2003; fwsam: src, 24 hours;)
alert udp [115.124.164.227,115.133.13.76,115.135.138.30,115.146.17.125,115.146.18.31,115.146.20.254,115.146.21.160,115.160.128.14,115.163.155.104,115.165.163.51,115.165.177.113,115.165.177.114,115.165.177.38,115.165.177.39,115.165.177.41,115.165.178.144,115.165.178.145,115.165.178.81,115.166.131.202,115.168.66.166,115.178.61.179,115.178.62.27,115.178.73.24,115.186.115.108,115.238.54.117,115.240.8.133,115.240.84.246,115.248.49.217,115.30.133.204,115.30.144.47] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (8)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510015; rev:2003; fwsam: src, 24 hours;)
alert tcp [115.30.194.145,115.30.199.252,115.31.136.250,115.31.143.125,115.31.165.187,115.37.247.54,115.41.218.21,115.41.218.48,115.68.58.227,115.69.209.59,115.89.138.194,115.93.50.163,116.0.2.5,116.10.195.4,116.12.209.99,116.120.57.216,116.122.158.201,116.122.158.207,116.124.128.175,116.124.128.239,116.124.190.71,116.125.126.101,116.125.126.12,116.125.126.30,116.125.126.40,116.126.87.172,116.127.121.148,116.127.121.200,116.212.100.13,116.214.25.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (9)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510016; rev:2003; fwsam: src, 24 hours;)
alert udp [115.30.194.145,115.30.199.252,115.31.136.250,115.31.143.125,115.31.165.187,115.37.247.54,115.41.218.21,115.41.218.48,115.68.58.227,115.69.209.59,115.89.138.194,115.93.50.163,116.0.2.5,116.10.195.4,116.12.209.99,116.120.57.216,116.122.158.201,116.122.158.207,116.124.128.175,116.124.128.239,116.124.190.71,116.125.126.101,116.125.126.12,116.125.126.30,116.125.126.40,116.126.87.172,116.127.121.148,116.127.121.200,116.212.100.13,116.214.25.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (9)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510017; rev:2003; fwsam: src, 24 hours;)
alert tcp [116.214.26.145,116.224.82.90,116.228.212.38,116.228.67.200,116.236.224.82,116.254.79.58,116.255.154.56,116.255.159.159,116.28.64.158,116.28.64.168,116.48.137.141,116.55.226.131,116.58.176.241,116.66.203.202,116.72.157.92,116.74.105.2,116.83.21.112,116.90.163.170,117.102.8.244,117.103.56.164,117.103.56.52,117.120.27.12,117.120.49.162,117.120.54.38,117.16.245.135,117.16.246.51,117.18.75.164,117.18.75.170,117.193.0.62,117.194.1.197] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (10)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510018; rev:2003; fwsam: src, 24 hours;)
alert udp [116.214.26.145,116.224.82.90,116.228.212.38,116.228.67.200,116.236.224.82,116.254.79.58,116.255.154.56,116.255.159.159,116.28.64.158,116.28.64.168,116.48.137.141,116.55.226.131,116.58.176.241,116.66.203.202,116.72.157.92,116.74.105.2,116.83.21.112,116.90.163.170,117.102.8.244,117.103.56.164,117.103.56.52,117.120.27.12,117.120.49.162,117.120.54.38,117.16.245.135,117.16.246.51,117.18.75.164,117.18.75.170,117.193.0.62,117.194.1.197] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (10)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510019; rev:2003; fwsam: src, 24 hours;)
alert tcp [117.194.96.153,117.195.198.55,117.195.39.105,117.195.65.29,117.195.70.10,117.196.138.67,117.197.0.207,117.198.152.74,117.198.174.172,117.198.194.113,117.198.230.206,117.199.1.192,117.199.24.218,117.200.129.9,117.200.195.172,117.200.196.39,117.200.213.103,117.200.215.43,117.200.36.208,117.200.48.149,117.200.97.28,117.201.18.97,117.201.86.225,117.203.193.17,117.204.145.44,117.204.210.145,117.204.242.161,117.205.100.254,117.205.100.73,117.205.146.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (11)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510020; rev:2003; fwsam: src, 24 hours;)
alert udp [117.194.96.153,117.195.198.55,117.195.39.105,117.195.65.29,117.195.70.10,117.196.138.67,117.197.0.207,117.198.152.74,117.198.174.172,117.198.194.113,117.198.230.206,117.199.1.192,117.199.24.218,117.200.129.9,117.200.195.172,117.200.196.39,117.200.213.103,117.200.215.43,117.200.36.208,117.200.48.149,117.200.97.28,117.201.18.97,117.201.86.225,117.203.193.17,117.204.145.44,117.204.210.145,117.204.242.161,117.205.100.254,117.205.100.73,117.205.146.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (11)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510021; rev:2003; fwsam: src, 24 hours;)
alert tcp [117.205.21.66,117.205.7.215,117.207.3.146,117.207.33.72,117.207.49.63,117.207.6.94,117.21.178.97,117.241.185.236,117.241.232.168,117.241.234.159,117.241.240.100,117.242.1.65,117.242.4.253,117.28.238.132,117.34.69.10,117.34.79.133,117.41.169.18,117.41.169.20,117.41.229.178,117.41.239.5,117.53.174.8,117.56.20.120,117.74.110.5,117.74.99.12,117.91.148.219,118.0.115.62,118.0.217.45,118.102.129.212,118.102.148.86,118.103.184.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (12)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510022; rev:2003; fwsam: src, 24 hours;)
alert udp [117.205.21.66,117.205.7.215,117.207.3.146,117.207.33.72,117.207.49.63,117.207.6.94,117.21.178.97,117.241.185.236,117.241.232.168,117.241.234.159,117.241.240.100,117.242.1.65,117.242.4.253,117.28.238.132,117.34.69.10,117.34.79.133,117.41.169.18,117.41.169.20,117.41.229.178,117.41.239.5,117.53.174.8,117.56.20.120,117.74.110.5,117.74.99.12,117.91.148.219,118.0.115.62,118.0.217.45,118.102.129.212,118.102.148.86,118.103.184.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (12)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510023; rev:2003; fwsam: src, 24 hours;)
alert tcp [118.105.216.234,118.105.233.231,118.105.235.186,118.111.71.106,118.122.178.235,118.122.179.69,118.123.213.47,118.123.241.135,118.125.243.7,118.127.12.199,118.129.166.120,118.129.166.173,118.129.166.204,118.129.166.97,118.131.179.134,118.142.28.243,118.142.36.206,118.144.75.232,118.144.76.16,118.144.83.12,118.166.238.30,118.166.240.8,118.169.148.92,118.175.12.220,118.175.84.65,118.19.133.119,118.20.197.81,118.212.129.181,118.217.12.34,118.217.181.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (13)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510024; rev:2003; fwsam: src, 24 hours;)
alert udp [118.105.216.234,118.105.233.231,118.105.235.186,118.111.71.106,118.122.178.235,118.122.179.69,118.123.213.47,118.123.241.135,118.125.243.7,118.127.12.199,118.129.166.120,118.129.166.173,118.129.166.204,118.129.166.97,118.131.179.134,118.142.28.243,118.142.36.206,118.144.75.232,118.144.76.16,118.144.83.12,118.166.238.30,118.166.240.8,118.169.148.92,118.175.12.220,118.175.84.65,118.19.133.119,118.20.197.81,118.212.129.181,118.217.12.34,118.217.181.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (13)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510025; rev:2003; fwsam: src, 24 hours;)
alert tcp [118.217.181.156,118.218.198.225,118.218.42.230,118.219.232.244,118.221.120.219,118.231.114.149,118.237.135.9,118.237.147.218,118.237.87.109,118.241.78.112,118.243.118.151,118.243.23.30,118.37.127.137,118.69.204.177,118.69.250.134,118.70.129.19,118.8.188.32,118.8.96.147,118.87.20.81,118.96.187.222,118.97.53.156,118.97.8.212,118.98.215.116,118.98.232.106,118.98.233.51,118.98.64.34,119.1.200.130,119.110.102.236,119.12.239.152,119.145.109.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (14)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510026; rev:2003; fwsam: src, 24 hours;)
alert udp [118.217.181.156,118.218.198.225,118.218.42.230,118.219.232.244,118.221.120.219,118.231.114.149,118.237.135.9,118.237.147.218,118.237.87.109,118.241.78.112,118.243.118.151,118.243.23.30,118.37.127.137,118.69.204.177,118.69.250.134,118.70.129.19,118.8.188.32,118.8.96.147,118.87.20.81,118.96.187.222,118.97.53.156,118.97.8.212,118.98.215.116,118.98.232.106,118.98.233.51,118.98.64.34,119.1.200.130,119.110.102.236,119.12.239.152,119.145.109.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (14)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510027; rev:2003; fwsam: src, 24 hours;)
alert tcp [119.145.144.73,119.145.41.146,119.146.131.232,119.146.67.18,119.147.50.61,119.150.11.27,119.161.80.212,119.163.121.6,119.167.244.61,119.167.244.92,119.188.7.130,119.188.7.131,119.188.7.133,119.188.7.134,119.188.7.138,119.188.7.139,119.188.7.141,119.188.7.145,119.188.7.155,119.188.7.157,119.188.7.159,119.188.7.162,119.188.7.163,119.188.7.164,119.188.7.166,119.188.7.167,119.188.7.168,119.188.7.170,119.188.7.174,119.188.7.186] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (15)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510028; rev:2003; fwsam: src, 24 hours;)
alert udp [119.145.144.73,119.145.41.146,119.146.131.232,119.146.67.18,119.147.50.61,119.150.11.27,119.161.80.212,119.163.121.6,119.167.244.61,119.167.244.92,119.188.7.130,119.188.7.131,119.188.7.133,119.188.7.134,119.188.7.138,119.188.7.139,119.188.7.141,119.188.7.145,119.188.7.155,119.188.7.157,119.188.7.159,119.188.7.162,119.188.7.163,119.188.7.164,119.188.7.166,119.188.7.167,119.188.7.168,119.188.7.170,119.188.7.174,119.188.7.186] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (15)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510029; rev:2003; fwsam: src, 24 hours;)
alert tcp [119.188.7.192,119.188.7.195,119.188.7.196,119.188.7.200,119.188.7.208,119.188.7.42,119.192.32.240,119.196.21.224,119.197.32.201,119.205.209.172,119.206.201.116,119.206.201.118,119.235.27.19,119.240.154.45,119.243.73.41,119.245.139.182,119.245.230.115,119.245.231.135,119.245.231.222,119.245.231.228,119.245.231.56,119.247.199.102,119.254.3.83,119.254.4.162,119.255.23.2,119.255.56.170,119.255.6.100,119.36.107.74,119.40.26.22,119.6.86.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (16)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510030; rev:2003; fwsam: src, 24 hours;)
alert udp [119.188.7.192,119.188.7.195,119.188.7.196,119.188.7.200,119.188.7.208,119.188.7.42,119.192.32.240,119.196.21.224,119.197.32.201,119.205.209.172,119.206.201.116,119.206.201.118,119.235.27.19,119.240.154.45,119.243.73.41,119.245.139.182,119.245.230.115,119.245.231.135,119.245.231.222,119.245.231.228,119.245.231.56,119.247.199.102,119.254.3.83,119.254.4.162,119.255.23.2,119.255.56.170,119.255.6.100,119.36.107.74,119.40.26.22,119.6.86.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (16)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510031; rev:2003; fwsam: src, 24 hours;)
alert tcp [119.6.86.53,119.62.128.101,119.68.194.129,119.7.13.199,119.70.154.52,119.82.68.178,119.88.56.44,12.107.176.43,12.107.178.124,12.146.209.146,12.158.190.175,12.158.237.70,12.162.182.162,12.175.155.10,12.183.200.133,12.184.45.105,12.184.45.48,12.184.45.94,12.228.94.39,12.23.106.210,12.34.50.40,12.46.24.194,12.71.243.147,120.107.149.118,120.107.149.147,120.107.160.13,120.109.27.183,120.109.6.65,120.124.90.69,120.126.136.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (17)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510032; rev:2003; fwsam: src, 24 hours;)
alert udp [119.6.86.53,119.62.128.101,119.68.194.129,119.7.13.199,119.70.154.52,119.82.68.178,119.88.56.44,12.107.176.43,12.107.178.124,12.146.209.146,12.158.190.175,12.158.237.70,12.162.182.162,12.175.155.10,12.183.200.133,12.184.45.105,12.184.45.48,12.184.45.94,12.228.94.39,12.23.106.210,12.34.50.40,12.46.24.194,12.71.243.147,120.107.149.118,120.107.149.147,120.107.160.13,120.109.27.183,120.109.6.65,120.124.90.69,120.126.136.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (17)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510033; rev:2003; fwsam: src, 24 hours;)
alert tcp [120.126.195.85,120.126.44.58,120.126.57.60,120.136.43.48,120.136.43.49,120.136.43.51,120.136.43.52,120.136.43.55,120.136.43.56,120.136.43.57,120.29.155.58,120.44.125.253,120.50.35.20,120.64.255.254,120.72.43.47,120.72.43.48,120.72.47.218,120.72.47.219,120.74.251.159,120.75.21.97,121.0.117.20,121.10.117.132,121.10.133.226,121.101.213.4,121.101.214.46,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,121.103.229.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (18)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510034; rev:2003; fwsam: src, 24 hours;)
alert udp [120.126.195.85,120.126.44.58,120.126.57.60,120.136.43.48,120.136.43.49,120.136.43.51,120.136.43.52,120.136.43.55,120.136.43.56,120.136.43.57,120.29.155.58,120.44.125.253,120.50.35.20,120.64.255.254,120.72.43.47,120.72.43.48,120.72.47.218,120.72.47.219,120.74.251.159,120.75.21.97,121.0.117.20,121.10.117.132,121.10.133.226,121.101.213.4,121.101.214.46,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,121.103.229.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (18)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510035; rev:2003; fwsam: src, 24 hours;)
alert tcp [121.11.153.242,121.11.66.70,121.111.247.201,121.115.196.160,121.115.87.139,121.117.2.7,121.119.160.109,121.119.172.177,121.119.178.204,121.119.186.123,121.12.127.75,121.12.171.73,121.121.113.194,121.121.22.180,121.124.124.229,121.125.60.215,121.125.60.216,121.13.236.72,121.136.177.137,121.14.104.226,121.14.117.11,121.14.118.21,121.14.195.176,121.144.187.132,121.147.144.10,121.15.129.66,121.15.131.132,121.15.211.11,121.15.213.209,121.15.214.129] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (19)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510036; rev:2003; fwsam: src, 24 hours;)
alert udp [121.11.153.242,121.11.66.70,121.111.247.201,121.115.196.160,121.115.87.139,121.117.2.7,121.119.160.109,121.119.172.177,121.119.178.204,121.119.186.123,121.12.127.75,121.12.171.73,121.121.113.194,121.121.22.180,121.124.124.229,121.125.60.215,121.125.60.216,121.13.236.72,121.136.177.137,121.14.104.226,121.14.117.11,121.14.118.21,121.14.195.176,121.144.187.132,121.147.144.10,121.15.129.66,121.15.131.132,121.15.211.11,121.15.213.209,121.15.214.129] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (19)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510037; rev:2003; fwsam: src, 24 hours;)
alert tcp [121.15.226.230,121.156.66.103,121.160.171.6,121.162.118.190,121.167.221.24,121.170.179.222,121.172.253.22,121.178.26.185,121.179.146.5,121.180.16.51,121.182.97.100,121.189.62.109,121.190.239.196,121.2.67.42,121.2.67.53,121.204.0.2,121.207.254.227,121.212.245.61,121.240.26.228,121.242.204.2,121.242.23.223,121.243.130.139,121.243.138.138,121.243.34.24,121.243.61.82,121.246.26.95,121.246.33.200,121.247.218.189,121.247.80.208,121.254.224.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (20)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510038; rev:2003; fwsam: src, 24 hours;)
alert udp [121.15.226.230,121.156.66.103,121.160.171.6,121.162.118.190,121.167.221.24,121.170.179.222,121.172.253.22,121.178.26.185,121.179.146.5,121.180.16.51,121.182.97.100,121.189.62.109,121.190.239.196,121.2.67.42,121.2.67.53,121.204.0.2,121.207.254.227,121.212.245.61,121.240.26.228,121.242.204.2,121.242.23.223,121.243.130.139,121.243.138.138,121.243.34.24,121.243.61.82,121.246.26.95,121.246.33.200,121.247.218.189,121.247.80.208,121.254.224.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (20)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510039; rev:2003; fwsam: src, 24 hours;)
alert tcp [121.254.228.149,121.254.231.199,121.254.231.200,121.254.252.82,121.254.252.83,121.28.104.14,121.52.209.80,121.52.215.133,121.78.112.170,121.78.112.204,121.78.112.79,121.78.116.92,121.78.145.13,121.78.238.39,121.78.238.40,121.82.137.228,121.82.195.84,121.82.209.252,121.83.165.217,121.9.210.248,121.9.212.13,121.92.166.52,121.94.253.93,121.97.130.76,121.97.90.137,122.11.56.250,122.115.63.116,122.116.115.161,122.116.121.19,122.116.56.209] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (21)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510040; rev:2003; fwsam: src, 24 hours;)
alert udp [121.254.228.149,121.254.231.199,121.254.231.200,121.254.252.82,121.254.252.83,121.28.104.14,121.52.209.80,121.52.215.133,121.78.112.170,121.78.112.204,121.78.112.79,121.78.116.92,121.78.145.13,121.78.238.39,121.78.238.40,121.82.137.228,121.82.195.84,121.82.209.252,121.83.165.217,121.9.210.248,121.9.212.13,121.92.166.52,121.94.253.93,121.97.130.76,121.97.90.137,122.11.56.250,122.115.63.116,122.116.115.161,122.116.121.19,122.116.56.209] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (21)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510041; rev:2003; fwsam: src, 24 hours;)
alert tcp [122.116.58.142,122.116.70.131,122.117.91.106,122.121.213.203,122.129.198.122,122.145.252.213,122.146.155.133,122.146.50.128,122.146.50.79,122.146.68.237,122.152.161.194,122.153.124.74,122.154.8.141,122.155.0.121,122.155.0.160,122.155.0.70,122.155.3.121,122.155.3.129,122.155.8.101,122.160.169.162,122.161.32.128,122.161.87.148,122.166.40.215,122.168.136.50,122.168.170.216,122.169.52.69,122.17.4.251,122.180.114.98,122.180.129.123,122.180.99.195] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (22)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510042; rev:2003; fwsam: src, 24 hours;)
alert udp [122.116.58.142,122.116.70.131,122.117.91.106,122.121.213.203,122.129.198.122,122.145.252.213,122.146.155.133,122.146.50.128,122.146.50.79,122.146.68.237,122.152.161.194,122.153.124.74,122.154.8.141,122.155.0.121,122.155.0.160,122.155.0.70,122.155.3.121,122.155.3.129,122.155.8.101,122.160.169.162,122.161.32.128,122.161.87.148,122.166.40.215,122.168.136.50,122.168.170.216,122.169.52.69,122.17.4.251,122.180.114.98,122.180.129.123,122.180.99.195] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (22)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510043; rev:2003; fwsam: src, 24 hours;)
alert tcp [122.181.147.236,122.181.174.150,122.182.15.187,122.183.202.35,122.183.80.82,122.193.98.130,122.194.21.12,122.199.140.158,122.199.242.22,122.200.66.23,122.200.90.17,122.201.145.74,122.202.21.106,122.202.21.108,122.208.218.251,122.208.76.218,122.212.217.28,122.213.186.194,122.213.186.205,122.213.186.208,122.213.198.104,122.216.15.102,122.216.15.66,122.219.45.210,122.219.46.195,122.224.207.242,122.224.215.68,122.224.223.112,122.224.73.212,122.224.95.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (23)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510044; rev:2003; fwsam: src, 24 hours;)
alert udp [122.181.147.236,122.181.174.150,122.182.15.187,122.183.202.35,122.183.80.82,122.193.98.130,122.194.21.12,122.199.140.158,122.199.242.22,122.200.66.23,122.200.90.17,122.201.145.74,122.202.21.106,122.202.21.108,122.208.218.251,122.208.76.218,122.212.217.28,122.213.186.194,122.213.186.205,122.213.186.208,122.213.198.104,122.216.15.102,122.216.15.66,122.219.45.210,122.219.46.195,122.224.207.242,122.224.215.68,122.224.223.112,122.224.73.212,122.224.95.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (23)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510045; rev:2003; fwsam: src, 24 hours;)
alert tcp [122.225.29.42,122.225.37.68,122.225.37.88,122.225.38.32,122.225.8.66,122.226.12.18,122.227.186.178,122.240.68.106,122.249.122.21,122.249.183.95,122.252.12.16,122.252.145.81,122.252.223.100,122.252.234.115,122.252.9.162,122.48.159.247,122.49.118.34,122.49.213.34,122.49.78.130,122.50.133.226,122.50.192.54,122.51.148.199,122.53.161.148,122.70.144.105,122.70.149.197,122.70.156.223,122.72.28.19,122.72.31.130,122.9.61.204,123.0.63.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (24)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510046; rev:2003; fwsam: src, 24 hours;)
alert udp [122.225.29.42,122.225.37.68,122.225.37.88,122.225.38.32,122.225.8.66,122.226.12.18,122.227.186.178,122.240.68.106,122.249.122.21,122.249.183.95,122.252.12.16,122.252.145.81,122.252.223.100,122.252.234.115,122.252.9.162,122.48.159.247,122.49.118.34,122.49.213.34,122.49.78.130,122.50.133.226,122.50.192.54,122.51.148.199,122.53.161.148,122.70.144.105,122.70.149.197,122.70.156.223,122.72.28.19,122.72.31.130,122.9.61.204,123.0.63.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (24)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510047; rev:2003; fwsam: src, 24 hours;)
alert tcp [123.100.125.178,123.103.15.37,123.103.168.59,123.108.1.158,123.108.108.147,123.108.45.34,123.108.6.138,123.114.170.157,123.119.75.253,123.124.189.51,123.125.97.34,123.138.22.83,123.138.234.233,123.143.227.164,123.150.196.38,123.150.196.8,123.196.113.11,123.201.132.208,123.201.155.119,123.201.156.54,123.201.193.55,123.201.211.5,123.201.242.214,123.201.242.252,123.201.25.24,123.201.37.182,123.201.58.11,123.204.183.15,123.204.50.171,123.204.51.17] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (25)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510048; rev:2003; fwsam: src, 24 hours;)
alert udp [123.100.125.178,123.103.15.37,123.103.168.59,123.108.1.158,123.108.108.147,123.108.45.34,123.108.6.138,123.114.170.157,123.119.75.253,123.124.189.51,123.125.97.34,123.138.22.83,123.138.234.233,123.143.227.164,123.150.196.38,123.150.196.8,123.196.113.11,123.201.132.208,123.201.155.119,123.201.156.54,123.201.193.55,123.201.211.5,123.201.242.214,123.201.242.252,123.201.25.24,123.201.37.182,123.201.58.11,123.204.183.15,123.204.50.171,123.204.51.17] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (25)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510049; rev:2003; fwsam: src, 24 hours;)
alert tcp [123.204.52.14,123.221.193.203,123.222.57.219,123.225.169.86,123.233.242.78,123.236.128.211,123.236.134.130,123.236.159.211,123.236.189.59,123.237.230.94,123.237.75.14,123.237.77.238,123.237.77.92,123.237.87.10,123.238.126.178,123.238.139.91,123.238.16.149,123.238.61.136,123.240.199.249,123.242.230.169,123.242.230.228,123.242.230.46,123.242.231.193,123.242.231.198,123.248.249.193,123.255.14.3,123.27.62.13,123.30.184.88,123.30.19.38,123.30.50.99] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (26)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510050; rev:2003; fwsam: src, 24 hours;)
alert udp [123.204.52.14,123.221.193.203,123.222.57.219,123.225.169.86,123.233.242.78,123.236.128.211,123.236.134.130,123.236.159.211,123.236.189.59,123.237.230.94,123.237.75.14,123.237.77.238,123.237.77.92,123.237.87.10,123.238.126.178,123.238.139.91,123.238.16.149,123.238.61.136,123.240.199.249,123.242.230.169,123.242.230.228,123.242.230.46,123.242.231.193,123.242.231.198,123.248.249.193,123.255.14.3,123.27.62.13,123.30.184.88,123.30.19.38,123.30.50.99] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (26)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510051; rev:2003; fwsam: src, 24 hours;)
alert tcp [123.30.7.41,123.48.141.177,123.48.7.109,123.49.32.76,123.49.47.120,123.50.205.238,123.50.217.173,123.50.55.242,123.65.217.183,123.65.246.236,124.105.161.139,124.109.32.133,124.110.137.51,124.110.219.45,124.123.232.169,124.124.200.18,124.124.200.22,124.124.212.172,124.124.244.132,124.124.59.60,124.124.9.44,124.124.91.195,124.125.155.246,124.125.243.108,124.125.244.245,124.125.250.84,124.125.34.91,124.125.38.217,124.125.50.88,124.125.66.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (27)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510052; rev:2003; fwsam: src, 24 hours;)
alert udp [123.30.7.41,123.48.141.177,123.48.7.109,123.49.32.76,123.49.47.120,123.50.205.238,123.50.217.173,123.50.55.242,123.65.217.183,123.65.246.236,124.105.161.139,124.109.32.133,124.110.137.51,124.110.219.45,124.123.232.169,124.124.200.18,124.124.200.22,124.124.212.172,124.124.244.132,124.124.59.60,124.124.9.44,124.124.91.195,124.125.155.246,124.125.243.108,124.125.244.245,124.125.250.84,124.125.34.91,124.125.38.217,124.125.50.88,124.125.66.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (27)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510053; rev:2003; fwsam: src, 24 hours;)
alert tcp [124.125.83.62,124.125.93.210,124.127.117.165,124.137.16.167,124.150.142.171,124.153.102.70,124.158.77.173,124.16.130.78,124.160.93.131,124.172.234.109,124.172.237.19,124.193.106.107,124.193.216.206,124.205.160.9,124.207.168.42,124.207.65.29,124.207.96.251,124.212.184.173,124.214.89.188,124.217.216.66,124.217.238.2,124.217.239.158,124.217.240.30,124.217.251.224,124.225.122.164,124.232.131.82,124.237.96.186,124.244.251.180,124.247.243.111,124.3.115.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (28)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510054; rev:2003; fwsam: src, 24 hours;)
alert udp [124.125.83.62,124.125.93.210,124.127.117.165,124.137.16.167,124.150.142.171,124.153.102.70,124.158.77.173,124.16.130.78,124.160.93.131,124.172.234.109,124.172.237.19,124.193.106.107,124.193.216.206,124.205.160.9,124.207.168.42,124.207.65.29,124.207.96.251,124.212.184.173,124.214.89.188,124.217.216.66,124.217.238.2,124.217.239.158,124.217.240.30,124.217.251.224,124.225.122.164,124.232.131.82,124.237.96.186,124.244.251.180,124.247.243.111,124.3.115.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (28)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510055; rev:2003; fwsam: src, 24 hours;)
alert tcp [124.30.20.116,124.30.203.4,124.40.117.102,124.40.21.108,124.40.21.79,124.40.48.24,124.42.125.200,124.42.126.56,124.42.34.72,124.42.35.72,124.42.9.109,124.46.248.98,124.47.118.156,124.7.174.176,124.74.24.142,124.74.45.122,124.80.234.210,124.81.246.147,124.82.212.70,124.82.221.194,124.85.118.117,124.98.1.83,125.0.145.204,125.138.96.6,125.141.142.100,125.141.230.76,125.141.233.12,125.141.234.81,125.160.17.242,125.160.17.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (29)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510056; rev:2003; fwsam: src, 24 hours;)
alert udp [124.30.20.116,124.30.203.4,124.40.117.102,124.40.21.108,124.40.21.79,124.40.48.24,124.42.125.200,124.42.126.56,124.42.34.72,124.42.35.72,124.42.9.109,124.46.248.98,124.47.118.156,124.7.174.176,124.74.24.142,124.74.45.122,124.80.234.210,124.81.246.147,124.82.212.70,124.82.221.194,124.85.118.117,124.98.1.83,125.0.145.204,125.138.96.6,125.141.142.100,125.141.230.76,125.141.233.12,125.141.234.81,125.160.17.242,125.160.17.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (29)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510057; rev:2003; fwsam: src, 24 hours;)
alert tcp [125.161.242.47,125.164.121.190,125.165.25.120,125.166.160.234,125.167.119.90,125.172.77.110,125.192.80.183,125.195.52.183,125.200.175.213,125.200.219.94,125.200.76.120,125.206.118.199,125.206.121.187,125.210.209.148,125.210.253.164,125.211.200.32,125.211.221.29,125.212.115.56,125.214.64.200,125.214.64.26,125.215.148.77,125.215.205.180,125.22.105.83,125.225.40.225,125.235.33.52,125.235.4.111,125.244.25.132,125.244.25.133,125.244.77.6,125.247.130.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (30)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510058; rev:2003; fwsam: src, 24 hours;)
alert udp [125.161.242.47,125.164.121.190,125.165.25.120,125.166.160.234,125.167.119.90,125.172.77.110,125.192.80.183,125.195.52.183,125.200.175.213,125.200.219.94,125.200.76.120,125.206.118.199,125.206.121.187,125.210.209.148,125.210.253.164,125.211.200.32,125.211.221.29,125.212.115.56,125.214.64.200,125.214.64.26,125.215.148.77,125.215.205.180,125.22.105.83,125.225.40.225,125.235.33.52,125.235.4.111,125.244.25.132,125.244.25.133,125.244.77.6,125.247.130.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (30)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510059; rev:2003; fwsam: src, 24 hours;)
alert tcp [125.247.250.131,125.247.250.200,125.247.254.140,125.248.69.130,125.249.113.30,125.249.113.5,125.249.153.132,125.249.164.101,125.249.164.3,125.249.237.67,125.31.78.190,125.35.1.21,125.46.11.61,125.46.41.42,125.46.63.134,125.5.112.177,125.5.114.185,125.54.127.208,125.6.137.211,125.63.74.3,125.64.34.43,125.7.234.53,125.76.229.235,125.76.230.123,125.76.233.111,125.76.238.55,125.88.128.4,125.88.13.5,125.90.93.70,128.121.234.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (31)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510060; rev:2003; fwsam: src, 24 hours;)
alert udp [125.247.250.131,125.247.250.200,125.247.254.140,125.248.69.130,125.249.113.30,125.249.113.5,125.249.153.132,125.249.164.101,125.249.164.3,125.249.237.67,125.31.78.190,125.35.1.21,125.46.11.61,125.46.41.42,125.46.63.134,125.5.112.177,125.5.114.185,125.54.127.208,125.6.137.211,125.63.74.3,125.64.34.43,125.7.234.53,125.76.229.235,125.76.230.123,125.76.233.111,125.76.238.55,125.88.128.4,125.88.13.5,125.90.93.70,128.121.234.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (31)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510061; rev:2003; fwsam: src, 24 hours;)
alert tcp [128.174.241.156,128.175.34.143,128.193.224.79,128.197.61.14,128.206.116.99,128.39.175.178,129.100.47.232,129.105.112.145,129.13.251.36,129.137.2.247,129.137.6.227,129.194.160.75,129.206.114.37,129.219.110.120,129.219.246.172,129.22.73.22,129.241.32.34,129.59.95.120,129.63.8.189,129.78.25.74,129.97.44.87,130.117.187.107,130.117.44.54,130.226.187.116,130.235.181.124,130.235.38.45,130.245.191.106,130.89.10.23,131.111.93.201,131.114.106.141] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (32)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510062; rev:2003; fwsam: src, 24 hours;)
alert udp [128.174.241.156,128.175.34.143,128.193.224.79,128.197.61.14,128.206.116.99,128.39.175.178,129.100.47.232,129.105.112.145,129.13.251.36,129.137.2.247,129.137.6.227,129.194.160.75,129.206.114.37,129.219.110.120,129.219.246.172,129.22.73.22,129.241.32.34,129.59.95.120,129.63.8.189,129.78.25.74,129.97.44.87,130.117.187.107,130.117.44.54,130.226.187.116,130.235.181.124,130.235.38.45,130.245.191.106,130.89.10.23,131.111.93.201,131.114.106.141] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (32)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510063; rev:2003; fwsam: src, 24 hours;)
alert tcp [131.174.220.41,131.188.3.231,131.94.37.157,131.95.229.234,132.206.6.199,132.215.28.28,132.248.103.109,132.248.112.11,132.248.112.6,132.248.112.95,132.248.83.244,133.34.147.34,133.41.110.10,133.62.94.228,133.70.173.140,133.79.205.20,133.86.38.42,134.102.135.232,134.102.208.59,134.103.156.3,134.169.59.5,134.2.117.36,134.214.153.138,134.99.136.23,136.145.91.15,136.183.139.251,137.154.65.40,137.158.126.68,137.189.27.132,137.48.16.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (33)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510064; rev:2003; fwsam: src, 24 hours;)
alert udp [131.174.220.41,131.188.3.231,131.94.37.157,131.95.229.234,132.206.6.199,132.215.28.28,132.248.103.109,132.248.112.11,132.248.112.6,132.248.112.95,132.248.83.244,133.34.147.34,133.41.110.10,133.62.94.228,133.70.173.140,133.79.205.20,133.86.38.42,134.102.135.232,134.102.208.59,134.103.156.3,134.169.59.5,134.2.117.36,134.214.153.138,134.99.136.23,136.145.91.15,136.183.139.251,137.154.65.40,137.158.126.68,137.189.27.132,137.48.16.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (33)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510065; rev:2003; fwsam: src, 24 hours;)
alert tcp [138.73.201.14,138.73.201.15,138.73.201.16,139.13.44.1,139.13.44.13,139.13.81.158,139.14.23.13,139.142.235.138,139.165.11.70,139.53.16.133,140.109.236.73,140.109.55.6,140.109.66.233,140.109.98.210,140.110.16.128,140.111.104.8,140.112.2.208,140.113.239.71,140.114.119.1,140.114.55.124,140.115.107.92,140.116.206.65,140.116.31.27,140.118.170.113,140.118.170.42,140.118.30.17,140.118.7.125,140.119.182.75,140.119.185.21,140.119.19.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (34)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510066; rev:2003; fwsam: src, 24 hours;)
alert udp [138.73.201.14,138.73.201.15,138.73.201.16,139.13.44.1,139.13.44.13,139.13.81.158,139.14.23.13,139.142.235.138,139.165.11.70,139.53.16.133,140.109.236.73,140.109.55.6,140.109.66.233,140.109.98.210,140.110.16.128,140.111.104.8,140.112.2.208,140.113.239.71,140.114.119.1,140.114.55.124,140.115.107.92,140.116.206.65,140.116.31.27,140.118.170.113,140.118.170.42,140.118.30.17,140.118.7.125,140.119.182.75,140.119.185.21,140.119.19.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (34)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510067; rev:2003; fwsam: src, 24 hours;)
alert tcp [140.119.220.171,140.119.61.145,140.120.53.93,140.121.193.226,140.121.193.236,140.121.198.19,140.121.30.200,140.122.140.3,140.125.84.55,140.126.176.31,140.126.176.6,140.126.176.9,140.127.112.188,140.127.114.171,140.128.161.32,140.128.181.1,140.128.182.2,140.128.200.1,140.128.206.27,140.128.213.2,140.128.219.253,140.128.225.4,140.128.230.5,140.128.230.9,140.128.236.5,140.130.158.130,140.130.43.178,140.131.140.250,140.138.144.231,140.174.118.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (35)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510068; rev:2003; fwsam: src, 24 hours;)
alert udp [140.119.220.171,140.119.61.145,140.120.53.93,140.121.193.226,140.121.193.236,140.121.198.19,140.121.30.200,140.122.140.3,140.125.84.55,140.126.176.31,140.126.176.6,140.126.176.9,140.127.112.188,140.127.114.171,140.128.161.32,140.128.181.1,140.128.182.2,140.128.200.1,140.128.206.27,140.128.213.2,140.128.219.253,140.128.225.4,140.128.230.5,140.128.230.9,140.128.236.5,140.130.158.130,140.130.43.178,140.131.140.250,140.138.144.231,140.174.118.252] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (35)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510069; rev:2003; fwsam: src, 24 hours;)
alert tcp [141.154.213.18,141.20.83.15,141.212.106.113,141.212.109.222,141.212.109.228,141.212.109.244,141.212.109.89,141.212.113.85,141.216.10.145,141.22.27.3,141.223.133.47,141.223.61.228,141.250.2.193,141.252.27.104,141.26.64.132,141.28.78.1,141.44.52.3,141.45.176.154,141.48.223.1,141.62.111.72,141.82.60.164,142.46.157.44,143.107.161.149,143.248.91.131,144.16.111.140,145.116.14.40,145.238.200.11,145.24.222.82,146.101.173.225,146.145.3.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (36)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510070; rev:2003; fwsam: src, 24 hours;)
alert udp [141.154.213.18,141.20.83.15,141.212.106.113,141.212.109.222,141.212.109.228,141.212.109.244,141.212.109.89,141.212.113.85,141.216.10.145,141.22.27.3,141.223.133.47,141.223.61.228,141.250.2.193,141.252.27.104,141.26.64.132,141.28.78.1,141.44.52.3,141.45.176.154,141.48.223.1,141.62.111.72,141.82.60.164,142.46.157.44,143.107.161.149,143.248.91.131,144.16.111.140,145.116.14.40,145.238.200.11,145.24.222.82,146.101.173.225,146.145.3.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (36)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510071; rev:2003; fwsam: src, 24 hours;)
alert tcp [146.164.128.26,146.164.32.12,146.96.128.158,147.102.162.194,147.123.149.112,147.156.252.198,147.156.51.124,147.175.16.89,147.175.70.185,147.230.72.27,147.32.5.125,147.83.127.90,147.83.15.184,147.83.50.136,147.83.50.47,147.83.60.2,148.204.124.99,148.208.169.250,148.222.11.75,148.228.181.190,148.244.108.146,148.244.114.62,148.244.127.66,148.244.221.188,148.244.236.82,148.244.98.137,148.245.102.114,150.101.105.113,150.101.189.34,150.101.240.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (37)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510072; rev:2003; fwsam: src, 24 hours;)
alert udp [146.164.128.26,146.164.32.12,146.96.128.158,147.102.162.194,147.123.149.112,147.156.252.198,147.156.51.124,147.175.16.89,147.175.70.185,147.230.72.27,147.32.5.125,147.83.127.90,147.83.15.184,147.83.50.136,147.83.50.47,147.83.60.2,148.204.124.99,148.208.169.250,148.222.11.75,148.228.181.190,148.244.108.146,148.244.114.62,148.244.127.66,148.244.221.188,148.244.236.82,148.244.98.137,148.245.102.114,150.101.105.113,150.101.189.34,150.101.240.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (37)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510073; rev:2003; fwsam: src, 24 hours;)
alert tcp [150.128.97.74,150.145.59.149,150.145.63.202,150.185.129.37,150.186.224.20,150.214.108.118,150.214.110.214,150.214.188.23,150.214.191.117,150.217.156.35,150.254.30.186,151.1.142.92,151.1.162.16,151.1.210.48,151.1.219.222,151.1.25.5,151.100.17.246,151.13.202.194,151.197.55.88,151.9.119.81,151.9.46.72,151.97.9.196,152.14.59.112,152.3.10.88,152.46.24.154,152.99.39.6,153.109.96.231,153.19.129.157,153.19.99.121,155.207.113.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (38)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510074; rev:2003; fwsam: src, 24 hours;)
alert udp [150.128.97.74,150.145.59.149,150.145.63.202,150.185.129.37,150.186.224.20,150.214.108.118,150.214.110.214,150.214.188.23,150.214.191.117,150.217.156.35,150.254.30.186,151.1.142.92,151.1.162.16,151.1.210.48,151.1.219.222,151.1.25.5,151.100.17.246,151.13.202.194,151.197.55.88,151.9.119.81,151.9.46.72,151.97.9.196,152.14.59.112,152.3.10.88,152.46.24.154,152.99.39.6,153.109.96.231,153.19.129.157,153.19.99.121,155.207.113.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (38)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510075; rev:2003; fwsam: src, 24 hours;)
alert tcp [155.207.114.30,155.230.105.168,155.54.170.10,156.17.186.235,156.17.79.4,156.17.86.12,156.35.33.199,157.100.195.134,157.114.1.3,157.157.147.133,157.157.147.241,157.24.188.71,157.86.114.141,157.86.160.22,157.86.8.16,157.88.229.16,158.109.201.12,158.155.4.14,158.182.11.202,158.193.150.36,158.193.214.54,158.195.31.72,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.151,159.148.117.155,159.148.117.158,159.148.178.133,159.213.42.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (39)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510076; rev:2003; fwsam: src, 24 hours;)
alert udp [155.207.114.30,155.230.105.168,155.54.170.10,156.17.186.235,156.17.79.4,156.17.86.12,156.35.33.199,157.100.195.134,157.114.1.3,157.157.147.133,157.157.147.241,157.24.188.71,157.86.114.141,157.86.160.22,157.86.8.16,157.88.229.16,158.109.201.12,158.155.4.14,158.182.11.202,158.193.150.36,158.193.214.54,158.195.31.72,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.151,159.148.117.155,159.148.117.158,159.148.178.133,159.213.42.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (39)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510077; rev:2003; fwsam: src, 24 hours;)
alert tcp [159.226.170.20,159.226.67.49,159.226.7.162,159.28.18.5,159.90.200.126,160.217.215.2,160.80.35.107,160.80.82.106,160.80.84.120,161.139.147.244,161.139.195.244,161.200.93.137,161.53.141.3,161.58.178.227,162.105.67.211,163.139.169.178,163.152.216.30,163.16.72.3,163.17.100.60,163.17.102.14,163.17.21.2,163.17.65.203,163.178.108.80,163.178.112.6,163.178.170.36,163.178.170.75,163.180.114.73,163.180.142.21,163.19.1.91,163.19.124.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (40)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510078; rev:2003; fwsam: src, 24 hours;)
alert udp [159.226.170.20,159.226.67.49,159.226.7.162,159.28.18.5,159.90.200.126,160.217.215.2,160.80.35.107,160.80.82.106,160.80.84.120,161.139.147.244,161.139.195.244,161.200.93.137,161.53.141.3,161.58.178.227,162.105.67.211,163.139.169.178,163.152.216.30,163.16.72.3,163.17.100.60,163.17.102.14,163.17.21.2,163.17.65.203,163.178.108.80,163.178.112.6,163.178.170.36,163.178.170.75,163.180.114.73,163.180.142.21,163.19.1.91,163.19.124.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (40)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510079; rev:2003; fwsam: src, 24 hours;)
alert tcp [163.19.129.10,163.19.13.4,163.19.143.54,163.19.156.240,163.19.249.2,163.19.30.58,163.19.30.7,163.19.37.133,163.19.63.1,163.19.77.4,163.19.8.1,163.19.81.130,163.19.81.133,163.19.90.6,163.19.90.7,163.20.108.7,163.20.63.13,163.20.9.8,163.21.10.1,163.21.129.15,163.21.148.176,163.21.169.19,163.21.251.7,163.21.39.8,163.22.100.1,163.22.109.129,163.22.110.1,163.22.110.130,163.22.112.129,163.22.114.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (41)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510080; rev:2003; fwsam: src, 24 hours;)
alert udp [163.19.129.10,163.19.13.4,163.19.143.54,163.19.156.240,163.19.249.2,163.19.30.58,163.19.30.7,163.19.37.133,163.19.63.1,163.19.77.4,163.19.8.1,163.19.81.130,163.19.81.133,163.19.90.6,163.19.90.7,163.20.108.7,163.20.63.13,163.20.9.8,163.21.10.1,163.21.129.15,163.21.148.176,163.21.169.19,163.21.251.7,163.21.39.8,163.22.100.1,163.22.109.129,163.22.110.1,163.22.110.130,163.22.112.129,163.22.114.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (41)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510081; rev:2003; fwsam: src, 24 hours;)
alert tcp [163.22.135.1,163.22.141.1,163.22.146.122,163.22.147.129,163.22.149.129,163.22.151.129,163.22.32.97,163.22.62.1,163.22.68.129,163.22.78.131,163.22.81.1,163.22.85.9,163.22.89.130,163.23.111.1,163.23.116.182,163.23.86.65,163.23.92.193,163.24.139.77,163.24.19.150,163.24.20.118,163.24.25.12,163.24.8.12,163.25.121.31,163.25.131.126,163.32.145.11,163.32.185.14,163.32.199.6,163.32.201.1,163.32.205.3,163.32.240.241] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (42)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510082; rev:2003; fwsam: src, 24 hours;)
alert udp [163.22.135.1,163.22.141.1,163.22.146.122,163.22.147.129,163.22.149.129,163.22.151.129,163.22.32.97,163.22.62.1,163.22.68.129,163.22.78.131,163.22.81.1,163.22.85.9,163.22.89.130,163.23.111.1,163.23.116.182,163.23.86.65,163.23.92.193,163.24.139.77,163.24.19.150,163.24.20.118,163.24.25.12,163.24.8.12,163.25.121.31,163.25.131.126,163.32.145.11,163.32.185.14,163.32.199.6,163.32.201.1,163.32.205.3,163.32.240.241] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (42)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510083; rev:2003; fwsam: src, 24 hours;)
alert tcp [163.32.244.4,164.15.126.46,164.41.25.120,164.73.162.2,164.77.170.66,164.77.199.162,164.77.232.44,164.77.67.221,164.78.248.57,165.139.223.24,165.194.30.30,165.228.207.42,165.230.77.69,166.70.44.132,166.70.74.34,168.144.196.119,168.176.125.116,169.199.89.66,170.210.200.9,170.210.44.160,170.51.33.70,170.51.45.246,173.0.49.45,173.0.50.28,173.1.100.29,173.1.245.247,173.11.56.194,173.13.191.65,173.14.188.89,173.14.231.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (43)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510084; rev:2003; fwsam: src, 24 hours;)
alert udp [163.32.244.4,164.15.126.46,164.41.25.120,164.73.162.2,164.77.170.66,164.77.199.162,164.77.232.44,164.77.67.221,164.78.248.57,165.139.223.24,165.194.30.30,165.228.207.42,165.230.77.69,166.70.44.132,166.70.74.34,168.144.196.119,168.176.125.116,169.199.89.66,170.210.200.9,170.210.44.160,170.51.33.70,170.51.45.246,173.0.49.45,173.0.50.28,173.1.100.29,173.1.245.247,173.11.56.194,173.13.191.65,173.14.188.89,173.14.231.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (43)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510085; rev:2003; fwsam: src, 24 hours;)
alert tcp [173.15.190.217,173.15.29.61,173.160.135.189,173.161.200.185,173.164.143.171,173.166.139.82,173.168.4.103,173.193.194.106,173.193.214.228,173.200.68.21,173.201.16.131,173.201.247.26,173.203.100.184,173.203.106.250,173.203.216.115,173.203.216.153,173.203.216.225,173.203.216.231,173.203.216.99,173.203.217.110,173.203.217.5,173.203.86.101,173.203.87.174,173.203.93.141,173.208.152.234,173.208.76.17,173.21.181.200,173.212.255.252,173.224.217.188,173.230.138.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (44)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510086; rev:2003; fwsam: src, 24 hours;)
alert udp [173.15.190.217,173.15.29.61,173.160.135.189,173.161.200.185,173.164.143.171,173.166.139.82,173.168.4.103,173.193.194.106,173.193.214.228,173.200.68.21,173.201.16.131,173.201.247.26,173.203.100.184,173.203.106.250,173.203.216.115,173.203.216.153,173.203.216.225,173.203.216.231,173.203.216.99,173.203.217.110,173.203.217.5,173.203.86.101,173.203.87.174,173.203.93.141,173.208.152.234,173.208.76.17,173.21.181.200,173.212.255.252,173.224.217.188,173.230.138.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (44)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510087; rev:2003; fwsam: src, 24 hours;)
alert tcp [173.230.145.104,173.234.77.108,173.236.97.70,173.242.114.146,173.244.175.94,173.27.122.86,173.45.101.250,173.45.232.6,173.45.82.210,173.45.94.50,173.46.2.6,173.67.143.141,173.73.4.117,173.8.132.246,173.8.192.125,173.9.222.43,173.9.64.181,173.93.190.193,174.102.240.232,174.113.18.248,174.120.158.106,174.120.179.34,174.120.224.131,174.120.25.34,174.120.94.2,174.121.0.218,174.121.79.66,174.121.85.94,174.121.89.219,174.123.118.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (45)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510088; rev:2003; fwsam: src, 24 hours;)
alert udp [173.230.145.104,173.234.77.108,173.236.97.70,173.242.114.146,173.244.175.94,173.27.122.86,173.45.101.250,173.45.232.6,173.45.82.210,173.45.94.50,173.46.2.6,173.67.143.141,173.73.4.117,173.8.132.246,173.8.192.125,173.9.222.43,173.9.64.181,173.93.190.193,174.102.240.232,174.113.18.248,174.120.158.106,174.120.179.34,174.120.224.131,174.120.25.34,174.120.94.2,174.121.0.218,174.121.79.66,174.121.85.94,174.121.89.219,174.123.118.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (45)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510089; rev:2003; fwsam: src, 24 hours;)
alert tcp [174.123.189.18,174.123.217.34,174.123.79.43,174.129.12.145,174.129.154.52,174.129.202.28,174.129.234.213,174.129.240.247,174.129.248.174,174.129.249.53,174.132.127.130,174.132.229.56,174.133.114.42,174.133.147.250,174.133.205.202,174.142.104.57,174.142.104.9,174.142.53.134,174.142.78.169,174.143.148.151,174.143.152.97,174.143.154.110,174.143.172.86,174.143.173.212,174.143.174.129,174.143.24.164,174.143.247.224,174.143.26.217,174.33.77.123,174.34.132.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (46)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510090; rev:2003; fwsam: src, 24 hours;)
alert udp [174.123.189.18,174.123.217.34,174.123.79.43,174.129.12.145,174.129.154.52,174.129.202.28,174.129.234.213,174.129.240.247,174.129.248.174,174.129.249.53,174.132.127.130,174.132.229.56,174.133.114.42,174.133.147.250,174.133.205.202,174.142.104.57,174.142.104.9,174.142.53.134,174.142.78.169,174.143.148.151,174.143.152.97,174.143.154.110,174.143.172.86,174.143.173.212,174.143.174.129,174.143.24.164,174.143.247.224,174.143.26.217,174.33.77.123,174.34.132.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (46)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510091; rev:2003; fwsam: src, 24 hours;)
alert tcp [174.34.141.50,174.34.155.178,174.36.169.42,174.36.245.146,174.36.250.214,174.37.136.126,174.37.165.222,174.37.172.68,174.37.200.163,174.37.233.26,174.37.242.101,174.37.3.105,174.37.91.122,174.51.8.33,174.52.121.119,174.98.185.9,175.199.25.71,175.28.131.212,178.162.167.120,178.17.163.90,178.18.16.132,178.187.11.195,178.208.83.10,178.208.83.6,178.239.48.4,178.63.224.221,178.63.225.213,178.63.55.57,178.72.104.3,178.95.215.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (47)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510092; rev:2003; fwsam: src, 24 hours;)
alert udp [174.34.141.50,174.34.155.178,174.36.169.42,174.36.245.146,174.36.250.214,174.37.136.126,174.37.165.222,174.37.172.68,174.37.200.163,174.37.233.26,174.37.242.101,174.37.3.105,174.37.91.122,174.51.8.33,174.52.121.119,174.98.185.9,175.199.25.71,175.28.131.212,178.162.167.120,178.17.163.90,178.18.16.132,178.187.11.195,178.208.83.10,178.208.83.6,178.239.48.4,178.63.224.221,178.63.225.213,178.63.55.57,178.72.104.3,178.95.215.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (47)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510093; rev:2003; fwsam: src, 24 hours;)
alert tcp [180.131.127.226,180.131.17.20,180.148.137.152,180.148.137.99,180.149.11.23,180.151.249.187,180.178.30.22,180.189.50.2,180.70.116.110,183.87.30.57,183.87.44.192,183.97.153.63,184.106.219.75,184.154.12.27,184.82.4.136,184.82.79.116,186.0.0.150,186.104.10.36,186.104.163.74,186.122.113.249,186.14.252.28,186.18.143.135,186.18.193.226,186.18.234.8,186.201.125.202,186.42.172.2,186.42.173.147,186.80.133.48,186.81.112.92,186.81.156.219] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (48)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510094; rev:2003; fwsam: src, 24 hours;)
alert udp [180.131.127.226,180.131.17.20,180.148.137.152,180.148.137.99,180.149.11.23,180.151.249.187,180.178.30.22,180.189.50.2,180.70.116.110,183.87.30.57,183.87.44.192,183.97.153.63,184.106.219.75,184.154.12.27,184.82.4.136,184.82.79.116,186.0.0.150,186.104.10.36,186.104.163.74,186.122.113.249,186.14.252.28,186.18.143.135,186.18.193.226,186.18.234.8,186.201.125.202,186.42.172.2,186.42.173.147,186.80.133.48,186.81.112.92,186.81.156.219] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (48)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510095; rev:2003; fwsam: src, 24 hours;)
alert tcp [186.81.205.40,186.81.55.63,186.81.91.122,186.82.101.28,186.82.72.223,186.83.227.172,186.84.11.222,186.87.122.112,186.87.253.224,186.98.237.163,186.98.46.243,187.0.208.194,187.0.209.58,187.1.51.166,187.10.129.123,187.10.137.37,187.10.172.215,187.10.190.176,187.10.60.50,187.10.88.108,187.101.18.151,187.101.19.144,187.11.144.148,187.11.231.119,187.11.66.159,187.11.8.25,187.114.178.207,187.115.142.34,187.115.62.178,187.142.214.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (49)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510096; rev:2003; fwsam: src, 24 hours;)
alert udp [186.81.205.40,186.81.55.63,186.81.91.122,186.82.101.28,186.82.72.223,186.83.227.172,186.84.11.222,186.87.122.112,186.87.253.224,186.98.237.163,186.98.46.243,187.0.208.194,187.0.209.58,187.1.51.166,187.10.129.123,187.10.137.37,187.10.172.215,187.10.190.176,187.10.60.50,187.10.88.108,187.101.18.151,187.101.19.144,187.11.144.148,187.11.231.119,187.11.66.159,187.11.8.25,187.114.178.207,187.115.142.34,187.115.62.178,187.142.214.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (49)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510097; rev:2003; fwsam: src, 24 hours;)
alert tcp [187.16.21.34,187.17.64.162,187.18.5.22,187.19.98.231,187.2.148.16,187.21.210.236,187.21.22.248,187.23.11.75,187.23.8.99,187.32.36.42,187.32.93.1,187.34.148.177,187.34.154.215,187.34.192.132,187.34.209.140,187.34.225.236,187.34.225.6,187.34.246.75,187.35.172.19,187.35.19.202,187.35.31.26,187.36.101.186,187.36.156.214,187.39.69.85,187.4.32.121,187.4.66.18,187.4.67.74,187.40.0.210,187.45.198.11,187.45.207.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (50)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510098; rev:2003; fwsam: src, 24 hours;)
alert udp [187.16.21.34,187.17.64.162,187.18.5.22,187.19.98.231,187.2.148.16,187.21.210.236,187.21.22.248,187.23.11.75,187.23.8.99,187.32.36.42,187.32.93.1,187.34.148.177,187.34.154.215,187.34.192.132,187.34.209.140,187.34.225.236,187.34.225.6,187.34.246.75,187.35.172.19,187.35.19.202,187.35.31.26,187.36.101.186,187.36.156.214,187.39.69.85,187.4.32.121,187.4.66.18,187.4.67.74,187.40.0.210,187.45.198.11,187.45.207.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (50)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510099; rev:2003; fwsam: src, 24 hours;)
alert tcp [187.45.207.251,187.45.212.21,187.45.232.225,187.45.244.104,187.5.120.33,187.5.128.12,187.5.152.117,187.5.197.131,187.50.136.10,187.54.74.92,187.56.132.129,187.56.192.188,187.6.49.106,187.6.50.203,187.6.98.210,187.60.232.130,187.61.4.210,187.61.7.86,187.61.8.114,187.62.245.235,187.63.227.181,187.64.42.154,187.66.245.229,187.74.112.149,187.74.214.116,187.75.165.209,187.75.79.253,187.78.17.225,187.78.91.240,187.8.155.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (51)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510100; rev:2003; fwsam: src, 24 hours;)
alert udp [187.45.207.251,187.45.212.21,187.45.232.225,187.45.244.104,187.5.120.33,187.5.128.12,187.5.152.117,187.5.197.131,187.50.136.10,187.54.74.92,187.56.132.129,187.56.192.188,187.6.49.106,187.6.50.203,187.6.98.210,187.60.232.130,187.61.4.210,187.61.7.86,187.61.8.114,187.62.245.235,187.63.227.181,187.64.42.154,187.66.245.229,187.74.112.149,187.74.214.116,187.75.165.209,187.75.79.253,187.78.17.225,187.78.91.240,187.8.155.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (51)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510101; rev:2003; fwsam: src, 24 hours;)
alert tcp [188.120.225.146,188.120.226.204,188.120.226.242,188.120.228.205,188.120.242.135,188.120.242.141,188.120.245.131,188.123.102.72,188.127.128.140,188.138.32.103,188.163.29.95,188.163.65.166,188.163.78.26,188.165.195.34,188.17.155.25,188.181.128.134,188.186.158.133,188.186.173.132,188.201.254.66,188.214.17.32,188.220.18.68,188.246.80.181,188.36.57.164,188.40.105.78,188.40.110.151,188.40.123.140,188.40.134.133,188.40.134.194,188.40.134.20,188.40.156.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (52)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510102; rev:2003; fwsam: src, 24 hours;)
alert udp [188.120.225.146,188.120.226.204,188.120.226.242,188.120.228.205,188.120.242.135,188.120.242.141,188.120.245.131,188.123.102.72,188.127.128.140,188.138.32.103,188.163.29.95,188.163.65.166,188.163.78.26,188.165.195.34,188.17.155.25,188.181.128.134,188.186.158.133,188.186.173.132,188.201.254.66,188.214.17.32,188.220.18.68,188.246.80.181,188.36.57.164,188.40.105.78,188.40.110.151,188.40.123.140,188.40.134.133,188.40.134.194,188.40.134.20,188.40.156.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (52)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510103; rev:2003; fwsam: src, 24 hours;)
alert tcp [188.40.159.20,188.40.167.22,188.40.167.8,188.40.196.1,188.40.207.76,188.40.232.106,188.40.255.93,188.40.36.88,188.40.36.89,188.40.37.208,188.40.39.12,188.40.40.70,188.40.49.200,188.40.54.75,188.40.66.72,188.40.72.197,188.40.74.140,188.40.74.83,188.40.77.10,188.40.80.134,188.40.98.199,188.58.81.86,188.65.208.31,188.65.51.246,188.65.74.70,188.65.74.72,188.72.199.22,188.72.202.71,188.72.203.124,188.72.211.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (53)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510104; rev:2003; fwsam: src, 24 hours;)
alert udp [188.40.159.20,188.40.167.22,188.40.167.8,188.40.196.1,188.40.207.76,188.40.232.106,188.40.255.93,188.40.36.88,188.40.36.89,188.40.37.208,188.40.39.12,188.40.40.70,188.40.49.200,188.40.54.75,188.40.66.72,188.40.72.197,188.40.74.140,188.40.74.83,188.40.77.10,188.40.80.134,188.40.98.199,188.58.81.86,188.65.208.31,188.65.51.246,188.65.74.70,188.65.74.72,188.72.199.22,188.72.202.71,188.72.203.124,188.72.211.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (53)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510105; rev:2003; fwsam: src, 24 hours;)
alert tcp [188.72.225.212,188.72.225.213,188.72.226.149,188.93.212.50,188.93.240.14,188.95.112.200,188.95.124.194,188.95.144.3,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.1.25.110,189.10.202.8,189.10.83.237,189.101.160.11,189.103.170.194,189.103.204.89,189.103.49.63,189.104.21.75,189.105.206.110,189.106.35.44,189.106.60.107,189.107.109.55,189.107.25.181,189.107.48.18,189.108.123.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (54)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510106; rev:2003; fwsam: src, 24 hours;)
alert udp [188.72.225.212,188.72.225.213,188.72.226.149,188.93.212.50,188.93.240.14,188.95.112.200,188.95.124.194,188.95.144.3,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.1.25.110,189.10.202.8,189.10.83.237,189.101.160.11,189.103.170.194,189.103.204.89,189.103.49.63,189.104.21.75,189.105.206.110,189.106.35.44,189.106.60.107,189.107.109.55,189.107.25.181,189.107.48.18,189.108.123.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (54)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510107; rev:2003; fwsam: src, 24 hours;)
alert tcp [189.11.11.130,189.11.61.194,189.110.112.62,189.110.134.132,189.110.142.209,189.110.82.250,189.111.61.79,189.112.107.57,189.112.179.113,189.114.137.90,189.123.118.128,189.123.214.149,189.123.28.162,189.123.54.171,189.123.81.117,189.126.103.184,189.126.107.14,189.126.107.35,189.126.107.69,189.126.107.87,189.126.110.136,189.126.110.88,189.126.99.181,189.13.202.70,189.136.171.137,189.138.17.131,189.139.142.105,189.14.239.14,189.14.245.99,189.146.11.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (55)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510108; rev:2003; fwsam: src, 24 hours;)
alert udp [189.11.11.130,189.11.61.194,189.110.112.62,189.110.134.132,189.110.142.209,189.110.82.250,189.111.61.79,189.112.107.57,189.112.179.113,189.114.137.90,189.123.118.128,189.123.214.149,189.123.28.162,189.123.54.171,189.123.81.117,189.126.103.184,189.126.107.14,189.126.107.35,189.126.107.69,189.126.107.87,189.126.110.136,189.126.110.88,189.126.99.181,189.13.202.70,189.136.171.137,189.138.17.131,189.139.142.105,189.14.239.14,189.14.245.99,189.146.11.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (55)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510109; rev:2003; fwsam: src, 24 hours;)
alert tcp [189.15.171.226,189.15.199.11,189.15.205.21,189.15.24.67,189.15.48.139,189.15.65.40,189.15.70.245,189.16.92.8,189.16.96.113,189.18.102.48,189.18.12.180,189.18.181.116,189.18.234.123,189.18.30.119,189.19.120.223,189.19.141.192,189.19.146.99,189.19.27.79,189.2.160.178,189.20.122.4,189.202.27.56,189.202.5.37,189.202.91.106,189.204.31.44,189.205.104.170,189.210.174.180,189.220.147.113,189.220.60.159,189.221.242.67,189.224.6.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (56)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510110; rev:2003; fwsam: src, 24 hours;)
alert udp [189.15.171.226,189.15.199.11,189.15.205.21,189.15.24.67,189.15.48.139,189.15.65.40,189.15.70.245,189.16.92.8,189.16.96.113,189.18.102.48,189.18.12.180,189.18.181.116,189.18.234.123,189.18.30.119,189.19.120.223,189.19.141.192,189.19.146.99,189.19.27.79,189.2.160.178,189.20.122.4,189.202.27.56,189.202.5.37,189.202.91.106,189.204.31.44,189.205.104.170,189.210.174.180,189.220.147.113,189.220.60.159,189.221.242.67,189.224.6.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (56)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510111; rev:2003; fwsam: src, 24 hours;)
alert tcp [189.24.18.108,189.24.49.51,189.3.236.155,189.30.31.131,189.32.245.39,189.35.91.175,189.36.209.122,189.38.136.193,189.38.250.63,189.38.58.242,189.38.7.203,189.39.156.95,189.39.83.20,189.41.13.149,189.41.86.232,189.42.147.82,189.42.162.2,189.43.55.85,189.45.17.53,189.45.37.101,189.46.10.46,189.46.13.207,189.46.131.163,189.46.164.136,189.46.200.118,189.46.200.223,189.46.231.215,189.46.234.40,189.46.242.80,189.46.36.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (57)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510112; rev:2003; fwsam: src, 24 hours;)
alert udp [189.24.18.108,189.24.49.51,189.3.236.155,189.30.31.131,189.32.245.39,189.35.91.175,189.36.209.122,189.38.136.193,189.38.250.63,189.38.58.242,189.38.7.203,189.39.156.95,189.39.83.20,189.41.13.149,189.41.86.232,189.42.147.82,189.42.162.2,189.43.55.85,189.45.17.53,189.45.37.101,189.46.10.46,189.46.13.207,189.46.131.163,189.46.164.136,189.46.200.118,189.46.200.223,189.46.231.215,189.46.234.40,189.46.242.80,189.46.36.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (57)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510113; rev:2003; fwsam: src, 24 hours;)
alert tcp [189.46.4.144,189.46.44.69,189.46.77.16,189.46.96.169,189.47.172.238,189.47.185.186,189.47.4.1,189.5.133.131,189.5.223.85,189.5.255.168,189.5.92.20,189.50.198.250,189.53.243.82,189.59.234.66,189.59.73.178,189.59.94.20,189.6.115.251,189.6.120.135,189.61.101.163,189.61.67.240,189.63.203.14,189.68.161.119,189.68.28.86,189.69.130.48,189.69.134.140,189.69.137.72,189.69.88.62,189.7.160.30,189.70.230.240,189.72.110.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (58)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510114; rev:2003; fwsam: src, 24 hours;)
alert udp [189.46.4.144,189.46.44.69,189.46.77.16,189.46.96.169,189.47.172.238,189.47.185.186,189.47.4.1,189.5.133.131,189.5.223.85,189.5.255.168,189.5.92.20,189.50.198.250,189.53.243.82,189.59.234.66,189.59.73.178,189.59.94.20,189.6.115.251,189.6.120.135,189.61.101.163,189.61.67.240,189.63.203.14,189.68.161.119,189.68.28.86,189.69.130.48,189.69.134.140,189.69.137.72,189.69.88.62,189.7.160.30,189.70.230.240,189.72.110.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (58)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510115; rev:2003; fwsam: src, 24 hours;)
alert tcp [189.72.55.116,189.77.21.11,189.78.0.84,189.78.117.71,189.78.125.57,189.78.140.112,189.78.146.41,189.78.149.144,189.8.87.45,189.80.148.214,189.80.178.209,189.80.20.189,189.80.228.114,189.81.84.129,189.82.22.49,189.82.97.193,189.84.0.6,189.96.27.135,189.97.45.99,189.98.190.50,190.0.162.121,190.105.63.61,190.107.127.207,190.12.13.78,190.12.6.2,190.12.89.138,190.120.226.150,190.120.226.170,190.122.163.2,190.122.192.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (59)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510116; rev:2003; fwsam: src, 24 hours;)
alert udp [189.72.55.116,189.77.21.11,189.78.0.84,189.78.117.71,189.78.125.57,189.78.140.112,189.78.146.41,189.78.149.144,189.8.87.45,189.80.148.214,189.80.178.209,189.80.20.189,189.80.228.114,189.81.84.129,189.82.22.49,189.82.97.193,189.84.0.6,189.96.27.135,189.97.45.99,189.98.190.50,190.0.162.121,190.105.63.61,190.107.127.207,190.12.13.78,190.12.6.2,190.12.89.138,190.120.226.150,190.120.226.170,190.122.163.2,190.122.192.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (59)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510117; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.128.50.187,190.129.64.10,190.129.67.20,190.129.69.227,190.131.109.24,190.131.127.58,190.131.21.58,190.131.23.117,190.131.46.149,190.131.93.121,190.131.93.5,190.136.176.232,190.139.13.240,190.14.163.197,190.14.164.121,190.14.175.242,190.14.250.110,190.141.164.148,190.144.107.106,190.144.224.10,190.144.225.178,190.144.241.51,190.144.58.66,190.144.89.86,190.145.100.110,190.145.11.106,190.145.11.110,190.145.115.130,190.145.2.139,190.145.38.36] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (60)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510118; rev:2003; fwsam: src, 24 hours;)
alert udp [190.128.50.187,190.129.64.10,190.129.67.20,190.129.69.227,190.131.109.24,190.131.127.58,190.131.21.58,190.131.23.117,190.131.46.149,190.131.93.121,190.131.93.5,190.136.176.232,190.139.13.240,190.14.163.197,190.14.164.121,190.14.175.242,190.14.250.110,190.141.164.148,190.144.107.106,190.144.224.10,190.144.225.178,190.144.241.51,190.144.58.66,190.144.89.86,190.145.100.110,190.145.11.106,190.145.11.110,190.145.115.130,190.145.2.139,190.145.38.36] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (60)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510119; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.146.129.232,190.146.238.146,190.147.102.50,190.147.103.4,190.151.24.23,190.151.9.10,190.152.116.73,190.152.222.218,190.154.23.52,190.158.146.21,190.158.230.33,190.159.208.79,190.160.55.13,190.161.104.222,190.161.74.188,190.163.109.122,190.164.246.80,190.164.97.139,190.17.245.112,190.172.231.2,190.173.246.254,190.174.178.159,190.179.22.49,190.179.73.87,190.184.35.27,190.187.30.194,190.188.40.62,190.188.41.224,190.189.148.215,190.189.160.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (61)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510120; rev:2003; fwsam: src, 24 hours;)
alert udp [190.146.129.232,190.146.238.146,190.147.102.50,190.147.103.4,190.151.24.23,190.151.9.10,190.152.116.73,190.152.222.218,190.154.23.52,190.158.146.21,190.158.230.33,190.159.208.79,190.160.55.13,190.161.104.222,190.161.74.188,190.163.109.122,190.164.246.80,190.164.97.139,190.17.245.112,190.172.231.2,190.173.246.254,190.174.178.159,190.179.22.49,190.179.73.87,190.184.35.27,190.187.30.194,190.188.40.62,190.188.41.224,190.189.148.215,190.189.160.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (61)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510121; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.189.169.212,190.190.132.198,190.190.216.31,190.191.179.250,190.193.10.216,190.193.128.211,190.196.32.122,190.196.61.245,190.196.65.28,190.2.33.189,190.2.41.61,190.2.44.189,190.2.55.34,190.20.103.117,190.20.255.186,190.20.36.58,190.20.6.231,190.20.80.128,190.208.115.161,190.208.120.107,190.208.19.227,190.208.34.228,190.208.73.21,190.209.102.184,190.209.140.188,190.209.19.21,190.209.253.145,190.209.36.111,190.209.39.191,190.209.40.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (62)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510122; rev:2003; fwsam: src, 24 hours;)
alert udp [190.189.169.212,190.190.132.198,190.190.216.31,190.191.179.250,190.193.10.216,190.193.128.211,190.196.32.122,190.196.61.245,190.196.65.28,190.2.33.189,190.2.41.61,190.2.44.189,190.2.55.34,190.20.103.117,190.20.255.186,190.20.36.58,190.20.6.231,190.20.80.128,190.208.115.161,190.208.120.107,190.208.19.227,190.208.34.228,190.208.73.21,190.209.102.184,190.209.140.188,190.209.19.21,190.209.253.145,190.209.36.111,190.209.39.191,190.209.40.163] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (62)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510123; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.209.96.165,190.21.197.52,190.210.15.136,190.210.58.154,190.210.58.155,190.213.38.48,190.216.171.82,190.220.137.10,190.220.208.222,190.225.246.238,190.228.84.37,190.24.193.158,190.24.23.43,190.244.187.194,190.244.204.244,190.246.140.244,190.247.159.62,190.248.10.146,190.249.58.118,190.25.135.100,190.25.151.231,190.25.211.226,190.25.229.74,190.25.75.161,190.254.103.11,190.254.194.162,190.254.221.66,190.26.107.38,190.26.214.196,190.26.61.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (63)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510124; rev:2003; fwsam: src, 24 hours;)
alert udp [190.209.96.165,190.21.197.52,190.210.15.136,190.210.58.154,190.210.58.155,190.213.38.48,190.216.171.82,190.220.137.10,190.220.208.222,190.225.246.238,190.228.84.37,190.24.193.158,190.24.23.43,190.244.187.194,190.244.204.244,190.246.140.244,190.247.159.62,190.248.10.146,190.249.58.118,190.25.135.100,190.25.151.231,190.25.211.226,190.25.229.74,190.25.75.161,190.254.103.11,190.254.194.162,190.254.221.66,190.26.107.38,190.26.214.196,190.26.61.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (63)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510125; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.26.93.194,190.27.194.90,190.27.194.98,190.27.197.90,190.27.203.114,190.27.23.226,190.3.66.154,190.31.159.17,190.34.166.215,190.36.154.179,190.37.133.113,190.38.199.227,190.41.25.15,190.41.30.76,190.41.82.102,190.46.52.41,190.47.149.20,190.48.233.243,190.5.204.183,190.5.206.150,190.50.102.210,190.50.8.250,190.51.104.121,190.51.54.82,190.53.227.235,190.54.28.147,190.54.31.132,190.54.47.163,190.55.1.188,190.55.124.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (64)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510126; rev:2003; fwsam: src, 24 hours;)
alert udp [190.26.93.194,190.27.194.90,190.27.194.98,190.27.197.90,190.27.203.114,190.27.23.226,190.3.66.154,190.31.159.17,190.34.166.215,190.36.154.179,190.37.133.113,190.38.199.227,190.41.25.15,190.41.30.76,190.41.82.102,190.46.52.41,190.47.149.20,190.48.233.243,190.5.204.183,190.5.206.150,190.50.102.210,190.50.8.250,190.51.104.121,190.51.54.82,190.53.227.235,190.54.28.147,190.54.31.132,190.54.47.163,190.55.1.188,190.55.124.213] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (64)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510127; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.55.137.88,190.55.238.62,190.58.158.11,190.6.144.44,190.60.221.5,190.60.237.168,190.66.11.59,190.67.75.171,190.68.110.26,190.68.69.58,190.69.1.14,190.69.240.10,190.7.29.154,190.76.92.153,190.79.233.91,190.81.169.250,190.81.171.68,190.81.175.42,190.81.177.28,190.81.59.29,190.82.144.73,190.82.170.214,190.82.213.120,190.82.237.57,190.84.165.41,190.84.248.33,190.9.103.138,190.92.24.39,190.94.81.93,190.95.104.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (65)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510128; rev:2003; fwsam: src, 24 hours;)
alert udp [190.55.137.88,190.55.238.62,190.58.158.11,190.6.144.44,190.60.221.5,190.60.237.168,190.66.11.59,190.67.75.171,190.68.110.26,190.68.69.58,190.69.1.14,190.69.240.10,190.7.29.154,190.76.92.153,190.79.233.91,190.81.169.250,190.81.171.68,190.81.175.42,190.81.177.28,190.81.59.29,190.82.144.73,190.82.170.214,190.82.213.120,190.82.237.57,190.84.165.41,190.84.248.33,190.9.103.138,190.92.24.39,190.94.81.93,190.95.104.190] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (65)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510129; rev:2003; fwsam: src, 24 hours;)
alert tcp [190.95.28.7,190.95.30.136,190.95.72.62,190.95.99.128,190.96.164.100,192.118.54.19,192.122.131.105,192.134.29.3,192.167.122.9,192.167.137.10,192.192.100.156,192.192.214.132,192.192.241.160,192.192.241.2,192.207.27.23,192.228.180.23,192.38.32.159,192.48.184.34,192.50.109.174,192.83.181.111,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.34.69,193.104.35.22,193.104.35.64,193.104.35.66,193.104.94.15,193.104.94.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (66)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510130; rev:2003; fwsam: src, 24 hours;)
alert udp [190.95.28.7,190.95.30.136,190.95.72.62,190.95.99.128,190.96.164.100,192.118.54.19,192.122.131.105,192.134.29.3,192.167.122.9,192.167.137.10,192.192.100.156,192.192.214.132,192.192.241.160,192.192.241.2,192.207.27.23,192.228.180.23,192.38.32.159,192.48.184.34,192.50.109.174,192.83.181.111,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.34.69,193.104.35.22,193.104.35.64,193.104.35.66,193.104.94.15,193.104.94.56] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (66)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510131; rev:2003; fwsam: src, 24 hours;)
alert tcp [193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.22,193.105.207.25,193.106.65.15,193.107.16.34,193.109.246.210,193.109.246.227,193.109.246.34,193.110.112.228,193.111.246.102,193.111.49.10,193.124.17.53,193.126.32.99,193.136.40.181,193.137.201.84,193.138.108.147,193.138.125.54,193.138.188.34,193.138.207.205,193.138.219.21,193.145.155.227,193.146.210.191,193.147.87.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (67)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510132; rev:2003; fwsam: src, 24 hours;)
alert udp [193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.22,193.105.207.25,193.106.65.15,193.107.16.34,193.109.246.210,193.109.246.227,193.109.246.34,193.110.112.228,193.111.246.102,193.111.49.10,193.124.17.53,193.126.32.99,193.136.40.181,193.137.201.84,193.138.108.147,193.138.125.54,193.138.188.34,193.138.207.205,193.138.219.21,193.145.155.227,193.146.210.191,193.147.87.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (67)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510133; rev:2003; fwsam: src, 24 hours;)
alert tcp [193.151.87.175,193.158.118.14,193.16.154.120,193.164.133.205,193.169.173.12,193.169.188.146,193.169.188.19,193.169.86.123,193.169.86.124,193.169.87.118,193.169.87.119,193.169.87.137,193.169.87.141,193.169.87.151,193.170.209.180,193.170.221.94,193.170.238.50,193.171.251.94,193.171.32.6,193.173.27.3,193.178.153.252,193.179.183.154,193.179.212.11,193.188.254.252,193.19.77.19,193.19.77.215,193.19.77.29,193.19.77.41,193.19.77.54,193.190.246.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (68)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510134; rev:2003; fwsam: src, 24 hours;)
alert udp [193.151.87.175,193.158.118.14,193.16.154.120,193.164.133.205,193.169.173.12,193.169.188.146,193.169.188.19,193.169.86.123,193.169.86.124,193.169.87.118,193.169.87.119,193.169.87.137,193.169.87.141,193.169.87.151,193.170.209.180,193.170.221.94,193.170.238.50,193.171.251.94,193.171.32.6,193.173.27.3,193.178.153.252,193.179.183.154,193.179.212.11,193.188.254.252,193.19.77.19,193.19.77.215,193.19.77.29,193.19.77.41,193.19.77.54,193.190.246.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (68)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510135; rev:2003; fwsam: src, 24 hours;)
alert tcp [193.192.48.71,193.194.84.215,193.194.92.237,193.198.213.52,193.198.56.131,193.200.173.55,193.201.198.29,193.201.39.134,193.201.63.3,193.202.110.140,193.203.35.165,193.203.44.4,193.203.47.250,193.205.213.219,193.205.60.187,193.206.206.52,193.218.155.98,193.223.79.21,193.224.76.129,193.225.140.135,193.225.190.100,193.225.204.51,193.225.219.17,193.230.191.3,193.231.143.252,193.231.39.65,193.232.159.1,193.238.129.181,193.239.47.21,193.251.17.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (69)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510136; rev:2003; fwsam: src, 24 hours;)
alert udp [193.192.48.71,193.194.84.215,193.194.92.237,193.198.213.52,193.198.56.131,193.200.173.55,193.201.198.29,193.201.39.134,193.201.63.3,193.202.110.140,193.203.35.165,193.203.44.4,193.203.47.250,193.205.213.219,193.205.60.187,193.206.206.52,193.218.155.98,193.223.79.21,193.224.76.129,193.225.140.135,193.225.190.100,193.225.204.51,193.225.219.17,193.230.191.3,193.231.143.252,193.231.39.65,193.232.159.1,193.238.129.181,193.239.47.21,193.251.17.135] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (69)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510137; rev:2003; fwsam: src, 24 hours;)
alert tcp [193.251.17.32,193.251.184.189,193.252.188.149,193.252.190.42,193.253.101.195,193.253.213.133,193.26.6.16,193.29.79.43,193.33.248.120,193.34.150.8,193.34.168.112,193.36.35.45,193.40.102.84,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.42.230.131,193.43.134.58,193.43.92.186,193.46.83.105,193.47.153.14,193.50.151.71,193.73.242.102,193.77.156.204,193.92.255.189,193.95.249.103,194.0.252.231,194.100.203.214,194.106.218.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (70)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510138; rev:2003; fwsam: src, 24 hours;)
alert udp [193.251.17.32,193.251.184.189,193.252.188.149,193.252.190.42,193.253.101.195,193.253.213.133,193.26.6.16,193.29.79.43,193.33.248.120,193.34.150.8,193.34.168.112,193.36.35.45,193.40.102.84,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.42.230.131,193.43.134.58,193.43.92.186,193.46.83.105,193.47.153.14,193.50.151.71,193.73.242.102,193.77.156.204,193.92.255.189,193.95.249.103,194.0.252.231,194.100.203.214,194.106.218.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (70)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510139; rev:2003; fwsam: src, 24 hours;)
alert tcp [194.110.192.70,194.110.221.243,194.110.67.201,194.110.67.204,194.116.186.202,194.125.236.241,194.126.124.37,194.126.172.247,194.126.173.139,194.144.62.242,194.146.226.126,194.150.118.6,194.150.120.40,194.154.71.66,194.170.32.253,194.170.32.254,194.177.97.78,194.177.98.168,194.177.99.235,194.181.152.195,194.186.162.126,194.186.88.37,194.187.19.20,194.187.74.233,194.19.106.10,194.19.251.162,194.19.96.251,194.190.139.249,194.192.14.175,194.204.8.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (71)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510140; rev:2003; fwsam: src, 24 hours;)
alert udp [194.110.192.70,194.110.221.243,194.110.67.201,194.110.67.204,194.116.186.202,194.125.236.241,194.126.124.37,194.126.172.247,194.126.173.139,194.144.62.242,194.146.226.126,194.150.118.6,194.150.120.40,194.154.71.66,194.170.32.253,194.170.32.254,194.177.97.78,194.177.98.168,194.177.99.235,194.181.152.195,194.186.162.126,194.186.88.37,194.187.19.20,194.187.74.233,194.19.106.10,194.19.251.162,194.19.96.251,194.190.139.249,194.192.14.175,194.204.8.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (71)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510141; rev:2003; fwsam: src, 24 hours;)
alert tcp [194.213.30.19,194.232.87.2,194.25.236.10,194.250.133.2,194.254.210.90,194.28.112.132,194.28.85.14,194.29.226.107,194.30.15.173,194.32.151.185,194.44.240.74,194.44.244.190,194.50.85.251,194.67.77.115,194.68.140.3,194.69.204.244,194.77.104.169,194.79.250.28,194.79.250.42,194.80.51.2,194.85.37.170,194.85.61.78,194.87.13.181,194.93.130.10,195.110.213.65,195.110.22.78,195.112.198.230,195.113.149.34,195.113.45.3,195.113.57.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (72)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510142; rev:2003; fwsam: src, 24 hours;)
alert udp [194.213.30.19,194.232.87.2,194.25.236.10,194.250.133.2,194.254.210.90,194.28.112.132,194.28.85.14,194.29.226.107,194.30.15.173,194.32.151.185,194.44.240.74,194.44.244.190,194.50.85.251,194.67.77.115,194.68.140.3,194.69.204.244,194.77.104.169,194.79.250.28,194.79.250.42,194.80.51.2,194.85.37.170,194.85.61.78,194.87.13.181,194.93.130.10,195.110.213.65,195.110.22.78,195.112.198.230,195.113.149.34,195.113.45.3,195.113.57.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (72)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510143; rev:2003; fwsam: src, 24 hours;)
alert tcp [195.113.79.50,195.116.43.50,195.117.224.135,195.13.190.7,195.13.61.58,195.137.213.231,195.137.30.127,195.138.206.234,195.14.243.85,195.14.50.8,195.141.79.36,195.142.106.66,195.144.11.175,195.145.57.205,195.146.67.105,195.149.158.137,195.154.158.18,195.154.193.99,195.158.183.102,195.158.60.67,195.159.29.131,195.16.88.85,195.160.213.200,195.161.148.67,195.170.63.150,195.182.57.143,195.182.57.147,195.186.80.19,195.186.80.20,195.186.81.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (73)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510144; rev:2003; fwsam: src, 24 hours;)
alert udp [195.113.79.50,195.116.43.50,195.117.224.135,195.13.190.7,195.13.61.58,195.137.213.231,195.137.30.127,195.138.206.234,195.14.243.85,195.14.50.8,195.141.79.36,195.142.106.66,195.144.11.175,195.145.57.205,195.146.67.105,195.149.158.137,195.154.158.18,195.154.193.99,195.158.183.102,195.158.60.67,195.159.29.131,195.16.88.85,195.160.213.200,195.161.148.67,195.170.63.150,195.182.57.143,195.182.57.147,195.186.80.19,195.186.80.20,195.186.81.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (73)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510145; rev:2003; fwsam: src, 24 hours;)
alert tcp [195.187.34.72,195.188.253.21,195.189.182.110,195.189.240.18,195.19.250.207,195.191.166.246,195.191.25.160,195.194.72.26,195.199.171.33,195.199.240.108,195.199.249.68,195.2.195.195,195.2.240.199,195.2.255.106,195.2.87.2,195.20.15.126,195.20.197.76,195.202.171.81,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251,195.207.16.204,195.207.16.205,195.209.147.131,195.210.28.142,195.218.255.30,195.218.31.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (74)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510146; rev:2003; fwsam: src, 24 hours;)
alert udp [195.187.34.72,195.188.253.21,195.189.182.110,195.189.240.18,195.19.250.207,195.191.166.246,195.191.25.160,195.194.72.26,195.199.171.33,195.199.240.108,195.199.249.68,195.2.195.195,195.2.240.199,195.2.255.106,195.2.87.2,195.20.15.126,195.20.197.76,195.202.171.81,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251,195.207.16.204,195.207.16.205,195.209.147.131,195.210.28.142,195.218.255.30,195.218.31.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (74)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510147; rev:2003; fwsam: src, 24 hours;)
alert tcp [195.22.101.32,195.22.112.14,195.22.181.106,195.22.21.2,195.22.6.215,195.220.117.73,195.221.67.11,195.225.168.249,195.225.196.234,195.226.182.36,195.228.152.142,195.228.230.92,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.23.114.1,195.23.94.159,195.230.168.94,195.230.5.131,195.235.210.81,195.238.112.214,195.24.238.1,195.24.54.14,195.241.21.227,195.242.161.135,195.242.161.206,195.242.161.44,195.242.161.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (75)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510148; rev:2003; fwsam: src, 24 hours;)
alert udp [195.22.101.32,195.22.112.14,195.22.181.106,195.22.21.2,195.22.6.215,195.220.117.73,195.221.67.11,195.225.168.249,195.225.196.234,195.226.182.36,195.228.152.142,195.228.230.92,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.23.114.1,195.23.94.159,195.230.168.94,195.230.5.131,195.235.210.81,195.238.112.214,195.24.238.1,195.24.54.14,195.241.21.227,195.242.161.135,195.242.161.206,195.242.161.44,195.242.161.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (75)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510149; rev:2003; fwsam: src, 24 hours;)
alert tcp [195.242.238.200,195.242.239.90,195.246.242.60,195.246.254.75,195.248.230.39,195.250.188.225,195.251.213.110,195.251.230.111,195.251.6.234,195.252.127.41,195.252.46.78,195.26.74.167,195.26.93.250,195.3.137.187,195.34.105.98,195.34.78.100,195.35.249.114,195.39.19.46,195.41.32.101,195.42.115.213,195.46.161.3,195.49.165.250,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.192,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (76)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510150; rev:2003; fwsam: src, 24 hours;)
alert udp [195.242.238.200,195.242.239.90,195.246.242.60,195.246.254.75,195.248.230.39,195.250.188.225,195.251.213.110,195.251.230.111,195.251.6.234,195.252.127.41,195.252.46.78,195.26.74.167,195.26.93.250,195.3.137.187,195.34.105.98,195.34.78.100,195.35.249.114,195.39.19.46,195.41.32.101,195.42.115.213,195.46.161.3,195.49.165.250,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.192,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (76)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510151; rev:2003; fwsam: src, 24 hours;)
alert tcp [195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5,195.5.161.68,195.5.161.72,195.50.173.100,195.50.185.5,195.50.222.83,195.56.111.191,195.56.146.53,195.56.164.149,195.56.172.204,195.56.207.106,195.56.247.186,195.58.163.10,195.60.70.28,195.62.169.244,195.62.225.134,195.62.70.1,195.64.178.201,195.64.184.15,195.67.7.242,195.69.251.131,195.70.35.225,195.76.85.232,195.78.33.2,195.78.58.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (77)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510152; rev:2003; fwsam: src, 24 hours;)
alert udp [195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5,195.5.161.68,195.5.161.72,195.50.173.100,195.50.185.5,195.50.222.83,195.56.111.191,195.56.146.53,195.56.164.149,195.56.172.204,195.56.207.106,195.56.247.186,195.58.163.10,195.60.70.28,195.62.169.244,195.62.225.134,195.62.70.1,195.64.178.201,195.64.184.15,195.67.7.242,195.69.251.131,195.70.35.225,195.76.85.232,195.78.33.2,195.78.58.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (77)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510153; rev:2003; fwsam: src, 24 hours;)
alert tcp [195.8.39.199,195.88.18.2,195.88.33.102,195.88.51.235,195.90.106.212,195.93.153.33,195.93.180.252,195.95.173.197,195.96.216.70,195.97.207.188,195.97.219.248,195.98.50.102,196.10.224.242,196.12.36.225,196.15.9.212,196.2.128.19,196.2.70.3,196.20.78.119,196.201.229.138,196.212.52.130,196.216.66.166,196.217.161.145,196.219.222.226,196.220.63.29,196.25.173.7,196.30.126.178,196.34.92.39,196.35.158.183,196.36.152.129,196.40.23.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (78)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510154; rev:2003; fwsam: src, 24 hours;)
alert udp [195.8.39.199,195.88.18.2,195.88.33.102,195.88.51.235,195.90.106.212,195.93.153.33,195.93.180.252,195.95.173.197,195.96.216.70,195.97.207.188,195.97.219.248,195.98.50.102,196.10.224.242,196.12.36.225,196.15.9.212,196.2.128.19,196.2.70.3,196.20.78.119,196.201.229.138,196.212.52.130,196.216.66.166,196.217.161.145,196.219.222.226,196.220.63.29,196.25.173.7,196.30.126.178,196.34.92.39,196.35.158.183,196.36.152.129,196.40.23.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (78)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510155; rev:2003; fwsam: src, 24 hours;)
alert tcp [196.40.74.33,196.40.74.39,196.41.2.166,196.41.2.86,196.41.205.3,196.41.3.246,196.41.3.25,196.43.78.226,196.44.161.169,196.44.181.136,196.7.36.166,198.106.147.53,198.109.219.254,198.109.50.251,198.144.36.11,198.189.237.181,198.236.40.252,198.60.105.164,199.120.21.24,199.203.55.226,199.216.244.36,199.71.215.39,200.100.183.249,200.100.8.48,200.101.171.35,200.104.54.221,200.105.140.238,200.105.232.146,200.105.232.253,200.105.234.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (79)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510156; rev:2003; fwsam: src, 24 hours;)
alert udp [196.40.74.33,196.40.74.39,196.41.2.166,196.41.2.86,196.41.205.3,196.41.3.246,196.41.3.25,196.43.78.226,196.44.161.169,196.44.181.136,196.7.36.166,198.106.147.53,198.109.219.254,198.109.50.251,198.144.36.11,198.189.237.181,198.236.40.252,198.60.105.164,199.120.21.24,199.203.55.226,199.216.244.36,199.71.215.39,200.100.183.249,200.100.8.48,200.101.171.35,200.104.54.221,200.105.140.238,200.105.232.146,200.105.232.253,200.105.234.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (79)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510157; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.105.241.120,200.107.156.226,200.107.41.230,200.107.60.48,200.11.75.102,200.110.19.218,200.111.55.13,200.111.67.80,200.115.218.230,200.115.225.241,200.115.247.99,200.116.22.72,200.117.131.229,200.117.19.3,200.117.234.163,200.119.239.229,200.12.20.5,200.122.98.113,200.123.101.83,200.123.110.118,200.124.247.198,200.125.73.33,200.126.80.98,200.126.81.36,200.127.52.19,200.129.136.130,200.129.179.15,200.13.192.210,200.13.254.183,200.131.252.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (80)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510158; rev:2003; fwsam: src, 24 hours;)
alert udp [200.105.241.120,200.107.156.226,200.107.41.230,200.107.60.48,200.11.75.102,200.110.19.218,200.111.55.13,200.111.67.80,200.115.218.230,200.115.225.241,200.115.247.99,200.116.22.72,200.117.131.229,200.117.19.3,200.117.234.163,200.119.239.229,200.12.20.5,200.122.98.113,200.123.101.83,200.123.110.118,200.124.247.198,200.125.73.33,200.126.80.98,200.126.81.36,200.127.52.19,200.129.136.130,200.129.179.15,200.13.192.210,200.13.254.183,200.131.252.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (80)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510159; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.132.30.9,200.136.27.79,200.136.38.10,200.137.203.6,200.138.220.15,200.139.115.54,200.14.86.12,200.140.181.10,200.140.76.62,200.141.254.194,200.143.16.180,200.143.16.212,200.144.16.10,200.145.208.56,200.145.90.20,200.149.10.162,200.149.208.131,200.150.14.215,200.150.145.87,200.150.158.164,200.150.158.165,200.150.38.138,200.150.68.27,200.153.31.227,200.155.10.74,200.155.21.26,200.155.31.200,200.155.31.201,200.157.48.10,200.157.49.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (81)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510160; rev:2003; fwsam: src, 24 hours;)
alert udp [200.132.30.9,200.136.27.79,200.136.38.10,200.137.203.6,200.138.220.15,200.139.115.54,200.14.86.12,200.140.181.10,200.140.76.62,200.141.254.194,200.143.16.180,200.143.16.212,200.144.16.10,200.145.208.56,200.145.90.20,200.149.10.162,200.149.208.131,200.150.14.215,200.150.145.87,200.150.158.164,200.150.158.165,200.150.38.138,200.150.68.27,200.153.31.227,200.155.10.74,200.155.21.26,200.155.31.200,200.155.31.201,200.157.48.10,200.157.49.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (81)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510161; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.158.165.221,200.160.125.244,200.162.124.49,200.164.110.141,200.165.163.75,200.166.207.242,200.167.76.66,200.17.222.114,200.17.233.37,200.170.150.25,200.171.225.115,200.175.53.231,200.178.146.131,200.179.103.143,200.179.121.1,200.180.215.134,200.180.72.114,200.181.90.246,200.183.227.150,200.19.174.17,200.192.134.146,200.192.134.50,200.192.254.106,200.193.129.172,200.194.206.211,200.195.138.44,200.195.145.114,200.195.151.85,200.195.192.45,200.195.75.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (82)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510162; rev:2003; fwsam: src, 24 hours;)
alert udp [200.158.165.221,200.160.125.244,200.162.124.49,200.164.110.141,200.165.163.75,200.166.207.242,200.167.76.66,200.17.222.114,200.17.233.37,200.170.150.25,200.171.225.115,200.175.53.231,200.178.146.131,200.179.103.143,200.179.121.1,200.180.215.134,200.180.72.114,200.181.90.246,200.183.227.150,200.19.174.17,200.192.134.146,200.192.134.50,200.192.254.106,200.193.129.172,200.194.206.211,200.195.138.44,200.195.145.114,200.195.151.85,200.195.192.45,200.195.75.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (82)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510163; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.196.48.17,200.198.179.100,200.199.64.171,200.203.13.222,200.206.107.59,200.206.185.89,200.207.80.238,200.208.204.18,200.208.241.126,200.208.241.70,200.209.115.136,200.209.149.74,200.209.156.2,200.21.190.84,200.21.228.168,200.21.7.69,200.21.7.72,200.21.98.121,200.213.47.155,200.216.236.74,200.219.194.200,200.220.199.8,200.225.216.90,200.231.59.9,200.234.197.76,200.235.146.26,200.24.102.242,200.24.196.30,200.24.221.83,200.241.61.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (83)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510164; rev:2003; fwsam: src, 24 hours;)
alert udp [200.196.48.17,200.198.179.100,200.199.64.171,200.203.13.222,200.206.107.59,200.206.185.89,200.207.80.238,200.208.204.18,200.208.241.126,200.208.241.70,200.209.115.136,200.209.149.74,200.209.156.2,200.21.190.84,200.21.228.168,200.21.7.69,200.21.7.72,200.21.98.121,200.213.47.155,200.216.236.74,200.219.194.200,200.220.199.8,200.225.216.90,200.231.59.9,200.234.197.76,200.235.146.26,200.24.102.242,200.24.196.30,200.24.221.83,200.241.61.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (83)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510165; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.242.107.66,200.242.162.147,200.242.94.133,200.250.147.10,200.251.140.2,200.251.180.34,200.251.56.195,200.253.153.44,200.253.155.72,200.27.104.118,200.27.107.14,200.27.108.155,200.27.203.50,200.27.204.66,200.27.57.10,200.29.104.42,200.29.131.44,200.29.147.34,200.29.147.60,200.29.183.124,200.29.23.98,200.30.189.194,200.30.68.70,200.31.42.3,200.34.142.12,200.35.163.186,200.35.163.197,200.35.86.229,200.36.249.23,200.36.53.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (84)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510166; rev:2003; fwsam: src, 24 hours;)
alert udp [200.242.107.66,200.242.162.147,200.242.94.133,200.250.147.10,200.251.140.2,200.251.180.34,200.251.56.195,200.253.153.44,200.253.155.72,200.27.104.118,200.27.107.14,200.27.108.155,200.27.203.50,200.27.204.66,200.27.57.10,200.29.104.42,200.29.131.44,200.29.147.34,200.29.147.60,200.29.183.124,200.29.23.98,200.30.189.194,200.30.68.70,200.31.42.3,200.34.142.12,200.35.163.186,200.35.163.197,200.35.86.229,200.36.249.23,200.36.53.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (84)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510167; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.37.250.35,200.38.69.244,200.40.191.194,200.40.212.6,200.40.82.54,200.41.228.162,200.42.138.162,200.42.211.7,200.45.103.248,200.5.242.33,200.50.100.46,200.50.45.139,200.54.155.138,200.54.180.242,200.54.77.163,200.55.198.67,200.55.198.68,200.55.208.103,200.55.58.242,200.58.199.238,200.59.147.142,200.6.162.31,200.6.189.118,200.6.193.67,200.6.20.178,200.60.240.95,200.60.93.3,200.61.42.145,200.61.62.27,200.63.98.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (85)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510168; rev:2003; fwsam: src, 24 hours;)
alert udp [200.37.250.35,200.38.69.244,200.40.191.194,200.40.212.6,200.40.82.54,200.41.228.162,200.42.138.162,200.42.211.7,200.45.103.248,200.5.242.33,200.50.100.46,200.50.45.139,200.54.155.138,200.54.180.242,200.54.77.163,200.55.198.67,200.55.198.68,200.55.208.103,200.55.58.242,200.58.199.238,200.59.147.142,200.6.162.31,200.6.189.118,200.6.193.67,200.6.20.178,200.60.240.95,200.60.93.3,200.61.42.145,200.61.62.27,200.63.98.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (85)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510169; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.68.46.106,200.68.5.94,200.68.69.97,200.68.91.137,200.69.103.60,200.69.114.190,200.69.142.43,200.7.170.250,200.71.191.4,200.71.240.2,200.72.1.94,200.72.252.242,200.72.34.114,200.73.229.226,200.73.4.179,200.73.4.180,200.73.83.184,200.74.216.118,200.74.221.11,200.74.222.115,200.74.242.77,200.74.244.94,200.75.23.69,200.75.250.117,200.77.234.183,200.79.231.100,200.79.231.130,200.8.96.79,200.80.178.18,200.81.204.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (86)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510170; rev:2003; fwsam: src, 24 hours;)
alert udp [200.68.46.106,200.68.5.94,200.68.69.97,200.68.91.137,200.69.103.60,200.69.114.190,200.69.142.43,200.7.170.250,200.71.191.4,200.71.240.2,200.72.1.94,200.72.252.242,200.72.34.114,200.73.229.226,200.73.4.179,200.73.4.180,200.73.83.184,200.74.216.118,200.74.221.11,200.74.222.115,200.74.242.77,200.74.244.94,200.75.23.69,200.75.250.117,200.77.234.183,200.79.231.100,200.79.231.130,200.8.96.79,200.80.178.18,200.81.204.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (86)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510171; rev:2003; fwsam: src, 24 hours;)
alert tcp [200.83.124.211,200.83.235.38,200.85.69.70,200.88.114.181,200.89.54.206,200.91.28.133,200.91.76.122,200.93.133.105,200.93.147.19,200.93.192.171,200.93.229.194,200.94.64.134,200.96.89.210,200.99.122.66,200.99.5.66,201.0.181.20,201.0.181.240,201.10.143.219,201.10.183.111,201.116.227.202,201.116.242.2,201.116.47.66,201.116.71.243,201.12.119.26,201.12.151.38,201.12.28.4,201.12.70.80,201.120.73.244,201.13.172.188,201.13.179.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (87)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510172; rev:2003; fwsam: src, 24 hours;)
alert udp [200.83.124.211,200.83.235.38,200.85.69.70,200.88.114.181,200.89.54.206,200.91.28.133,200.91.76.122,200.93.133.105,200.93.147.19,200.93.192.171,200.93.229.194,200.94.64.134,200.96.89.210,200.99.122.66,200.99.5.66,201.0.181.20,201.0.181.240,201.10.143.219,201.10.183.111,201.116.227.202,201.116.242.2,201.116.47.66,201.116.71.243,201.12.119.26,201.12.151.38,201.12.28.4,201.12.70.80,201.120.73.244,201.13.172.188,201.13.179.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (87)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510173; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.13.182.221,201.13.201.44,201.13.206.63,201.13.33.109,201.13.63.161,201.13.96.237,201.130.143.155,201.137.0.113,201.14.144.45,201.144.117.98,201.144.254.14,201.149.10.205,201.15.62.241,201.155.195.39,201.155.199.135,201.158.74.152,201.16.228.107,201.16.64.14,201.160.131.37,201.160.216.68,201.160.250.97,201.160.94.241,201.160.94.62,201.161.9.118,201.163.145.204,201.166.2.84,201.166.53.126,201.166.60.222,201.167.64.54,201.17.52.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (88)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510174; rev:2003; fwsam: src, 24 hours;)
alert udp [201.13.182.221,201.13.201.44,201.13.206.63,201.13.33.109,201.13.63.161,201.13.96.237,201.130.143.155,201.137.0.113,201.14.144.45,201.144.117.98,201.144.254.14,201.149.10.205,201.15.62.241,201.155.195.39,201.155.199.135,201.158.74.152,201.16.228.107,201.16.64.14,201.160.131.37,201.160.216.68,201.160.250.97,201.160.94.241,201.160.94.62,201.161.9.118,201.163.145.204,201.166.2.84,201.166.53.126,201.166.60.222,201.167.64.54,201.17.52.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (88)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510175; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.172.169.141,201.174.65.39,201.19.119.48,201.193.206.93,201.20.1.9,201.20.19.222,201.20.22.138,201.204.122.181,201.21.1.194,201.21.111.96,201.212.134.153,201.212.40.224,201.213.138.186,201.213.221.125,201.213.24.8,201.214.8.68,201.215.186.120,201.217.214.51,201.217.28.86,201.217.51.181,201.218.247.54,201.218.4.162,201.218.5.5,201.218.7.186,201.219.10.133,201.219.132.2,201.219.3.225,201.219.62.229,201.22.7.237,201.22.74.112] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (89)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510176; rev:2003; fwsam: src, 24 hours;)
alert udp [201.172.169.141,201.174.65.39,201.19.119.48,201.193.206.93,201.20.1.9,201.20.19.222,201.20.22.138,201.204.122.181,201.21.1.194,201.21.111.96,201.212.134.153,201.212.40.224,201.213.138.186,201.213.221.125,201.213.24.8,201.214.8.68,201.215.186.120,201.217.214.51,201.217.28.86,201.217.51.181,201.218.247.54,201.218.4.162,201.218.5.5,201.218.7.186,201.219.10.133,201.219.132.2,201.219.3.225,201.219.62.229,201.22.7.237,201.22.74.112] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (89)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510177; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.222.146.97,201.222.205.129,201.223.201.4,201.223.212.78,201.223.218.68,201.223.221.44,201.223.9.54,201.225.20.244,201.225.226.68,201.227.100.138,201.227.64.53,201.229.205.254,201.23.79.162,201.230.107.115,201.230.98.131,201.231.111.60,201.232.179.44,201.232.56.52,201.232.91.36,201.232.98.213,201.233.205.23,201.234.124.100,201.234.179.118,201.236.221.70,201.236.223.37,201.238.138.133,201.238.198.110,201.238.212.197,201.238.214.203,201.238.221.94] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (90)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510178; rev:2003; fwsam: src, 24 hours;)
alert udp [201.222.146.97,201.222.205.129,201.223.201.4,201.223.212.78,201.223.218.68,201.223.221.44,201.223.9.54,201.225.20.244,201.225.226.68,201.227.100.138,201.227.64.53,201.229.205.254,201.23.79.162,201.230.107.115,201.230.98.131,201.231.111.60,201.232.179.44,201.232.56.52,201.232.91.36,201.232.98.213,201.233.205.23,201.234.124.100,201.234.179.118,201.236.221.70,201.236.223.37,201.238.138.133,201.238.198.110,201.238.212.197,201.238.214.203,201.238.221.94] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (90)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510179; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.238.222.73,201.238.222.83,201.241.57.166,201.244.137.106,201.244.139.129,201.244.34.235,201.244.71.206,201.246.141.91,201.246.59.49,201.249.238.100,201.25.219.162,201.25.50.163,201.250.169.154,201.250.251.150,201.251.210.11,201.251.6.90,201.255.253.67,201.26.15.217,201.26.164.38,201.26.47.142,201.27.154.149,201.27.154.165,201.27.43.41,201.27.52.178,201.27.77.221,201.27.89.93,201.30.128.114,201.30.32.167,201.33.181.93,201.33.24.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (91)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510180; rev:2003; fwsam: src, 24 hours;)
alert udp [201.238.222.73,201.238.222.83,201.241.57.166,201.244.137.106,201.244.139.129,201.244.34.235,201.244.71.206,201.246.141.91,201.246.59.49,201.249.238.100,201.25.219.162,201.25.50.163,201.250.169.154,201.250.251.150,201.251.210.11,201.251.6.90,201.255.253.67,201.26.15.217,201.26.164.38,201.26.47.142,201.27.154.149,201.27.154.165,201.27.43.41,201.27.52.178,201.27.77.221,201.27.89.93,201.30.128.114,201.30.32.167,201.33.181.93,201.33.24.105] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (91)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510181; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.34.255.99,201.36.208.34,201.37.206.126,201.38.138.2,201.40.123.5,201.41.32.194,201.42.162.158,201.42.211.237,201.43.119.82,201.43.133.98,201.43.166.230,201.43.200.101,201.44.174.210,201.46.43.33,201.47.236.218,201.48.87.109,201.48.90.20,201.54.226.85,201.57.207.67,201.58.60.35,201.59.159.53,201.6.106.227,201.6.106.55,201.6.145.203,201.62.188.75,201.63.177.109,201.63.197.75,201.63.34.211,201.65.149.106,201.65.225.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (92)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510182; rev:2003; fwsam: src, 24 hours;)
alert udp [201.34.255.99,201.36.208.34,201.37.206.126,201.38.138.2,201.40.123.5,201.41.32.194,201.42.162.158,201.42.211.237,201.43.119.82,201.43.133.98,201.43.166.230,201.43.200.101,201.44.174.210,201.46.43.33,201.47.236.218,201.48.87.109,201.48.90.20,201.54.226.85,201.57.207.67,201.58.60.35,201.59.159.53,201.6.106.227,201.6.106.55,201.6.145.203,201.62.188.75,201.63.177.109,201.63.197.75,201.63.34.211,201.65.149.106,201.65.225.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (92)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510183; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.68.110.116,201.68.127.225,201.68.142.89,201.68.161.96,201.68.168.180,201.68.170.92,201.68.173.100,201.68.212.124,201.68.230.158,201.68.36.76,201.68.48.197,201.68.52.52,201.68.67.23,201.68.95.210,201.71.131.4,201.71.49.10,201.72.78.10,201.73.187.100,201.76.133.110,201.76.180.102,201.76.22.124,201.77.76.108,201.80.91.15,201.86.212.189,201.87.129.22,201.90.236.2,201.92.10.196,201.92.215.230,201.92.235.65,201.92.238.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (93)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510184; rev:2003; fwsam: src, 24 hours;)
alert udp [201.68.110.116,201.68.127.225,201.68.142.89,201.68.161.96,201.68.168.180,201.68.170.92,201.68.173.100,201.68.212.124,201.68.230.158,201.68.36.76,201.68.48.197,201.68.52.52,201.68.67.23,201.68.95.210,201.71.131.4,201.71.49.10,201.72.78.10,201.73.187.100,201.76.133.110,201.76.180.102,201.76.22.124,201.77.76.108,201.80.91.15,201.86.212.189,201.87.129.22,201.90.236.2,201.92.10.196,201.92.215.230,201.92.235.65,201.92.238.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (93)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510185; rev:2003; fwsam: src, 24 hours;)
alert tcp [201.92.68.3,201.92.79.122,201.93.158.222,201.93.197.246,201.93.209.248,201.95.187.72,201.95.19.28,201.95.28.82,201.95.70.253,201.95.70.42,201.95.8.123,201.95.82.58,201.95.92.156,202.100.108.25,202.101.114.10,202.101.116.67,202.101.36.65,202.101.71.22,202.102.108.11,202.102.108.42,202.102.233.29,202.102.95.211,202.103.168.113,202.106.184.130,202.106.185.227,202.107.228.137,202.107.228.179,202.107.233.163,202.107.248.167,202.108.100.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (94)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510186; rev:2003; fwsam: src, 24 hours;)
alert udp [201.92.68.3,201.92.79.122,201.93.158.222,201.93.197.246,201.93.209.248,201.95.187.72,201.95.19.28,201.95.28.82,201.95.70.253,201.95.70.42,201.95.8.123,201.95.82.58,201.95.92.156,202.100.108.25,202.101.114.10,202.101.116.67,202.101.36.65,202.101.71.22,202.102.108.11,202.102.108.42,202.102.233.29,202.102.95.211,202.103.168.113,202.106.184.130,202.106.185.227,202.107.228.137,202.107.228.179,202.107.233.163,202.107.248.167,202.108.100.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (94)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510187; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.108.25.12,202.108.39.160,202.108.49.89,202.109.114.173,202.109.242.18,202.109.244.124,202.111.175.176,202.116.225.45,202.117.10.254,202.117.3.30,202.120.126.33,202.120.126.34,202.120.143.135,202.123.240.14,202.124.243.154,202.125.44.214,202.126.44.15,202.126.44.9,202.127.19.207,202.127.28.212,202.129.196.60,202.129.32.167,202.129.46.188,202.130.68.18,202.131.64.122,202.133.243.101,202.133.250.203,202.134.0.11,202.137.21.100,202.137.26.114] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (95)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510188; rev:2003; fwsam: src, 24 hours;)
alert udp [202.108.25.12,202.108.39.160,202.108.49.89,202.109.114.173,202.109.242.18,202.109.244.124,202.111.175.176,202.116.225.45,202.117.10.254,202.117.3.30,202.120.126.33,202.120.126.34,202.120.143.135,202.123.240.14,202.124.243.154,202.125.44.214,202.126.44.15,202.126.44.9,202.127.19.207,202.127.28.212,202.129.196.60,202.129.32.167,202.129.46.188,202.130.68.18,202.131.64.122,202.133.243.101,202.133.250.203,202.134.0.11,202.137.21.100,202.137.26.114] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (95)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510189; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.137.7.4,202.138.139.165,202.141.128.119,202.141.148.99,202.143.148.162,202.143.150.11,202.143.161.243,202.143.164.43,202.143.72.162,202.146.16.230,202.149.225.245,202.152.15.199,202.153.189.178,202.153.232.84,202.153.39.73,202.153.43.146,202.155.196.101,202.155.39.70,202.157.182.41,202.157.4.223,202.159.18.194,202.160.120.195,202.162.204.46,202.162.214.106,202.162.220.53,202.163.170.148,202.163.187.41,202.163.72.106,202.169.196.194,202.169.39.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (96)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510190; rev:2003; fwsam: src, 24 hours;)
alert udp [202.137.7.4,202.138.139.165,202.141.128.119,202.141.148.99,202.143.148.162,202.143.150.11,202.143.161.243,202.143.164.43,202.143.72.162,202.146.16.230,202.149.225.245,202.152.15.199,202.153.189.178,202.153.232.84,202.153.39.73,202.153.43.146,202.155.196.101,202.155.39.70,202.157.182.41,202.157.4.223,202.159.18.194,202.160.120.195,202.162.204.46,202.162.214.106,202.162.220.53,202.163.170.148,202.163.187.41,202.163.72.106,202.169.196.194,202.169.39.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (96)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510191; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.169.76.237,202.170.67.34,202.171.132.146,202.171.135.5,202.171.136.148,202.171.159.19,202.171.65.76,202.172.112.252,202.172.18.120,202.174.106.3,202.177.16.226,202.177.204.11,202.177.25.178,202.177.27.33,202.181.164.194,202.181.164.201,202.181.164.213,202.181.171.2,202.181.176.133,202.181.232.182,202.182.61.30,202.183.164.87,202.183.167.247,202.183.233.75,202.183.234.230,202.185.8.4,202.186.13.251,202.186.96.122,202.186.96.139,202.187.239.208] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (97)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510192; rev:2003; fwsam: src, 24 hours;)
alert udp [202.169.76.237,202.170.67.34,202.171.132.146,202.171.135.5,202.171.136.148,202.171.159.19,202.171.65.76,202.172.112.252,202.172.18.120,202.174.106.3,202.177.16.226,202.177.204.11,202.177.25.178,202.177.27.33,202.181.164.194,202.181.164.201,202.181.164.213,202.181.171.2,202.181.176.133,202.181.232.182,202.182.61.30,202.183.164.87,202.183.167.247,202.183.233.75,202.183.234.230,202.185.8.4,202.186.13.251,202.186.96.122,202.186.96.139,202.187.239.208] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (97)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510193; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.188.101.221,202.190.180.133,202.190.180.135,202.190.180.137,202.190.180.141,202.194.15.192,202.196.160.16,202.197.54.120,202.201.14.232,202.201.14.252,202.207.192.110,202.208.196.151,202.210.132.55,202.212.80.62,202.213.156.232,202.218.147.35,202.218.214.110,202.218.236.217,202.22.232.137,202.225.50.64,202.229.236.57,202.229.237.90,202.231.34.214,202.232.69.21,202.238.97.4,202.27.83.134,202.28.17.3,202.3.217.125,202.31.224.74,202.33.155.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (98)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510194; rev:2003; fwsam: src, 24 hours;)
alert udp [202.188.101.221,202.190.180.133,202.190.180.135,202.190.180.137,202.190.180.141,202.194.15.192,202.196.160.16,202.197.54.120,202.201.14.232,202.201.14.252,202.207.192.110,202.208.196.151,202.210.132.55,202.212.80.62,202.213.156.232,202.218.147.35,202.218.214.110,202.218.236.217,202.22.232.137,202.225.50.64,202.229.236.57,202.229.237.90,202.231.34.214,202.232.69.21,202.238.97.4,202.27.83.134,202.28.17.3,202.3.217.125,202.31.224.74,202.33.155.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (98)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510195; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.39.237.178,202.39.244.244,202.4.112.106,202.40.202.159,202.43.177.78,202.43.35.12,202.44.73.18,202.47.224.134,202.53.224.253,202.53.249.243,202.54.158.57,202.54.61.99,202.57.162.130,202.57.42.162,202.59.32.5,202.6.233.22,202.60.56.87,202.60.90.198,202.61.27.219,202.63.106.190,202.63.129.108,202.63.138.38,202.63.96.22,202.64.155.152,202.64.191.221,202.64.21.118,202.64.32.70,202.65.156.36,202.65.195.147,202.65.206.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (99)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510196; rev:2003; fwsam: src, 24 hours;)
alert udp [202.39.237.178,202.39.244.244,202.4.112.106,202.40.202.159,202.43.177.78,202.43.35.12,202.44.73.18,202.47.224.134,202.53.224.253,202.53.249.243,202.54.158.57,202.54.61.99,202.57.162.130,202.57.42.162,202.59.32.5,202.6.233.22,202.60.56.87,202.60.90.198,202.61.27.219,202.63.106.190,202.63.129.108,202.63.138.38,202.63.96.22,202.64.155.152,202.64.191.221,202.64.21.118,202.64.32.70,202.65.156.36,202.65.195.147,202.65.206.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (99)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510197; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.65.207.91,202.65.211.171,202.65.212.54,202.67.138.75,202.68.160.5,202.69.15.126,202.70.136.97,202.70.36.242,202.71.136.151,202.71.251.46,202.75.232.89,202.75.6.75,202.75.63.50,202.76.158.24,202.76.232.69,202.78.201.242,202.78.217.110,202.78.230.44,202.79.202.134,202.79.217.218,202.82.43.74,202.85.159.235,202.85.222.196,202.85.227.251,202.85.233.141,202.86.49.2,202.87.33.200,202.88.238.170,202.88.32.77,202.9.101.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (100)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510198; rev:2003; fwsam: src, 24 hours;)
alert udp [202.65.207.91,202.65.211.171,202.65.212.54,202.67.138.75,202.68.160.5,202.69.15.126,202.70.136.97,202.70.36.242,202.71.136.151,202.71.251.46,202.75.232.89,202.75.6.75,202.75.63.50,202.76.158.24,202.76.232.69,202.78.201.242,202.78.217.110,202.78.230.44,202.79.202.134,202.79.217.218,202.82.43.74,202.85.159.235,202.85.222.196,202.85.227.251,202.85.233.141,202.86.49.2,202.87.33.200,202.88.238.170,202.88.32.77,202.9.101.88] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (100)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510199; rev:2003; fwsam: src, 24 hours;)
alert tcp [202.90.158.63,202.96.1.26,202.96.155.72,202.96.199.150,202.98.25.58,202.98.29.234,202.99.172.179,202.99.29.27,202.99.63.4,202.99.82.69,203.101.103.227,203.105.3.85,203.105.3.92,203.105.32.131,203.110.245.250,203.110.81.13,203.113.122.74,203.113.130.203,203.114.102.4,203.114.104.106,203.114.130.56,203.114.219.209,203.114.227.94,203.121.145.38,203.123.189.44,203.124.179.193,203.125.100.237,203.126.53.110,203.128.89.14,203.129.203.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (101)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510200; rev:2003; fwsam: src, 24 hours;)
alert udp [202.90.158.63,202.96.1.26,202.96.155.72,202.96.199.150,202.98.25.58,202.98.29.234,202.99.172.179,202.99.29.27,202.99.63.4,202.99.82.69,203.101.103.227,203.105.3.85,203.105.3.92,203.105.32.131,203.110.245.250,203.110.81.13,203.113.122.74,203.113.130.203,203.114.102.4,203.114.104.106,203.114.130.56,203.114.219.209,203.114.227.94,203.121.145.38,203.123.189.44,203.124.179.193,203.125.100.237,203.126.53.110,203.128.89.14,203.129.203.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (101)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510201; rev:2003; fwsam: src, 24 hours;)
alert tcp [203.129.33.9,203.130.205.73,203.130.242.207,203.131.233.155,203.138.232.157,203.140.215.115,203.141.130.106,203.141.137.25,203.141.142.203,203.141.159.203,203.142.24.145,203.142.65.115,203.142.65.118,203.143.119.196,203.145.207.174,203.146.127.176,203.146.179.155,203.146.215.183,203.146.237.123,203.147.4.68,203.150.221.135,203.150.225.30,203.150.228.183,203.150.228.51,203.150.231.42,203.151.217.155,203.152.192.178,203.154.185.11,203.156.246.228,203.157.177.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (102)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510202; rev:2003; fwsam: src, 24 hours;)
alert udp [203.129.33.9,203.130.205.73,203.130.242.207,203.131.233.155,203.138.232.157,203.140.215.115,203.141.130.106,203.141.137.25,203.141.142.203,203.141.159.203,203.142.24.145,203.142.65.115,203.142.65.118,203.143.119.196,203.145.207.174,203.146.127.176,203.146.179.155,203.146.215.183,203.146.237.123,203.147.4.68,203.150.221.135,203.150.225.30,203.150.228.183,203.150.228.51,203.150.231.42,203.151.217.155,203.152.192.178,203.154.185.11,203.156.246.228,203.157.177.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (102)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510203; rev:2003; fwsam: src, 24 hours;)
alert tcp [203.160.250.91,203.160.56.150,203.162.35.103,203.165.32.201,203.171.239.121,203.171.30.106,203.172.165.68,203.172.178.135,203.172.204.252,203.172.249.112,203.174.34.21,203.175.18.113,203.177.89.210,203.183.227.184,203.183.65.185,203.185.50.59,203.187.197.81,203.187.199.126,203.187.208.51,203.187.211.120,203.187.254.66,203.188.255.85,203.194.98.213,203.197.118.95,203.197.126.118,203.198.129.106,203.199.200.86,203.200.166.34,203.206.233.211,203.208.66.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (103)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510204; rev:2003; fwsam: src, 24 hours;)
alert udp [203.160.250.91,203.160.56.150,203.162.35.103,203.165.32.201,203.171.239.121,203.171.30.106,203.172.165.68,203.172.178.135,203.172.204.252,203.172.249.112,203.174.34.21,203.175.18.113,203.177.89.210,203.183.227.184,203.183.65.185,203.185.50.59,203.187.197.81,203.187.199.126,203.187.208.51,203.187.211.120,203.187.254.66,203.188.255.85,203.194.98.213,203.197.118.95,203.197.126.118,203.198.129.106,203.199.200.86,203.200.166.34,203.206.233.211,203.208.66.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (103)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510205; rev:2003; fwsam: src, 24 hours;)
alert tcp [203.211.133.201,203.211.45.142,203.217.144.10,203.217.177.4,203.221.216.190,203.223.131.29,203.223.137.102,203.223.188.152,203.223.32.108,203.229.177.59,203.229.231.153,203.230.9.197,203.231.35.40,203.234.220.187,203.234.75.14,203.235.212.154,203.236.210.210,203.237.66.71,203.240.203.30,203.246.44.35,203.247.177.126,203.248.156.165,203.249.66.138,203.250.140.87,203.250.57.28,203.251.190.135,203.254.170.81,203.254.50.7,203.37.44.130,203.5.69.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (104)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510206; rev:2003; fwsam: src, 24 hours;)
alert udp [203.211.133.201,203.211.45.142,203.217.144.10,203.217.177.4,203.221.216.190,203.223.131.29,203.223.137.102,203.223.188.152,203.223.32.108,203.229.177.59,203.229.231.153,203.230.9.197,203.231.35.40,203.234.220.187,203.234.75.14,203.235.212.154,203.236.210.210,203.237.66.71,203.240.203.30,203.246.44.35,203.247.177.126,203.248.156.165,203.249.66.138,203.250.140.87,203.250.57.28,203.251.190.135,203.254.170.81,203.254.50.7,203.37.44.130,203.5.69.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (104)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510207; rev:2003; fwsam: src, 24 hours;)
alert tcp [203.59.141.228,203.64.208.172,203.64.208.173,203.64.208.174,203.64.208.175,203.68.102.118,203.68.183.73,203.70.146.109,203.70.177.32,203.70.38.114,203.71.88.187,203.72.226.78,203.73.76.253,203.75.105.6,203.75.55.135,203.76.98.22,203.79.125.143,203.79.232.35,203.80.162.221,203.81.81.36,203.82.208.173,203.83.112.215,203.84.234.234,203.86.41.25,203.86.89.130,203.88.141.163,203.92.64.207,203.98.116.54,203.98.181.132,203.98.84.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (105)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510208; rev:2003; fwsam: src, 24 hours;)
alert udp [203.59.141.228,203.64.208.172,203.64.208.173,203.64.208.174,203.64.208.175,203.68.102.118,203.68.183.73,203.70.146.109,203.70.177.32,203.70.38.114,203.71.88.187,203.72.226.78,203.73.76.253,203.75.105.6,203.75.55.135,203.76.98.22,203.79.125.143,203.79.232.35,203.80.162.221,203.81.81.36,203.82.208.173,203.83.112.215,203.84.234.234,203.86.41.25,203.86.89.130,203.88.141.163,203.92.64.207,203.98.116.54,203.98.181.132,203.98.84.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (105)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510209; rev:2003; fwsam: src, 24 hours;)
alert tcp [204.108.14.127,204.112.158.139,204.12.250.34,204.13.101.60,204.14.0.163,204.14.93.53,204.146.162.62,204.152.194.34,204.152.218.194,204.186.26.126,204.19.134.18,204.232.131.163,204.232.194.89,204.232.202.231,204.238.82.17,204.244.123.8,204.27.52.115,204.51.98.46,204.80.91.4,204.89.131.220,204.92.123.118,205.134.252.251,205.151.201.110,205.178.189.129,205.189.49.48,205.215.177.216,205.234.243.220,205.242.219.108,206.105.213.16,206.107.220.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (106)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510210; rev:2003; fwsam: src, 24 hours;)
alert udp [204.108.14.127,204.112.158.139,204.12.250.34,204.13.101.60,204.14.0.163,204.14.93.53,204.146.162.62,204.152.194.34,204.152.218.194,204.186.26.126,204.19.134.18,204.232.131.163,204.232.194.89,204.232.202.231,204.238.82.17,204.244.123.8,204.27.52.115,204.51.98.46,204.80.91.4,204.89.131.220,204.92.123.118,205.134.252.251,205.151.201.110,205.178.189.129,205.189.49.48,205.215.177.216,205.234.243.220,205.242.219.108,206.105.213.16,206.107.220.92] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (106)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510211; rev:2003; fwsam: src, 24 hours;)
alert tcp [206.123.115.55,206.123.72.87,206.125.46.134,206.161.193.98,206.173.123.172,206.180.233.11,206.181.87.206,206.217.198.150,206.225.11.2,206.225.20.122,206.225.20.18,206.225.20.50,206.225.20.58,206.225.20.66,206.225.20.74,206.225.20.90,206.225.20.98,206.225.21.18,206.225.21.50,206.225.21.98,206.225.22.66,206.225.23.7,206.248.137.158,206.248.167.218,206.41.245.9,206.41.91.145,206.51.232.210,206.71.166.57,206.71.87.112,206.74.118.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (107)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510212; rev:2003; fwsam: src, 24 hours;)
alert udp [206.123.115.55,206.123.72.87,206.125.46.134,206.161.193.98,206.173.123.172,206.180.233.11,206.181.87.206,206.217.198.150,206.225.11.2,206.225.20.122,206.225.20.18,206.225.20.50,206.225.20.58,206.225.20.66,206.225.20.74,206.225.20.90,206.225.20.98,206.225.21.18,206.225.21.50,206.225.21.98,206.225.22.66,206.225.23.7,206.248.137.158,206.248.167.218,206.41.245.9,206.41.91.145,206.51.232.210,206.71.166.57,206.71.87.112,206.74.118.63] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (107)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510213; rev:2003; fwsam: src, 24 hours;)
alert tcp [206.82.192.203,207.112.121.224,207.118.4.221,207.126.167.55,207.136.202.67,207.171.4.23,207.179.103.60,207.182.140.197,207.182.98.11,207.189.231.12,207.191.191.21,207.210.101.27,207.210.83.143,207.210.83.178,207.211.11.105,207.211.75.102,207.211.75.111,207.241.240.41,207.248.228.226,207.35.172.214,207.47.9.4,207.47.96.254,207.55.247.216,207.58.132.114,207.58.177.96,207.6.56.185,207.61.241.100,207.70.158.87,207.71.245.2,208.100.3.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (108)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510214; rev:2003; fwsam: src, 24 hours;)
alert udp [206.82.192.203,207.112.121.224,207.118.4.221,207.126.167.55,207.136.202.67,207.171.4.23,207.179.103.60,207.182.140.197,207.182.98.11,207.189.231.12,207.191.191.21,207.210.101.27,207.210.83.143,207.210.83.178,207.211.11.105,207.211.75.102,207.211.75.111,207.241.240.41,207.248.228.226,207.35.172.214,207.47.9.4,207.47.96.254,207.55.247.216,207.58.132.114,207.58.177.96,207.6.56.185,207.61.241.100,207.70.158.87,207.71.245.2,208.100.3.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (108)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510215; rev:2003; fwsam: src, 24 hours;)
alert tcp [208.100.31.49,208.101.19.98,208.101.9.140,208.110.72.86,208.110.86.246,208.111.39.248,208.113.57.2,208.166.49.194,208.167.229.147,208.17.74.32,208.176.108.155,208.176.232.85,208.177.147.54,208.187.31.122,208.190.30.77,208.254.21.242,208.34.209.240,208.34.84.168,208.4.181.28,208.4.181.30,208.4.80.37,208.42.179.91,208.43.130.232,208.43.255.10,208.64.31.83,208.66.225.50,208.66.43.19,208.67.252.82,208.70.186.150,208.71.129.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (109)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510216; rev:2003; fwsam: src, 24 hours;)
alert udp [208.100.31.49,208.101.19.98,208.101.9.140,208.110.72.86,208.110.86.246,208.111.39.248,208.113.57.2,208.166.49.194,208.167.229.147,208.17.74.32,208.176.108.155,208.176.232.85,208.177.147.54,208.187.31.122,208.190.30.77,208.254.21.242,208.34.209.240,208.34.84.168,208.4.181.28,208.4.181.30,208.4.80.37,208.42.179.91,208.43.130.232,208.43.255.10,208.64.31.83,208.66.225.50,208.66.43.19,208.67.252.82,208.70.186.150,208.71.129.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (109)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510217; rev:2003; fwsam: src, 24 hours;)
alert tcp [208.71.169.136,208.71.199.71,208.71.89.218,208.73.210.28,208.73.36.18,208.74.160.105,208.74.79.100,208.75.87.48,208.77.80.4,208.78.242.184,208.80.80.250,208.81.124.3,208.82.108.36,208.82.117.89,208.83.124.80,208.83.223.74,208.84.146.88,208.85.4.194,208.86.248.132,208.86.252.15,208.87.1.213,208.87.24.155,208.87.24.158,208.87.24.185,208.87.79.209,208.88.8.209,208.90.176.86,208.92.234.23,208.96.213.149,209.117.137.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (110)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510218; rev:2003; fwsam: src, 24 hours;)
alert udp [208.71.169.136,208.71.199.71,208.71.89.218,208.73.210.28,208.73.36.18,208.74.160.105,208.74.79.100,208.75.87.48,208.77.80.4,208.78.242.184,208.80.80.250,208.81.124.3,208.82.108.36,208.82.117.89,208.83.124.80,208.83.223.74,208.84.146.88,208.85.4.194,208.86.248.132,208.86.252.15,208.87.1.213,208.87.24.155,208.87.24.158,208.87.24.185,208.87.79.209,208.88.8.209,208.90.176.86,208.92.234.23,208.96.213.149,209.117.137.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (110)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510219; rev:2003; fwsam: src, 24 hours;)
alert tcp [209.123.128.10,209.124.47.27,209.124.50.16,209.134.141.36,209.160.33.15,209.160.40.231,209.160.64.19,209.165.147.53,209.167.43.79,209.169.158.245,209.169.158.246,209.172.34.177,209.172.55.186,209.172.59.131,209.177.229.74,209.19.170.100,209.190.73.87,209.190.93.114,209.200.240.78,209.205.64.112,209.206.227.238,209.210.239.8,209.211.7.1,209.216.203.192,209.216.8.220,209.23.122.243,209.237.226.14,209.241.232.100,209.251.35.176,209.40.205.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (111)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510220; rev:2003; fwsam: src, 24 hours;)
alert udp [209.123.128.10,209.124.47.27,209.124.50.16,209.134.141.36,209.160.33.15,209.160.40.231,209.160.64.19,209.165.147.53,209.167.43.79,209.169.158.245,209.169.158.246,209.172.34.177,209.172.55.186,209.172.59.131,209.177.229.74,209.19.170.100,209.190.73.87,209.190.93.114,209.200.240.78,209.205.64.112,209.206.227.238,209.210.239.8,209.211.7.1,209.216.203.192,209.216.8.220,209.23.122.243,209.237.226.14,209.241.232.100,209.251.35.176,209.40.205.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (111)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510221; rev:2003; fwsam: src, 24 hours;)
alert tcp [209.45.40.174,209.51.154.50,209.51.195.117,209.58.253.220,209.59.178.53,209.59.216.180,209.62.91.98,209.90.108.2,210.0.201.114,210.0.210.19,210.1.31.83,210.105.102.98,210.107.197.151,210.114.174.50,210.115.47.189,210.116.103.118,210.118.74.155,210.127.209.41,210.127.253.13,210.13.73.30,210.131.96.105,210.135.84.186,210.146.20.42,210.15.238.82,210.155.157.227,210.17.16.105,210.17.246.30,210.171.29.144,210.171.29.78,210.172.0.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (112)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510222; rev:2003; fwsam: src, 24 hours;)
alert udp [209.45.40.174,209.51.154.50,209.51.195.117,209.58.253.220,209.59.178.53,209.59.216.180,209.62.91.98,209.90.108.2,210.0.201.114,210.0.210.19,210.1.31.83,210.105.102.98,210.107.197.151,210.114.174.50,210.115.47.189,210.116.103.118,210.118.74.155,210.127.209.41,210.127.253.13,210.13.73.30,210.131.96.105,210.135.84.186,210.146.20.42,210.15.238.82,210.155.157.227,210.17.16.105,210.17.246.30,210.171.29.144,210.171.29.78,210.172.0.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (112)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510223; rev:2003; fwsam: src, 24 hours;)
alert tcp [210.174.175.84,210.174.30.209,210.177.57.38,210.187.51.36,210.187.51.38,210.187.51.56,210.188.206.40,210.188.216.91,210.188.236.41,210.188.25.16,210.189.77.55,210.19.202.202,210.194.238.176,210.197.70.164,210.202.206.8,210.202.34.161,210.203.194.156,210.204.32.2,210.205.6.116,210.207.102.149,210.21.220.84,210.21.221.156,210.211.98.57,210.212.168.161,210.212.216.228,210.213.241.18,210.217.3.66,210.219.173.211,210.22.13.45,210.22.188.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (113)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510224; rev:2003; fwsam: src, 24 hours;)
alert udp [210.174.175.84,210.174.30.209,210.177.57.38,210.187.51.36,210.187.51.38,210.187.51.56,210.188.206.40,210.188.216.91,210.188.236.41,210.188.25.16,210.189.77.55,210.19.202.202,210.194.238.176,210.197.70.164,210.202.206.8,210.202.34.161,210.203.194.156,210.204.32.2,210.205.6.116,210.207.102.149,210.21.220.84,210.21.221.156,210.211.98.57,210.212.168.161,210.212.216.228,210.213.241.18,210.217.3.66,210.219.173.211,210.22.13.45,210.22.188.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (113)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510225; rev:2003; fwsam: src, 24 hours;)
alert tcp [210.225.214.30,210.229.138.244,210.230.186.229,210.233.69.234,210.233.71.116,210.236.94.241,210.240.125.5,210.240.134.144,210.240.188.115,210.240.38.138,210.240.43.2,210.242.193.30,210.245.84.3,210.251.177.171,210.26.48.33,210.27.80.28,210.4.125.176,210.48.149.26,210.5.184.212,210.5.42.233,210.5.43.240,210.50.189.221,210.51.166.225,210.51.17.222,210.51.174.96,210.51.180.212,210.51.184.105,210.51.187.193,210.51.47.167,210.51.48.209] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (114)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510226; rev:2003; fwsam: src, 24 hours;)
alert udp [210.225.214.30,210.229.138.244,210.230.186.229,210.233.69.234,210.233.71.116,210.236.94.241,210.240.125.5,210.240.134.144,210.240.188.115,210.240.38.138,210.240.43.2,210.242.193.30,210.245.84.3,210.251.177.171,210.26.48.33,210.27.80.28,210.4.125.176,210.48.149.26,210.5.184.212,210.5.42.233,210.5.43.240,210.50.189.221,210.51.166.225,210.51.17.222,210.51.174.96,210.51.180.212,210.51.184.105,210.51.187.193,210.51.47.167,210.51.48.209] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (114)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510227; rev:2003; fwsam: src, 24 hours;)
alert tcp [210.51.54.140,210.51.57.252,210.57.210.2,210.58.101.232,210.59.110.170,210.59.186.238,210.60.107.12,210.60.63.28,210.66.37.245,210.68.243.46,210.70.118.8,210.70.118.9,210.70.162.20,210.75.215.5,210.91.8.104,211.10.131.190,211.100.30.157,211.100.61.233,211.103.244.179,211.106.104.3,211.106.179.2,211.107.42.233,211.109.103.121,211.109.179.47,211.110.60.3,211.115.111.119,211.115.125.130,211.116.156.118,211.123.211.230,211.124.93.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (115)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510228; rev:2003; fwsam: src, 24 hours;)
alert udp [210.51.54.140,210.51.57.252,210.57.210.2,210.58.101.232,210.59.110.170,210.59.186.238,210.60.107.12,210.60.63.28,210.66.37.245,210.68.243.46,210.70.118.8,210.70.118.9,210.70.162.20,210.75.215.5,210.91.8.104,211.10.131.190,211.100.30.157,211.100.61.233,211.103.244.179,211.106.104.3,211.106.179.2,211.107.42.233,211.109.103.121,211.109.179.47,211.110.60.3,211.115.111.119,211.115.125.130,211.116.156.118,211.123.211.230,211.124.93.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (115)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510229; rev:2003; fwsam: src, 24 hours;)
alert tcp [211.13.127.193,211.139.92.253,211.142.248.21,211.143.39.84,211.144.110.138,211.144.132.46,211.144.136.44,211.144.158.130,211.144.95.7,211.147.211.72,211.147.212.2,211.148.1.19,211.151.67.81,211.151.67.82,211.151.79.100,211.151.94.195,211.152.55.194,211.154.133.20,211.154.142.153,211.154.145.152,211.154.215.103,211.154.215.174,211.154.43.11,211.157.10.183,211.162.68.107,211.167.92.234,211.171.245.154,211.174.61.80,211.180.64.80,211.181.136.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (116)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510230; rev:2003; fwsam: src, 24 hours;)
alert udp [211.13.127.193,211.139.92.253,211.142.248.21,211.143.39.84,211.144.110.138,211.144.132.46,211.144.136.44,211.144.158.130,211.144.95.7,211.147.211.72,211.147.212.2,211.148.1.19,211.151.67.81,211.151.67.82,211.151.79.100,211.151.94.195,211.152.55.194,211.154.133.20,211.154.142.153,211.154.145.152,211.154.215.103,211.154.215.174,211.154.43.11,211.157.10.183,211.162.68.107,211.167.92.234,211.171.245.154,211.174.61.80,211.180.64.80,211.181.136.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (116)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510231; rev:2003; fwsam: src, 24 hours;)
alert tcp [211.191.168.107,211.191.168.223,211.191.168.25,211.191.181.14,211.196.91.53,211.20.132.10,211.20.227.195,211.20.87.171,211.206.120.177,211.206.125.175,211.21.205.5,211.210.38.112,211.210.38.94,211.214.161.158,211.215.19.229,211.220.146.217,211.220.195.185,211.223.140.23,211.227.76.253,211.232.125.166,211.233.38.86,211.233.39.196,211.233.66.45,211.234.119.3,211.234.119.56,211.234.119.8,211.234.122.134,211.235.245.121,211.236.174.172,211.237.38.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (117)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510232; rev:2003; fwsam: src, 24 hours;)
alert udp [211.191.168.107,211.191.168.223,211.191.168.25,211.191.181.14,211.196.91.53,211.20.132.10,211.20.227.195,211.20.87.171,211.206.120.177,211.206.125.175,211.21.205.5,211.210.38.112,211.210.38.94,211.214.161.158,211.215.19.229,211.220.146.217,211.220.195.185,211.223.140.23,211.227.76.253,211.232.125.166,211.233.38.86,211.233.39.196,211.233.66.45,211.234.119.3,211.234.119.56,211.234.119.8,211.234.122.134,211.235.245.121,211.236.174.172,211.237.38.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (117)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510233; rev:2003; fwsam: src, 24 hours;)
alert tcp [211.245.216.181,211.245.23.155,211.25.200.194,211.25.254.234,211.254.130.116,211.39.132.118,211.40.193.5,211.43.195.170,211.43.222.156,211.44.183.77,211.45.112.20,211.47.145.36,211.47.189.21,211.63.6.91,211.72.160.156,211.72.229.49,211.75.201.244,211.75.66.200,211.75.67.201,211.78.18.90,211.78.87.204,211.86.56.192,211.88.20.15,211.94.156.169,211.94.165.232,211.94.189.120,211.98.198.124,212.100.49.44,212.101.19.245,212.103.194.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (118)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510234; rev:2003; fwsam: src, 24 hours;)
alert udp [211.245.216.181,211.245.23.155,211.25.200.194,211.25.254.234,211.254.130.116,211.39.132.118,211.40.193.5,211.43.195.170,211.43.222.156,211.44.183.77,211.45.112.20,211.47.145.36,211.47.189.21,211.63.6.91,211.72.160.156,211.72.229.49,211.75.201.244,211.75.66.200,211.75.67.201,211.78.18.90,211.78.87.204,211.86.56.192,211.88.20.15,211.94.156.169,211.94.165.232,211.94.189.120,211.98.198.124,212.100.49.44,212.101.19.245,212.103.194.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (118)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510235; rev:2003; fwsam: src, 24 hours;)
alert tcp [212.107.137.34,212.111.208.2,212.112.114.130,212.115.192.198,212.117.165.219,212.117.174.163,212.117.180.52,212.117.187.10,212.117.9.82,212.12.2.28,212.122.222.13,212.124.175.131,212.126.218.242,212.128.144.98,212.13.195.55,212.130.47.205,212.142.104.137,212.144.118.131,212.146.68.64,212.150.123.120,212.150.176.98,212.152.111.117,212.154.211.207,212.156.65.78,212.156.70.146,212.158.162.5,212.166.231.96,212.166.63.125,212.174.252.40,212.174.253.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (119)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510236; rev:2003; fwsam: src, 24 hours;)
alert udp [212.107.137.34,212.111.208.2,212.112.114.130,212.115.192.198,212.117.165.219,212.117.174.163,212.117.180.52,212.117.187.10,212.117.9.82,212.12.2.28,212.122.222.13,212.124.175.131,212.126.218.242,212.128.144.98,212.13.195.55,212.130.47.205,212.142.104.137,212.144.118.131,212.146.68.64,212.150.123.120,212.150.176.98,212.152.111.117,212.154.211.207,212.156.65.78,212.156.70.146,212.158.162.5,212.166.231.96,212.166.63.125,212.174.252.40,212.174.253.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (119)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510237; rev:2003; fwsam: src, 24 hours;)
alert tcp [212.175.177.134,212.18.192.18,212.180.58.122,212.182.127.227,212.182.129.59,212.183.164.42,212.186.161.12,212.19.8.189,212.191.90.142,212.192.244.8,212.192.250.207,212.193.230.207,212.199.103.94,212.20.112.2,212.202.124.69,212.21.101.201,212.21.20.78,212.21.6.173,212.214.71.110,212.225.244.92,212.226.118.12,212.227.88.83,212.230.185.152,212.235.66.229,212.235.82.4,212.24.129.118,212.24.143.60,212.244.27.250,212.244.6.200,212.247.175.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (120)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510238; rev:2003; fwsam: src, 24 hours;)
alert udp [212.175.177.134,212.18.192.18,212.180.58.122,212.182.127.227,212.182.129.59,212.183.164.42,212.186.161.12,212.19.8.189,212.191.90.142,212.192.244.8,212.192.250.207,212.193.230.207,212.199.103.94,212.20.112.2,212.202.124.69,212.21.101.201,212.21.20.78,212.21.6.173,212.214.71.110,212.225.244.92,212.226.118.12,212.227.88.83,212.230.185.152,212.235.66.229,212.235.82.4,212.24.129.118,212.24.143.60,212.244.27.250,212.244.6.200,212.247.175.67] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (120)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510239; rev:2003; fwsam: src, 24 hours;)
alert tcp [212.248.18.58,212.25.72.185,212.251.139.217,212.251.177.57,212.252.32.68,212.252.32.69,212.252.32.71,212.28.152.66,212.33.27.26,212.33.72.201,212.33.76.120,212.34.136.33,212.34.138.143,212.34.138.192,212.36.11.13,212.41.1.154,212.43.245.234,212.45.53.176,212.46.128.9,212.51.216.98,212.52.41.252,212.59.58.3,212.60.66.203,212.61.228.162,212.62.112.140,212.69.195.210,212.69.197.78,212.69.209.232,212.73.128.138,212.73.54.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (121)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510240; rev:2003; fwsam: src, 24 hours;)
alert udp [212.248.18.58,212.25.72.185,212.251.139.217,212.251.177.57,212.252.32.68,212.252.32.69,212.252.32.71,212.28.152.66,212.33.27.26,212.33.72.201,212.33.76.120,212.34.136.33,212.34.138.143,212.34.138.192,212.36.11.13,212.41.1.154,212.43.245.234,212.45.53.176,212.46.128.9,212.51.216.98,212.52.41.252,212.59.58.3,212.60.66.203,212.61.228.162,212.62.112.140,212.69.195.210,212.69.197.78,212.69.209.232,212.73.128.138,212.73.54.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (121)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510241; rev:2003; fwsam: src, 24 hours;)
alert tcp [212.75.118.218,212.85.152.115,212.86.41.30,212.9.176.110,212.90.163.154,212.91.166.140,212.95.54.216,212.96.47.151,212.96.47.22,212.99.231.69,213.114.174.113,213.128.67.194,213.128.82.135,213.133.101.163,213.144.99.113,213.146.180.253,213.149.138.43,213.150.107.74,213.151.175.136,213.151.89.6,213.155.18.200,213.155.21.88,213.155.24.236,213.16.105.133,213.162.55.40,213.165.79.73,213.167.17.68,213.171.53.19,213.172.36.130,213.175.203.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (122)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510242; rev:2003; fwsam: src, 24 hours;)
alert udp [212.75.118.218,212.85.152.115,212.86.41.30,212.9.176.110,212.90.163.154,212.91.166.140,212.95.54.216,212.96.47.151,212.96.47.22,212.99.231.69,213.114.174.113,213.128.67.194,213.128.82.135,213.133.101.163,213.144.99.113,213.146.180.253,213.149.138.43,213.150.107.74,213.151.175.136,213.151.89.6,213.155.18.200,213.155.21.88,213.155.24.236,213.16.105.133,213.162.55.40,213.165.79.73,213.167.17.68,213.171.53.19,213.172.36.130,213.175.203.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (122)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510243; rev:2003; fwsam: src, 24 hours;)
alert tcp [213.176.138.2,213.178.224.168,213.179.142.117,213.180.77.102,213.180.77.213,213.180.84.248,213.180.84.51,213.180.89.204,213.180.92.170,213.184.192.82,213.186.33.87,213.187.77.6,213.188.200.44,213.188.35.29,213.192.6.30,213.192.60.113,213.193.231.204,213.193.236.201,213.202.225.90,213.203.203.48,213.203.230.24,213.207.93.121,213.210.87.237,213.218.114.91,213.218.140.64,213.218.142.201,213.223.38.100,213.228.144.24,213.228.226.54,213.232.110.183] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (123)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510244; rev:2003; fwsam: src, 24 hours;)
alert udp [213.176.138.2,213.178.224.168,213.179.142.117,213.180.77.102,213.180.77.213,213.180.84.248,213.180.84.51,213.180.89.204,213.180.92.170,213.184.192.82,213.186.33.87,213.187.77.6,213.188.200.44,213.188.35.29,213.192.6.30,213.192.60.113,213.193.231.204,213.193.236.201,213.202.225.90,213.203.203.48,213.203.230.24,213.207.93.121,213.210.87.237,213.218.114.91,213.218.140.64,213.218.142.201,213.223.38.100,213.228.144.24,213.228.226.54,213.232.110.183] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (123)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510245; rev:2003; fwsam: src, 24 hours;)
alert tcp [213.232.24.66,213.239.193.50,213.239.204.177,213.239.206.205,213.239.206.72,213.239.210.169,213.239.211.196,213.239.211.39,213.239.211.56,213.239.213.81,213.239.216.153,213.239.216.190,213.239.217.226,213.239.219.117,213.240.244.17,213.242.100.252,213.242.253.15,213.246.39.170,213.247.43.39,213.247.43.40,213.248.53.114,213.250.93.231,213.252.174.51,213.29.58.52,213.39.252.98,213.41.232.125,213.5.65.169,213.5.65.200,213.58.172.115,213.6.229.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (124)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510246; rev:2003; fwsam: src, 24 hours;)
alert udp [213.232.24.66,213.239.193.50,213.239.204.177,213.239.206.205,213.239.206.72,213.239.210.169,213.239.211.196,213.239.211.39,213.239.211.56,213.239.213.81,213.239.216.153,213.239.216.190,213.239.217.226,213.239.219.117,213.240.244.17,213.242.100.252,213.242.253.15,213.246.39.170,213.247.43.39,213.247.43.40,213.248.53.114,213.250.93.231,213.252.174.51,213.29.58.52,213.39.252.98,213.41.232.125,213.5.65.169,213.5.65.200,213.58.172.115,213.6.229.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (124)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510247; rev:2003; fwsam: src, 24 hours;)
alert tcp [213.80.73.45,213.81.135.106,213.82.56.66,213.9.33.32,213.9.98.90,213.92.109.64,213.92.118.207,213.92.12.224,213.96.215.7,213.97.40.36,213.98.87.199,216.1.10.228,216.103.65.60,216.107.124.165,216.109.73.21,216.119.103.32,216.12.207.250,216.120.143.122,216.120.143.68,216.121.5.180,216.127.170.50,216.131.94.80,216.131.95.80,216.139.181.67,216.14.115.44,216.14.80.253,216.155.138.85,216.155.154.171,216.167.179.37,216.167.238.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (125)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510248; rev:2003; fwsam: src, 24 hours;)
alert udp [213.80.73.45,213.81.135.106,213.82.56.66,213.9.33.32,213.9.98.90,213.92.109.64,213.92.118.207,213.92.12.224,213.96.215.7,213.97.40.36,213.98.87.199,216.1.10.228,216.103.65.60,216.107.124.165,216.109.73.21,216.119.103.32,216.12.207.250,216.120.143.122,216.120.143.68,216.121.5.180,216.127.170.50,216.131.94.80,216.131.95.80,216.139.181.67,216.14.115.44,216.14.80.253,216.155.138.85,216.155.154.171,216.167.179.37,216.167.238.32] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (125)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510249; rev:2003; fwsam: src, 24 hours;)
alert tcp [216.174.107.215,216.18.67.5,216.187.185.98,216.191.201.228,216.205.103.46,216.206.242.200,216.208.135.135,216.218.207.155,216.24.163.135,216.240.180.195,216.245.198.210,216.246.5.2,216.248.6.194,216.250.243.62,216.37.12.227,216.39.62.191,216.40.33.31,216.45.55.77,216.46.131.246,216.55.143.239,216.55.164.20,216.58.80.54,216.64.171.55,216.74.165.140,216.75.15.121,216.8.160.137,216.83.51.180,216.86.207.27,217.11.253.210,217.11.60.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (126)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510250; rev:2003; fwsam: src, 24 hours;)
alert udp [216.174.107.215,216.18.67.5,216.187.185.98,216.191.201.228,216.205.103.46,216.206.242.200,216.208.135.135,216.218.207.155,216.24.163.135,216.240.180.195,216.245.198.210,216.246.5.2,216.248.6.194,216.250.243.62,216.37.12.227,216.39.62.191,216.40.33.31,216.45.55.77,216.46.131.246,216.55.143.239,216.55.164.20,216.58.80.54,216.64.171.55,216.74.165.140,216.75.15.121,216.8.160.137,216.83.51.180,216.86.207.27,217.11.253.210,217.11.60.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (126)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510251; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.112.118.194,217.112.135.3,217.113.129.100,217.113.131.204,217.113.138.17,217.114.210.190,217.114.215.199,217.114.215.218,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.115.192.144,217.115.199.215,217.116.8.238,217.117.213.26,217.117.28.119,217.117.28.152,217.117.28.85,217.118.181.118,217.119.124.43,217.119.124.50,217.120.19.249,217.127.105.46,217.127.157.42,217.127.167.90,217.127.71.155,217.128.219.207,217.128.229.129,217.13.196.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (127)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510252; rev:2003; fwsam: src, 24 hours;)
alert udp [217.112.118.194,217.112.135.3,217.113.129.100,217.113.131.204,217.113.138.17,217.114.210.190,217.114.215.199,217.114.215.218,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.115.192.144,217.115.199.215,217.116.8.238,217.117.213.26,217.117.28.119,217.117.28.152,217.117.28.85,217.118.181.118,217.119.124.43,217.119.124.50,217.120.19.249,217.127.105.46,217.127.157.42,217.127.167.90,217.127.71.155,217.128.219.207,217.128.229.129,217.13.196.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (127)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510253; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.131.3.37,217.132.65.9,217.133.85.112,217.139.134.107,217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.147.44.187,217.148.84.181,217.149.245.166,217.15.117.102,217.15.25.94,217.151.118.19,217.151.135.192,217.151.135.77,217.153.165.58,217.16.28.65,217.16.83.178,217.160.129.160,217.160.171.207,217.160.220.218,217.160.222.101,217.162.117.185,217.162.204.57,217.162.224.124,217.162.34.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (128)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510254; rev:2003; fwsam: src, 24 hours;)
alert udp [217.131.3.37,217.132.65.9,217.133.85.112,217.139.134.107,217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.147.44.187,217.148.84.181,217.149.245.166,217.15.117.102,217.15.25.94,217.151.118.19,217.151.135.192,217.151.135.77,217.153.165.58,217.16.28.65,217.16.83.178,217.160.129.160,217.160.171.207,217.160.220.218,217.160.222.101,217.162.117.185,217.162.204.57,217.162.224.124,217.162.34.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (128)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510255; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.162.35.92,217.162.54.59,217.165.236.245,217.165.6.27,217.165.94.34,217.166.58.100,217.169.15.53,217.170.1.185,217.170.16.140,217.171.129.66,217.173.26.248,217.174.103.232,217.174.104.187,217.174.253.116,217.175.10.207,217.175.33.42,217.175.43.165,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83,217.19.227.201,217.194.170.66,217.195.17.3,217.196.160.50,217.196.213.103,217.197.241.56,217.197.249.50,217.198.115.18,217.198.210.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (129)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510256; rev:2003; fwsam: src, 24 hours;)
alert udp [217.162.35.92,217.162.54.59,217.165.236.245,217.165.6.27,217.165.94.34,217.166.58.100,217.169.15.53,217.170.1.185,217.170.16.140,217.171.129.66,217.173.26.248,217.174.103.232,217.174.104.187,217.174.253.116,217.175.10.207,217.175.33.42,217.175.43.165,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83,217.19.227.201,217.194.170.66,217.195.17.3,217.196.160.50,217.196.213.103,217.197.241.56,217.197.249.50,217.198.115.18,217.198.210.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (129)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510257; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.20.127.43,217.20.171.136,217.20.47.86,217.201.107.239,217.201.14.23,217.201.158.226,217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.207.217.148,217.216.65.110,217.216.65.8,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.83.174,217.218.98.254,217.219.115.151,217.219.211.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (130)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510258; rev:2003; fwsam: src, 24 hours;)
alert udp [217.20.127.43,217.20.171.136,217.20.47.86,217.201.107.239,217.201.14.23,217.201.158.226,217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.207.217.148,217.216.65.110,217.216.65.8,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.83.174,217.218.98.254,217.219.115.151,217.219.211.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (130)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510259; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.23.133.80,217.231.230.238,217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.24.125.134,217.24.176.242,217.24.180.220,217.24.240.102,217.24.240.68,217.243.191.229,217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.227.130,217.253.184.197,217.255.212.221,217.27.212.129,217.29.93.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (131)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510260; rev:2003; fwsam: src, 24 hours;)
alert udp [217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.23.133.80,217.231.230.238,217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.24.125.134,217.24.176.242,217.24.180.220,217.24.240.102,217.24.240.68,217.243.191.229,217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.227.130,217.253.184.197,217.255.212.221,217.27.212.129,217.29.93.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (131)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510261; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.56.105.26,217.63.66.133,217.64.173.227,217.64.25.111,217.64.28.55,217.64.29.234,217.65.100.16,217.68.171.13,217.68.173.23,217.69.174.234,217.69.83.51,217.7.135.194,217.70.51.79,217.71.167.229,217.72.154.52,217.72.249.198,217.76.92.24,217.78.8.20,217.79.93.196,217.8.188.2,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (132)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510262; rev:2003; fwsam: src, 24 hours;)
alert udp [217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.56.105.26,217.63.66.133,217.64.173.227,217.64.25.111,217.64.28.55,217.64.29.234,217.65.100.16,217.68.171.13,217.68.173.23,217.69.174.234,217.69.83.51,217.7.135.194,217.70.51.79,217.71.167.229,217.72.154.52,217.72.249.198,217.76.92.24,217.78.8.20,217.79.93.196,217.8.188.2,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (132)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510263; rev:2003; fwsam: src, 24 hours;)
alert tcp [217.83.103.152,217.85.179.191,217.87.201.186,217.87.97.1,217.91.102.84,217.91.63.216,217.92.52.205,217.92.59.216,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.165.73,218.0.1.3,218.1.69.241,218.101.6.204,218.104.207.110,218.106.246.202,218.106.246.65,218.108.0.77,218.108.234.208,218.108.235.86,218.12.198.70,218.14.203.205,218.145.128.230,218.145.31.251,218.145.31.34,218.147.58.44,218.149.128.214,218.150.78.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (133)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510264; rev:2003; fwsam: src, 24 hours;)
alert udp [217.83.103.152,217.85.179.191,217.87.201.186,217.87.97.1,217.91.102.84,217.91.63.216,217.92.52.205,217.92.59.216,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.165.73,218.0.1.3,218.1.69.241,218.101.6.204,218.104.207.110,218.106.246.202,218.106.246.65,218.108.0.77,218.108.234.208,218.108.235.86,218.12.198.70,218.14.203.205,218.145.128.230,218.145.31.251,218.145.31.34,218.147.58.44,218.149.128.214,218.150.78.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (133)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510265; rev:2003; fwsam: src, 24 hours;)
alert tcp [218.16.122.239,218.16.129.140,218.163.177.245,218.163.92.217,218.169.81.77,218.17.181.162,218.18.106.185,218.18.9.155,218.188.27.232,218.189.173.47,218.189.189.51,218.19.140.4,218.2.129.43,218.201.150.75,218.201.150.78,218.203.185.125,218.204.248.170,218.204.249.120,218.204.36.114,218.206.170.134,218.206.224.134,218.206.25.29,218.206.27.13,218.208.209.94,218.21.240.105,218.211.150.249,218.214.38.94,218.219.70.110,218.22.180.182,218.220.3.31] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (134)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510266; rev:2003; fwsam: src, 24 hours;)
alert udp [218.16.122.239,218.16.129.140,218.163.177.245,218.163.92.217,218.169.81.77,218.17.181.162,218.18.106.185,218.18.9.155,218.188.27.232,218.189.173.47,218.189.189.51,218.19.140.4,218.2.129.43,218.201.150.75,218.201.150.78,218.203.185.125,218.204.248.170,218.204.249.120,218.204.36.114,218.206.170.134,218.206.224.134,218.206.25.29,218.206.27.13,218.208.209.94,218.21.240.105,218.211.150.249,218.214.38.94,218.219.70.110,218.22.180.182,218.220.3.31] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (134)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510267; rev:2003; fwsam: src, 24 hours;)
alert tcp [218.220.66.211,218.222.16.112,218.223.38.134,218.225.67.152,218.228.151.225,218.233.89.221,218.234.17.98,218.234.21.57,218.236.58.165,218.237.65.13,218.239.45.146,218.240.28.46,218.240.28.7,218.240.40.25,218.240.43.149,218.241.138.231,218.241.139.67,218.241.154.152,218.241.157.30,218.241.158.18,218.241.173.8,218.241.181.132,218.241.190.46,218.241.236.86,218.241.86.190,218.242.7.2,218.244.176.35,218.246.34.174,218.248.21.170,218.25.89.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (135)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510268; rev:2003; fwsam: src, 24 hours;)
alert udp [218.220.66.211,218.222.16.112,218.223.38.134,218.225.67.152,218.228.151.225,218.233.89.221,218.234.17.98,218.234.21.57,218.236.58.165,218.237.65.13,218.239.45.146,218.240.28.46,218.240.28.7,218.240.40.25,218.240.43.149,218.241.138.231,218.241.139.67,218.241.154.152,218.241.157.30,218.241.158.18,218.241.173.8,218.241.181.132,218.241.190.46,218.241.236.86,218.241.86.190,218.242.7.2,218.244.176.35,218.246.34.174,218.248.21.170,218.25.89.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (135)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510269; rev:2003; fwsam: src, 24 hours;)
alert tcp [218.25.99.135,218.251.29.144,218.251.32.117,218.254.156.192,218.26.117.113,218.27.6.188,218.28.221.103,218.29.86.86,218.29.97.144,218.29.97.209,218.3.166.194,218.30.91.203,218.38.136.38,218.38.16.66,218.38.19.252,218.38.28.135,218.38.54.157,218.4.157.178,218.4.205.201,218.41.60.118,218.43.197.215,218.44.119.188,218.44.36.109,218.45.55.220,218.47.238.108,218.48.219.5,218.5.4.246,218.5.64.100,218.50.190.60,218.55.227.178] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (136)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510270; rev:2003; fwsam: src, 24 hours;)
alert udp [218.25.99.135,218.251.29.144,218.251.32.117,218.254.156.192,218.26.117.113,218.27.6.188,218.28.221.103,218.29.86.86,218.29.97.144,218.29.97.209,218.3.166.194,218.30.91.203,218.38.136.38,218.38.16.66,218.38.19.252,218.38.28.135,218.38.54.157,218.4.157.178,218.4.205.201,218.41.60.118,218.43.197.215,218.44.119.188,218.44.36.109,218.45.55.220,218.47.238.108,218.48.219.5,218.5.4.246,218.5.64.100,218.50.190.60,218.55.227.178] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (136)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510271; rev:2003; fwsam: src, 24 hours;)
alert tcp [218.56.32.108,218.6.15.29,218.6.16.133,218.60.1.95,218.60.8.84,218.63.241.157,218.64.215.239,218.64.5.131,218.64.53.176,218.65.110.180,218.69.106.52,218.69.248.24,218.70.66.187,218.75.22.139,218.75.79.18,218.75.79.19,218.76.215.174,218.78.209.253,218.8.82.99,218.80.193.59,218.83.150.172,218.83.160.76,218.90.174.146,218.90.183.190,218.91.236.82,218.93.122.136,218.93.205.118,218.93.205.205,218.93.248.112,218.93.9.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (137)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510272; rev:2003; fwsam: src, 24 hours;)
alert udp [218.56.32.108,218.6.15.29,218.6.16.133,218.60.1.95,218.60.8.84,218.63.241.157,218.64.215.239,218.64.5.131,218.64.53.176,218.65.110.180,218.69.106.52,218.69.248.24,218.70.66.187,218.75.22.139,218.75.79.18,218.75.79.19,218.76.215.174,218.78.209.253,218.8.82.99,218.80.193.59,218.83.150.172,218.83.160.76,218.90.174.146,218.90.183.190,218.91.236.82,218.93.122.136,218.93.205.118,218.93.205.205,218.93.248.112,218.93.9.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (137)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510273; rev:2003; fwsam: src, 24 hours;)
alert tcp [218.94.11.45,218.97.194.94,219.101.42.89,219.106.249.115,219.110.175.102,219.111.16.42,219.115.27.120,219.117.221.218,219.117.230.241,219.117.236.182,219.117.237.180,219.117.244.212,219.117.245.243,219.121.30.157,219.122.209.251,219.122.229.172,219.122.9.173,219.133.59.40,219.134.65.105,219.136.242.243,219.139.243.236,219.140.173.216,219.140.177.101,219.142.121.43,219.142.61.2,219.142.69.203,219.143.116.159,219.143.208.17,219.143.33.158,219.143.35.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (138)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510274; rev:2003; fwsam: src, 24 hours;)
alert udp [218.94.11.45,218.97.194.94,219.101.42.89,219.106.249.115,219.110.175.102,219.111.16.42,219.115.27.120,219.117.221.218,219.117.230.241,219.117.236.182,219.117.237.180,219.117.244.212,219.117.245.243,219.121.30.157,219.122.209.251,219.122.229.172,219.122.9.173,219.133.59.40,219.134.65.105,219.136.242.243,219.139.243.236,219.140.173.216,219.140.177.101,219.142.121.43,219.142.61.2,219.142.69.203,219.143.116.159,219.143.208.17,219.143.33.158,219.143.35.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (138)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510275; rev:2003; fwsam: src, 24 hours;)
alert tcp [219.143.38.232,219.143.38.233,219.143.46.242,219.147.134.22,219.147.255.179,219.147.9.114,219.148.33.144,219.148.34.95,219.149.43.254,219.150.144.58,219.154.210.118,219.154.210.76,219.159.77.90,219.160.25.50,219.160.250.95,219.165.195.56,219.166.142.132,219.166.26.133,219.166.8.45,219.218.160.80,219.228.15.34,219.232.227.216,219.232.228.121,219.232.237.151,219.232.241.42,219.233.229.77,219.234.133.138,219.237.201.88,219.238.129.26,219.238.147.45] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (139)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510276; rev:2003; fwsam: src, 24 hours;)
alert udp [219.143.38.232,219.143.38.233,219.143.46.242,219.147.134.22,219.147.255.179,219.147.9.114,219.148.33.144,219.148.34.95,219.149.43.254,219.150.144.58,219.154.210.118,219.154.210.76,219.159.77.90,219.160.25.50,219.160.250.95,219.165.195.56,219.166.142.132,219.166.26.133,219.166.8.45,219.218.160.80,219.228.15.34,219.232.227.216,219.232.228.121,219.232.237.151,219.232.241.42,219.233.229.77,219.234.133.138,219.237.201.88,219.238.129.26,219.238.147.45] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (139)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510277; rev:2003; fwsam: src, 24 hours;)
alert tcp [219.240.39.213,219.254.35.191,219.35.76.15,219.75.212.179,219.80.33.54,219.83.125.246,219.84.115.12,219.84.229.5,219.84.99.80,219.85.138.20,219.85.169.121,219.86.132.86,219.87.129.92,219.87.151.158,219.87.179.18,219.90.118.135,219.90.119.155,219.90.119.182,219.91.108.158,219.91.136.37,219.91.242.82,219.94.132.153,219.94.144.25,219.94.148.202,219.94.148.63,219.94.153.142,219.94.165.41,219.94.166.33,219.94.167.152,219.94.167.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (140)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510278; rev:2003; fwsam: src, 24 hours;)
alert udp [219.240.39.213,219.254.35.191,219.35.76.15,219.75.212.179,219.80.33.54,219.83.125.246,219.84.115.12,219.84.229.5,219.84.99.80,219.85.138.20,219.85.169.121,219.86.132.86,219.87.129.92,219.87.151.158,219.87.179.18,219.90.118.135,219.90.119.155,219.90.119.182,219.91.108.158,219.91.136.37,219.91.242.82,219.94.132.153,219.94.144.25,219.94.148.202,219.94.148.63,219.94.153.142,219.94.165.41,219.94.166.33,219.94.167.152,219.94.167.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (140)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510279; rev:2003; fwsam: src, 24 hours;)
alert tcp [219.94.168.208,219.94.175.207,219.94.181.177,219.94.181.42,219.94.181.75,219.94.190.167,219.94.190.27,219.94.190.51,219.94.191.198,219.94.193.216,219.94.197.158,219.94.198.155,219.94.198.156,219.95.235.58,219.96.53.213,219.99.107.58,219.99.218.113,220.104.188.195,220.104.3.136,220.110.162.178,220.110.181.132,220.110.181.133,220.110.194.170,220.110.39.156,220.110.70.50,220.128.226.226,220.128.243.17,220.128.98.96,220.130.135.209,220.130.189.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (141)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510280; rev:2003; fwsam: src, 24 hours;)
alert udp [219.94.168.208,219.94.175.207,219.94.181.177,219.94.181.42,219.94.181.75,219.94.190.167,219.94.190.27,219.94.190.51,219.94.191.198,219.94.193.216,219.94.197.158,219.94.198.155,219.94.198.156,219.95.235.58,219.96.53.213,219.99.107.58,219.99.218.113,220.104.188.195,220.104.3.136,220.110.162.178,220.110.181.132,220.110.181.133,220.110.194.170,220.110.39.156,220.110.70.50,220.128.226.226,220.128.243.17,220.128.98.96,220.130.135.209,220.130.189.142] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (141)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510281; rev:2003; fwsam: src, 24 hours;)
alert tcp [220.130.192.251,220.130.208.174,220.130.208.243,220.130.79.104,220.133.116.210,220.133.136.182,220.134.195.125,220.135.52.214,220.135.73.67,220.135.81.45,220.140.65.146,220.146.16.250,220.150.116.196,220.150.128.105,220.150.151.213,220.156.230.163,220.157.225.74,220.162.241.11,220.163.11.27,220.163.124.202,220.165.28.67,220.165.4.26,220.167.166.51,220.168.198.195,220.173.136.52,220.178.16.99,220.181.19.118,220.181.53.231,220.181.53.236,220.181.53.244] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (142)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510282; rev:2003; fwsam: src, 24 hours;)
alert udp [220.130.192.251,220.130.208.174,220.130.208.243,220.130.79.104,220.133.116.210,220.133.136.182,220.134.195.125,220.135.52.214,220.135.73.67,220.135.81.45,220.140.65.146,220.146.16.250,220.150.116.196,220.150.128.105,220.150.151.213,220.156.230.163,220.157.225.74,220.162.241.11,220.163.11.27,220.163.124.202,220.165.28.67,220.165.4.26,220.167.166.51,220.168.198.195,220.173.136.52,220.178.16.99,220.181.19.118,220.181.53.231,220.181.53.236,220.181.53.244] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (142)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510283; rev:2003; fwsam: src, 24 hours;)
alert tcp [220.181.53.245,220.181.87.83,220.182.3.22,220.182.50.84,220.189.219.19,220.191.224.27,220.194.47.84,220.194.62.71,220.213.166.1,220.213.166.180,220.220.148.211,220.220.149.164,220.221.175.39,220.225.196.107,220.225.215.165,220.225.225.228,220.225.237.174,220.225.242.181,220.225.247.166,220.225.48.227,220.225.80.135,220.226.204.57,220.226.4.44,220.227.218.6,220.227.236.77,220.227.52.98,220.227.54.149,220.227.54.157,220.228.153.76,220.229.218.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (143)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510284; rev:2003; fwsam: src, 24 hours;)
alert udp [220.181.53.245,220.181.87.83,220.182.3.22,220.182.50.84,220.189.219.19,220.191.224.27,220.194.47.84,220.194.62.71,220.213.166.1,220.213.166.180,220.220.148.211,220.220.149.164,220.221.175.39,220.225.196.107,220.225.215.165,220.225.225.228,220.225.237.174,220.225.242.181,220.225.247.166,220.225.48.227,220.225.80.135,220.226.204.57,220.226.4.44,220.227.218.6,220.227.236.77,220.227.52.98,220.227.54.149,220.227.54.157,220.228.153.76,220.229.218.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (143)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510285; rev:2003; fwsam: src, 24 hours;)
alert tcp [220.229.40.241,220.232.130.218,220.232.237.32,220.232.237.38,220.233.235.231,220.233.253.114,220.241.205.221,220.241.34.149,220.244.12.176,220.245.16.149,220.245.249.157,220.247.214.179,220.247.221.27,220.247.223.54,220.247.224.52,220.248.195.27,220.248.224.162,220.248.225.91,220.248.4.202,220.255.7.223,220.255.7.227,220.66.7.248,220.67.151.7,220.68.100.248,220.68.21.25,220.70.2.137,220.73.163.48,221.0.194.203,221.10.252.223,221.11.1.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (144)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510286; rev:2003; fwsam: src, 24 hours;)
alert udp [220.229.40.241,220.232.130.218,220.232.237.32,220.232.237.38,220.233.235.231,220.233.253.114,220.241.205.221,220.241.34.149,220.244.12.176,220.245.16.149,220.245.249.157,220.247.214.179,220.247.221.27,220.247.223.54,220.247.224.52,220.248.195.27,220.248.224.162,220.248.225.91,220.248.4.202,220.255.7.223,220.255.7.227,220.66.7.248,220.67.151.7,220.68.100.248,220.68.21.25,220.70.2.137,220.73.163.48,221.0.194.203,221.10.252.223,221.11.1.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (144)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510287; rev:2003; fwsam: src, 24 hours;)
alert tcp [221.11.4.10,221.116.142.90,221.118.137.163,221.120.107.203,221.121.130.10,221.122.122.71,221.122.79.40,221.122.79.61,221.128.66.192,221.131.83.196,221.133.91.21,221.139.49.73,221.141.2.13,221.143.20.186,221.143.23.34,221.143.23.40,221.146.210.214,221.147.245.7,221.179.186.91,221.181.1.155,221.184.161.176,221.186.214.232,221.186.214.237,221.187.166.65,221.188.141.115,221.188.238.229,221.189.133.225,221.191.105.193,221.191.210.29,221.191.231.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (145)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510288; rev:2003; fwsam: src, 24 hours;)
alert udp [221.11.4.10,221.116.142.90,221.118.137.163,221.120.107.203,221.121.130.10,221.122.122.71,221.122.79.40,221.122.79.61,221.128.66.192,221.131.83.196,221.133.91.21,221.139.49.73,221.141.2.13,221.143.20.186,221.143.23.34,221.143.23.40,221.146.210.214,221.147.245.7,221.179.186.91,221.181.1.155,221.184.161.176,221.186.214.232,221.186.214.237,221.187.166.65,221.188.141.115,221.188.238.229,221.189.133.225,221.191.105.193,221.191.210.29,221.191.231.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (145)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510289; rev:2003; fwsam: src, 24 hours;)
alert tcp [221.192.133.1,221.194.37.91,221.199.11.148,221.204.246.54,221.208.180.12,221.208.194.208,221.210.182.190,221.214.16.178,221.224.81.194,221.230.131.234,221.236.13.113,221.238.21.59,221.239.60.110,221.242.0.194,221.247.58.251,221.3.153.20,221.4.179.226,221.4.242.180,221.7.38.58,221.7.40.47,221.8.19.76,221.8.67.43,221.8.71.48,221.87.0.46,222.103.197.5,222.112.183.173,222.117.124.136,222.122.163.116,222.122.45.30,222.122.46.143] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (146)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510290; rev:2003; fwsam: src, 24 hours;)
alert udp [221.192.133.1,221.194.37.91,221.199.11.148,221.204.246.54,221.208.180.12,221.208.194.208,221.210.182.190,221.214.16.178,221.224.81.194,221.230.131.234,221.236.13.113,221.238.21.59,221.239.60.110,221.242.0.194,221.247.58.251,221.3.153.20,221.4.179.226,221.4.242.180,221.7.38.58,221.7.40.47,221.8.19.76,221.8.67.43,221.8.71.48,221.87.0.46,222.103.197.5,222.112.183.173,222.117.124.136,222.122.163.116,222.122.45.30,222.122.46.143] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (146)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510291; rev:2003; fwsam: src, 24 hours;)
alert tcp [222.122.47.47,222.124.1.66,222.124.193.12,222.124.197.180,222.138.109.160,222.14.157.122,222.149.126.224,222.150.10.15,222.150.42.30,222.151.218.104,222.158.214.180,222.159.244.128,222.161.58.83,222.165.133.208,222.168.33.114,222.168.5.236,222.169.224.226,222.169.224.67,222.171.135.133,222.177.24.35,222.184.232.14,222.185.254.132,222.185.254.18,222.186.26.170,222.186.36.238,222.188.10.59,222.19.138.18,222.190.124.108,222.209.209.25,222.221.2.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (147)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510292; rev:2003; fwsam: src, 24 hours;)
alert udp [222.122.47.47,222.124.1.66,222.124.193.12,222.124.197.180,222.138.109.160,222.14.157.122,222.149.126.224,222.150.10.15,222.150.42.30,222.151.218.104,222.158.214.180,222.159.244.128,222.161.58.83,222.165.133.208,222.168.33.114,222.168.5.236,222.169.224.226,222.169.224.67,222.171.135.133,222.177.24.35,222.184.232.14,222.185.254.132,222.185.254.18,222.186.26.170,222.186.36.238,222.188.10.59,222.19.138.18,222.190.124.108,222.209.209.25,222.221.2.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (147)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510293; rev:2003; fwsam: src, 24 hours;)
alert tcp [222.222.32.174,222.231.24.69,222.231.62.40,222.231.63.126,222.236.44.32,222.236.44.99,222.236.46.241,222.236.46.250,222.236.47.191,222.236.47.79,222.236.47.89,222.237.153.209,222.237.78.139,222.237.78.163,222.237.78.89,222.239.78.149,222.240.205.137,222.240.223.88,222.243.128.2,222.247.48.186,222.247.54.20,222.247.90.41,222.255.236.141,222.255.237.6,222.255.28.246,222.3.249.242,222.33.176.78,222.35.140.25,222.35.143.202,222.35.143.97] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (148)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510294; rev:2003; fwsam: src, 24 hours;)
alert udp [222.222.32.174,222.231.24.69,222.231.62.40,222.231.63.126,222.236.44.32,222.236.44.99,222.236.46.241,222.236.46.250,222.236.47.191,222.236.47.79,222.236.47.89,222.237.153.209,222.237.78.139,222.237.78.163,222.237.78.89,222.239.78.149,222.240.205.137,222.240.223.88,222.243.128.2,222.247.48.186,222.247.54.20,222.247.90.41,222.255.236.141,222.255.237.6,222.255.28.246,222.3.249.242,222.33.176.78,222.35.140.25,222.35.143.202,222.35.143.97] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (148)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510295; rev:2003; fwsam: src, 24 hours;)
alert tcp [222.35.2.94,222.35.33.35,222.35.62.137,222.35.92.44,222.38.2.245,222.45.235.77,222.66.156.194,222.68.223.234,222.73.161.149,222.73.165.93,222.73.228.7,222.73.242.68,222.73.249.156,222.73.42.16,222.73.57.15,222.73.57.42,222.73.93.143,222.78.251.54,222.87.204.3,222.89.136.149,222.91.160.63,222.91.97.74,222.92.105.182,222.92.117.250,222.96.156.160,222.96.25.5,222.97.189.49,24.100.103.15,24.103.144.3,24.106.244.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (149)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510296; rev:2003; fwsam: src, 24 hours;)
alert udp [222.35.2.94,222.35.33.35,222.35.62.137,222.35.92.44,222.38.2.245,222.45.235.77,222.66.156.194,222.68.223.234,222.73.161.149,222.73.165.93,222.73.228.7,222.73.242.68,222.73.249.156,222.73.42.16,222.73.57.15,222.73.57.42,222.73.93.143,222.78.251.54,222.87.204.3,222.89.136.149,222.91.160.63,222.91.97.74,222.92.105.182,222.92.117.250,222.96.156.160,222.96.25.5,222.97.189.49,24.100.103.15,24.103.144.3,24.106.244.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (149)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510297; rev:2003; fwsam: src, 24 hours;)
alert tcp [24.107.114.22,24.107.14.9,24.123.0.68,24.123.191.79,24.144.11.60,24.148.96.50,24.154.184.34,24.158.16.2,24.16.184.156,24.173.95.196,24.181.93.165,24.197.24.44,24.201.102.199,24.211.198.181,24.222.234.201,24.225.3.230,24.232.170.65,24.244.160.6,24.249.77.55,24.254.195.22,24.42.36.253,24.73.254.90,24.79.134.240,24.8.190.39,24.82.6.69,24.90.50.244,24.96.32.14,24.97.8.227,24.99.44.164,38.102.157.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (150)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510298; rev:2003; fwsam: src, 24 hours;)
alert udp [24.107.114.22,24.107.14.9,24.123.0.68,24.123.191.79,24.144.11.60,24.148.96.50,24.154.184.34,24.158.16.2,24.16.184.156,24.173.95.196,24.181.93.165,24.197.24.44,24.201.102.199,24.211.198.181,24.222.234.201,24.225.3.230,24.232.170.65,24.244.160.6,24.249.77.55,24.254.195.22,24.42.36.253,24.73.254.90,24.79.134.240,24.8.190.39,24.82.6.69,24.90.50.244,24.96.32.14,24.97.8.227,24.99.44.164,38.102.157.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (150)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510299; rev:2003; fwsam: src, 24 hours;)
alert tcp [38.106.70.69,38.108.46.5,38.117.84.70,38.97.225.166,38.98.228.48,38.99.186.51,38.99.90.226,41.132.144.196,41.140.113.192,41.201.218.217,41.201.65.242,41.204.193.156,41.204.218.60,41.216.192.116,41.220.130.82,41.220.239.251,41.221.150.26,41.223.209.59,41.249.110.33,41.250.165.156,41.254.33.118,41.72.137.212,41.78.28.49,41.78.76.3,58.0.21.137,58.1.236.80,58.121.89.235,58.137.157.40,58.137.207.5,58.137.214.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (151)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510300; rev:2003; fwsam: src, 24 hours;)
alert udp [38.106.70.69,38.108.46.5,38.117.84.70,38.97.225.166,38.98.228.48,38.99.186.51,38.99.90.226,41.132.144.196,41.140.113.192,41.201.218.217,41.201.65.242,41.204.193.156,41.204.218.60,41.216.192.116,41.220.130.82,41.220.239.251,41.221.150.26,41.223.209.59,41.249.110.33,41.250.165.156,41.254.33.118,41.72.137.212,41.78.28.49,41.78.76.3,58.0.21.137,58.1.236.80,58.121.89.235,58.137.157.40,58.137.207.5,58.137.214.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (151)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510301; rev:2003; fwsam: src, 24 hours;)
alert tcp [58.147.4.9,58.147.69.70,58.158.161.236,58.16.246.115,58.17.163.103,58.177.202.245,58.177.228.178,58.177.245.31,58.180.159.112,58.180.17.52,58.180.58.214,58.184.88.2,58.185.56.218,58.190.8.28,58.211.16.95,58.211.230.21,58.213.165.158,58.215.78.118,58.216.158.155,58.216.213.178,58.221.34.18,58.221.41.86,58.222.200.226,58.223.143.148,58.223.251.212,58.224.170.148,58.23.64.233,58.241.12.41,58.242.3.10,58.246.112.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (152)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510302; rev:2003; fwsam: src, 24 hours;)
alert udp [58.147.4.9,58.147.69.70,58.158.161.236,58.16.246.115,58.17.163.103,58.177.202.245,58.177.228.178,58.177.245.31,58.180.159.112,58.180.17.52,58.180.58.214,58.184.88.2,58.185.56.218,58.190.8.28,58.211.16.95,58.211.230.21,58.213.165.158,58.215.78.118,58.216.158.155,58.216.213.178,58.221.34.18,58.221.41.86,58.222.200.226,58.223.143.148,58.223.251.212,58.224.170.148,58.23.64.233,58.241.12.41,58.242.3.10,58.246.112.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (152)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510303; rev:2003; fwsam: src, 24 hours;)
alert tcp [58.246.48.26,58.248.189.155,58.248.253.171,58.251.136.100,58.251.147.177,58.26.37.226,58.26.42.151,58.30.143.198,58.30.143.201,58.30.226.49,58.30.231.146,58.39.145.121,58.40.18.81,58.49.104.164,58.59.7.51,58.6.7.103,58.60.10.10,58.63.60.34,58.64.139.59,58.64.164.231,58.68.108.110,58.68.140.25,58.68.69.70,58.68.97.164,58.7.0.171,58.81.201.126,58.83.134.152,58.85.109.65,58.86.31.98,58.86.38.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (153)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510304; rev:2003; fwsam: src, 24 hours;)
alert udp [58.246.48.26,58.248.189.155,58.248.253.171,58.251.136.100,58.251.147.177,58.26.37.226,58.26.42.151,58.30.143.198,58.30.143.201,58.30.226.49,58.30.231.146,58.39.145.121,58.40.18.81,58.49.104.164,58.59.7.51,58.6.7.103,58.60.10.10,58.63.60.34,58.64.139.59,58.64.164.231,58.68.108.110,58.68.140.25,58.68.69.70,58.68.97.164,58.7.0.171,58.81.201.126,58.83.134.152,58.85.109.65,58.86.31.98,58.86.38.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (153)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510305; rev:2003; fwsam: src, 24 hours;)
alert tcp [58.86.43.69,58.89.32.85,58.91.188.163,58.96.68.93,59.106.11.43,59.106.25.161,59.106.37.32,59.106.88.230,59.106.89.201,59.108.116.67,59.108.120.163,59.108.76.164,59.120.0.172,59.120.119.49,59.120.167.142,59.120.217.111,59.120.223.102,59.120.228.158,59.120.241.21,59.120.72.252,59.120.73.7,59.120.77.205,59.124.114.238,59.124.126.161,59.124.204.55,59.124.214.5,59.124.29.182,59.124.69.49,59.124.71.115,59.125.155.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (154)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510306; rev:2003; fwsam: src, 24 hours;)
alert udp [58.86.43.69,58.89.32.85,58.91.188.163,58.96.68.93,59.106.11.43,59.106.25.161,59.106.37.32,59.106.88.230,59.106.89.201,59.108.116.67,59.108.120.163,59.108.76.164,59.120.0.172,59.120.119.49,59.120.167.142,59.120.217.111,59.120.223.102,59.120.228.158,59.120.241.21,59.120.72.252,59.120.73.7,59.120.77.205,59.124.114.238,59.124.126.161,59.124.204.55,59.124.214.5,59.124.29.182,59.124.69.49,59.124.71.115,59.125.155.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (154)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510307; rev:2003; fwsam: src, 24 hours;)
alert tcp [59.125.183.76,59.125.184.250,59.125.185.89,59.125.227.173,59.125.251.118,59.125.50.27,59.125.61.139,59.125.61.196,59.125.74.50,59.126.12.182,59.133.219.169,59.148.231.88,59.15.38.3,59.151.119.180,59.151.17.200,59.161.82.27,59.166.3.34,59.167.197.153,59.175.184.44,59.176.129.222,59.188.52.117,59.19.109.115,59.19.109.45,59.190.130.239,59.190.164.160,59.25.185.119,59.33.46.67,59.36.98.154,59.42.210.215,59.45.63.189] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (155)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510308; rev:2003; fwsam: src, 24 hours;)
alert udp [59.125.183.76,59.125.184.250,59.125.185.89,59.125.227.173,59.125.251.118,59.125.50.27,59.125.61.139,59.125.61.196,59.125.74.50,59.126.12.182,59.133.219.169,59.148.231.88,59.15.38.3,59.151.119.180,59.151.17.200,59.161.82.27,59.166.3.34,59.167.197.153,59.175.184.44,59.176.129.222,59.188.52.117,59.19.109.115,59.19.109.45,59.190.130.239,59.190.164.160,59.25.185.119,59.33.46.67,59.36.98.154,59.42.210.215,59.45.63.189] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (155)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510309; rev:2003; fwsam: src, 24 hours;)
alert tcp [59.49.14.12,59.50.113.241,59.53.91.121,59.53.91.130,59.53.91.187,59.53.91.188,59.53.91.195,59.53.92.220,59.55.142.10,59.58.163.75,59.84.82.137,59.90.140.171,59.92.243.114,59.92.68.95,59.93.166.84,59.93.210.206,59.93.49.49,59.94.180.226,59.94.254.97,59.94.68.57,59.95.49.83,59.95.54.29,59.99.1.114,59.99.144.178,59.99.16.39,59.99.18.22,59.99.18.226,59.99.18.42,59.99.57.157,59.99.59.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (156)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510310; rev:2003; fwsam: src, 24 hours;)
alert udp [59.49.14.12,59.50.113.241,59.53.91.121,59.53.91.130,59.53.91.187,59.53.91.188,59.53.91.195,59.53.92.220,59.55.142.10,59.58.163.75,59.84.82.137,59.90.140.171,59.92.243.114,59.92.68.95,59.93.166.84,59.93.210.206,59.93.49.49,59.94.180.226,59.94.254.97,59.94.68.57,59.95.49.83,59.95.54.29,59.99.1.114,59.99.144.178,59.99.16.39,59.99.18.22,59.99.18.226,59.99.18.42,59.99.57.157,59.99.59.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (156)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510311; rev:2003; fwsam: src, 24 hours;)
alert tcp [60.10.132.42,60.12.194.130,60.13.129.139,60.13.142.62,60.171.75.147,60.175.70.131,60.190.31.214,60.191.121.170,60.191.187.227,60.191.187.228,60.191.187.234,60.191.187.246,60.195.250.54,60.196.143.134,60.208.113.131,60.21.216.14,60.212.42.11,60.216.104.82,60.216.89.30,60.217.234.142,60.224.34.145,60.229.250.221,60.234.24.94,60.234.40.218,60.234.73.155,60.234.73.210,60.236.155.234,60.237.58.218,60.238.241.68,60.240.108.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (157)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510312; rev:2003; fwsam: src, 24 hours;)
alert udp [60.10.132.42,60.12.194.130,60.13.129.139,60.13.142.62,60.171.75.147,60.175.70.131,60.190.31.214,60.191.121.170,60.191.187.227,60.191.187.228,60.191.187.234,60.191.187.246,60.195.250.54,60.196.143.134,60.208.113.131,60.21.216.14,60.212.42.11,60.216.104.82,60.216.89.30,60.217.234.142,60.224.34.145,60.229.250.221,60.234.24.94,60.234.40.218,60.234.73.155,60.234.73.210,60.236.155.234,60.237.58.218,60.238.241.68,60.240.108.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (157)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510313; rev:2003; fwsam: src, 24 hours;)
alert tcp [60.242.167.253,60.248.112.2,60.248.131.12,60.248.158.23,60.248.175.30,60.248.192.136,60.248.223.95,60.248.43.193,60.248.43.195,60.248.84.111,60.249.111.175,60.249.116.30,60.249.14.157,60.249.14.160,60.249.143.81,60.249.168.50,60.249.19.38,60.249.197.25,60.249.222.176,60.249.223.180,60.249.223.63,60.249.24.30,60.249.241.48,60.249.41.210,60.249.84.115,60.249.91.8,60.249.94.40,60.249.95.169,60.250.164.162,60.250.164.177] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (158)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510314; rev:2003; fwsam: src, 24 hours;)
alert udp [60.242.167.253,60.248.112.2,60.248.131.12,60.248.158.23,60.248.175.30,60.248.192.136,60.248.223.95,60.248.43.193,60.248.43.195,60.248.84.111,60.249.111.175,60.249.116.30,60.249.14.157,60.249.14.160,60.249.143.81,60.249.168.50,60.249.19.38,60.249.197.25,60.249.222.176,60.249.223.180,60.249.223.63,60.249.24.30,60.249.241.48,60.249.41.210,60.249.84.115,60.249.91.8,60.249.94.40,60.249.95.169,60.250.164.162,60.250.164.177] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (158)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510315; rev:2003; fwsam: src, 24 hours;)
alert tcp [60.250.193.212,60.250.200.59,60.250.206.165,60.250.33.188,60.250.72.198,60.251.101.45,60.251.200.98,60.251.255.130,60.251.40.30,60.251.55.173,60.251.61.161,60.251.68.219,60.251.83.106,60.253.101.245,60.28.101.10,60.28.185.137,60.28.205.240,60.28.27.14,60.28.81.251,60.29.236.126,60.29.252.148,60.29.80.50,60.30.32.26,60.31.211.5,60.32.212.233,60.32.214.106,60.32.64.234,60.32.81.102,60.38.220.9,60.40.86.239] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (159)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510316; rev:2003; fwsam: src, 24 hours;)
alert udp [60.250.193.212,60.250.200.59,60.250.206.165,60.250.33.188,60.250.72.198,60.251.101.45,60.251.200.98,60.251.255.130,60.251.40.30,60.251.55.173,60.251.61.161,60.251.68.219,60.251.83.106,60.253.101.245,60.28.101.10,60.28.185.137,60.28.205.240,60.28.27.14,60.28.81.251,60.29.236.126,60.29.252.148,60.29.80.50,60.30.32.26,60.31.211.5,60.32.212.233,60.32.214.106,60.32.64.234,60.32.81.102,60.38.220.9,60.40.86.239] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (159)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510317; rev:2003; fwsam: src, 24 hours;)
alert tcp [60.49.153.153,60.51.181.253,60.52.193.3,60.56.119.234,60.56.229.55,61.100.4.28,61.100.4.52,61.100.4.56,61.100.5.136,61.106.159.40,61.109.250.148,61.109.255.33,61.111.18.12,61.111.18.20,61.114.230.34,61.115.196.201,61.115.196.205,61.115.213.18,61.115.229.120,61.119.174.109,61.12.7.236,61.12.8.195,61.120.141.18,61.125.76.89,61.127.56.14,61.128.121.138,61.128.122.13,61.129.112.168,61.129.32.100,61.129.64.137] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (160)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510318; rev:2003; fwsam: src, 24 hours;)
alert udp [60.49.153.153,60.51.181.253,60.52.193.3,60.56.119.234,60.56.229.55,61.100.4.28,61.100.4.52,61.100.4.56,61.100.5.136,61.106.159.40,61.109.250.148,61.109.255.33,61.111.18.12,61.111.18.20,61.114.230.34,61.115.196.201,61.115.196.205,61.115.213.18,61.115.229.120,61.119.174.109,61.12.7.236,61.12.8.195,61.120.141.18,61.125.76.89,61.127.56.14,61.128.121.138,61.128.122.13,61.129.112.168,61.129.32.100,61.129.64.137] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (160)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510319; rev:2003; fwsam: src, 24 hours;)
alert tcp [61.129.86.186,61.131.47.117,61.132.90.43,61.133.208.210,61.133.63.11,61.135.134.109,61.135.151.38,61.135.181.186,61.135.206.21,61.135.214.212,61.135.214.235,61.136.150.238,61.136.93.30,61.138.6.83,61.139.33.205,61.142.80.222,61.143.251.219,61.143.62.3,61.143.62.4,61.144.123.18,61.145.119.60,61.145.123.26,61.145.127.13,61.145.164.225,61.147.107.16,61.147.124.10,61.147.69.97,61.147.75.61,61.148.61.26,61.150.72.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (161)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510320; rev:2003; fwsam: src, 24 hours;)
alert udp [61.129.86.186,61.131.47.117,61.132.90.43,61.133.208.210,61.133.63.11,61.135.134.109,61.135.151.38,61.135.181.186,61.135.206.21,61.135.214.212,61.135.214.235,61.136.150.238,61.136.93.30,61.138.6.83,61.139.33.205,61.142.80.222,61.143.251.219,61.143.62.3,61.143.62.4,61.144.123.18,61.145.119.60,61.145.123.26,61.145.127.13,61.145.164.225,61.147.107.16,61.147.124.10,61.147.69.97,61.147.75.61,61.148.61.26,61.150.72.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (161)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510321; rev:2003; fwsam: src, 24 hours;)
alert tcp [61.152.223.171,61.152.96.116,61.153.216.101,61.153.224.178,61.153.83.93,61.154.127.212,61.155.169.146,61.155.169.148,61.155.218.66,61.155.41.149,61.158.105.121,61.158.105.211,61.158.105.212,61.158.205.224,61.16.240.36,61.160.83.12,61.161.141.3,61.163.253.199,61.163.78.132,61.164.102.52,61.164.12.152,61.164.159.13,61.164.159.164,61.164.38.19,61.164.38.24,61.168.227.12,61.17.164.173,61.17.165.109,61.17.200.247,61.175.198.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (162)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510322; rev:2003; fwsam: src, 24 hours;)
alert udp [61.152.223.171,61.152.96.116,61.153.216.101,61.153.224.178,61.153.83.93,61.154.127.212,61.155.169.146,61.155.169.148,61.155.218.66,61.155.41.149,61.158.105.121,61.158.105.211,61.158.105.212,61.158.205.224,61.16.240.36,61.160.83.12,61.161.141.3,61.163.253.199,61.163.78.132,61.164.102.52,61.164.12.152,61.164.159.13,61.164.159.164,61.164.38.19,61.164.38.24,61.168.227.12,61.17.164.173,61.17.165.109,61.17.200.247,61.175.198.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (162)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510323; rev:2003; fwsam: src, 24 hours;)
alert tcp [61.177.252.198,61.178.65.75,61.178.71.16,61.181.255.139,61.19.114.179,61.19.117.212,61.19.124.146,61.19.199.171,61.19.244.251,61.19.244.254,61.19.246.92,61.19.252.180,61.19.254.13,61.19.255.12,61.19.50.229,61.19.71.68,61.19.78.41,61.190.131.2,61.190.196.225,61.190.37.56,61.191.206.6,61.194.24.197,61.196.101.165,61.207.167.33,61.213.71.166,61.214.70.41,61.218.36.21,61.219.127.138,61.219.177.162,61.219.20.179] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (163)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510324; rev:2003; fwsam: src, 24 hours;)
alert udp [61.177.252.198,61.178.65.75,61.178.71.16,61.181.255.139,61.19.114.179,61.19.117.212,61.19.124.146,61.19.199.171,61.19.244.251,61.19.244.254,61.19.246.92,61.19.252.180,61.19.254.13,61.19.255.12,61.19.50.229,61.19.71.68,61.19.78.41,61.190.131.2,61.190.196.225,61.190.37.56,61.191.206.6,61.194.24.197,61.196.101.165,61.207.167.33,61.213.71.166,61.214.70.41,61.218.36.21,61.219.127.138,61.219.177.162,61.219.20.179] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (163)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510325; rev:2003; fwsam: src, 24 hours;)
alert tcp [61.219.56.227,61.219.74.110,61.220.139.2,61.220.23.211,61.221.104.182,61.221.120.53,61.221.176.144,61.221.57.118,61.221.60.94,61.221.87.83,61.222.142.158,61.222.145.236,61.228.73.151,61.238.158.39,61.239.244.218,61.247.170.98,61.250.81.24,61.30.102.4,61.30.11.166,61.31.161.31,61.31.200.194,61.31.28.32,61.32.246.9,61.37.139.103,61.4.189.151,61.4.190.206,61.4.190.207,61.4.82.11,61.4.82.170,61.4.82.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (164)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510326; rev:2003; fwsam: src, 24 hours;)
alert udp [61.219.56.227,61.219.74.110,61.220.139.2,61.220.23.211,61.221.104.182,61.221.120.53,61.221.176.144,61.221.57.118,61.221.60.94,61.221.87.83,61.222.142.158,61.222.145.236,61.228.73.151,61.238.158.39,61.239.244.218,61.247.170.98,61.250.81.24,61.30.102.4,61.30.11.166,61.31.161.31,61.31.200.194,61.31.28.32,61.32.246.9,61.37.139.103,61.4.189.151,61.4.190.206,61.4.190.207,61.4.82.11,61.4.82.170,61.4.82.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (164)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510327; rev:2003; fwsam: src, 24 hours;)
alert tcp [61.4.82.210,61.41.172.10,61.41.172.20,61.41.172.79,61.41.172.80,61.41.173.212,61.41.173.214,61.41.173.215,61.41.173.216,61.41.173.3,61.41.173.8,61.41.173.9,61.46.154.27,61.49.48.36,61.49.51.158,61.49.60.47,61.49.60.48,61.54.82.251,61.58.45.101,61.59.36.69,61.6.163.30,61.6.35.34,61.61.132.10,61.62.86.142,61.63.33.210,61.63.60.123,61.64.127.185,61.66.192.2,61.67.130.119,61.67.14.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (165)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510328; rev:2003; fwsam: src, 24 hours;)
alert udp [61.4.82.210,61.41.172.10,61.41.172.20,61.41.172.79,61.41.172.80,61.41.173.212,61.41.173.214,61.41.173.215,61.41.173.216,61.41.173.3,61.41.173.8,61.41.173.9,61.46.154.27,61.49.48.36,61.49.51.158,61.49.60.47,61.49.60.48,61.54.82.251,61.58.45.101,61.59.36.69,61.6.163.30,61.6.35.34,61.61.132.10,61.62.86.142,61.63.33.210,61.63.60.123,61.64.127.185,61.66.192.2,61.67.130.119,61.67.14.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (165)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510329; rev:2003; fwsam: src, 24 hours;)
alert tcp [61.7.158.116,61.7.213.123,61.7.213.15,61.7.252.66,61.7.253.244,61.72.254.251,61.74.232.138,61.78.72.242,61.84.218.123,61.9.80.21,61.90.198.172,61.91.120.51,61.91.121.26,61.91.83.150,62.0.6.36,62.109.21.67,62.112.206.93,62.128.133.240,62.128.148.137,62.129.179.220,62.129.243.122,62.129.243.58,62.129.50.35,62.129.50.49,62.133.190.154,62.134.42.17,62.141.33.225,62.141.42.32,62.141.50.254,62.141.58.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (166)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510330; rev:2003; fwsam: src, 24 hours;)
alert udp [61.7.158.116,61.7.213.123,61.7.213.15,61.7.252.66,61.7.253.244,61.72.254.251,61.74.232.138,61.78.72.242,61.84.218.123,61.9.80.21,61.90.198.172,61.91.120.51,61.91.121.26,61.91.83.150,62.0.6.36,62.109.21.67,62.112.206.93,62.128.133.240,62.128.148.137,62.129.179.220,62.129.243.122,62.129.243.58,62.129.50.35,62.129.50.49,62.133.190.154,62.134.42.17,62.141.33.225,62.141.42.32,62.141.50.254,62.141.58.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (166)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510331; rev:2003; fwsam: src, 24 hours;)
alert tcp [62.141.58.188,62.141.58.189,62.141.58.41,62.146.64.99,62.146.94.237,62.147.181.18,62.149.14.211,62.149.204.178,62.149.206.235,62.149.209.224,62.149.218.129,62.149.220.65,62.149.225.250,62.149.23.239,62.149.237.31,62.149.242.182,62.149.247.42,62.154.187.180,62.167.233.202,62.182.62.55,62.182.70.182,62.183.250.199,62.193.226.206,62.193.226.36,62.193.229.116,62.193.237.53,62.194.114.222,62.20.7.138,62.206.198.90,62.211.67.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (167)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510332; rev:2003; fwsam: src, 24 hours;)
alert udp [62.141.58.188,62.141.58.189,62.141.58.41,62.146.64.99,62.146.94.237,62.147.181.18,62.149.14.211,62.149.204.178,62.149.206.235,62.149.209.224,62.149.218.129,62.149.220.65,62.149.225.250,62.149.23.239,62.149.237.31,62.149.242.182,62.149.247.42,62.154.187.180,62.167.233.202,62.182.62.55,62.182.70.182,62.183.250.199,62.193.226.206,62.193.226.36,62.193.229.116,62.193.237.53,62.194.114.222,62.20.7.138,62.206.198.90,62.211.67.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (167)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510333; rev:2003; fwsam: src, 24 hours;)
alert tcp [62.212.10.34,62.212.9.114,62.213.201.230,62.215.158.153,62.215.188.50,62.217.244.108,62.219.14.51,62.225.114.2,62.231.244.219,62.238.249.48,62.240.68.98,62.241.5.86,62.245.187.36,62.25.53.153,62.255.192.75,62.28.21.153,62.28.4.109,62.28.78.74,62.39.95.130,62.43.193.163,62.48.51.28,62.48.69.70,62.48.69.82,62.57.191.168,62.57.232.234,62.75.148.55,62.75.149.100,62.75.150.91,62.75.156.42,62.75.162.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (168)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510334; rev:2003; fwsam: src, 24 hours;)
alert udp [62.212.10.34,62.212.9.114,62.213.201.230,62.215.158.153,62.215.188.50,62.217.244.108,62.219.14.51,62.225.114.2,62.231.244.219,62.238.249.48,62.240.68.98,62.241.5.86,62.245.187.36,62.25.53.153,62.255.192.75,62.28.21.153,62.28.4.109,62.28.78.74,62.39.95.130,62.43.193.163,62.48.51.28,62.48.69.70,62.48.69.82,62.57.191.168,62.57.232.234,62.75.148.55,62.75.149.100,62.75.150.91,62.75.156.42,62.75.162.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (168)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510335; rev:2003; fwsam: src, 24 hours;)
alert tcp [62.75.208.239,62.75.210.34,62.75.211.35,62.75.248.128,62.75.248.154,62.77.53.58,62.80.28.49,62.81.133.30,62.81.185.194,62.82.27.26,62.87.160.66,62.93.239.57,62.93.76.149,62.97.120.155,62.99.205.196,63.111.11.24,63.111.9.170,63.119.11.119,63.134.253.218,63.138.156.205,63.147.61.29,63.148.117.4,63.150.5.15,63.151.109.189,63.193.182.184,63.193.73.148,63.223.106.64,63.231.68.55,63.231.92.18,63.232.28.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (169)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510336; rev:2003; fwsam: src, 24 hours;)
alert udp [62.75.208.239,62.75.210.34,62.75.211.35,62.75.248.128,62.75.248.154,62.77.53.58,62.80.28.49,62.81.133.30,62.81.185.194,62.82.27.26,62.87.160.66,62.93.239.57,62.93.76.149,62.97.120.155,62.99.205.196,63.111.11.24,63.111.9.170,63.119.11.119,63.134.253.218,63.138.156.205,63.147.61.29,63.148.117.4,63.150.5.15,63.151.109.189,63.193.182.184,63.193.73.148,63.223.106.64,63.231.68.55,63.231.92.18,63.232.28.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (169)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510337; rev:2003; fwsam: src, 24 hours;)
alert tcp [63.240.200.72,63.245.19.154,63.246.23.232,63.252.82.125,63.255.109.11,63.255.88.6,63.73.227.239,63.82.7.23,63.82.7.25,63.88.42.24,64.105.5.41,64.105.92.18,64.106.210.110,64.118.84.94,64.118.87.10,64.118.89.180,64.120.180.218,64.120.201.240,64.120.227.154,64.120.41.210,64.120.80.51,64.122.241.35,64.128.174.3,64.128.190.41,64.131.70.14,64.15.159.169,64.15.159.171,64.150.187.80,64.151.225.19,64.151.89.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (170)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510338; rev:2003; fwsam: src, 24 hours;)
alert udp [63.240.200.72,63.245.19.154,63.246.23.232,63.252.82.125,63.255.109.11,63.255.88.6,63.73.227.239,63.82.7.23,63.82.7.25,63.88.42.24,64.105.5.41,64.105.92.18,64.106.210.110,64.118.84.94,64.118.87.10,64.118.89.180,64.120.180.218,64.120.201.240,64.120.227.154,64.120.41.210,64.120.80.51,64.122.241.35,64.128.174.3,64.128.190.41,64.131.70.14,64.15.159.169,64.15.159.171,64.150.187.80,64.151.225.19,64.151.89.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (170)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510339; rev:2003; fwsam: src, 24 hours;)
alert tcp [64.17.232.106,64.17.232.108,64.17.232.94,64.18.194.51,64.183.34.77,64.186.129.142,64.186.131.206,64.186.135.207,64.190.167.84,64.191.26.135,64.191.79.21,64.191.99.150,64.20.62.51,64.20.69.223,64.210.151.186,64.22.82.135,64.233.167.99,64.233.179.121,64.237.43.54,64.244.59.61,64.246.188.4,64.26.180.119,64.27.13.16,64.27.6.5,64.34.149.37,64.34.164.69,64.34.170.47,64.34.176.35,64.34.178.166,64.34.179.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (171)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510340; rev:2003; fwsam: src, 24 hours;)
alert udp [64.17.232.106,64.17.232.108,64.17.232.94,64.18.194.51,64.183.34.77,64.186.129.142,64.186.131.206,64.186.135.207,64.190.167.84,64.191.26.135,64.191.79.21,64.191.99.150,64.20.62.51,64.20.69.223,64.210.151.186,64.22.82.135,64.233.167.99,64.233.179.121,64.237.43.54,64.244.59.61,64.246.188.4,64.26.180.119,64.27.13.16,64.27.6.5,64.34.149.37,64.34.164.69,64.34.170.47,64.34.176.35,64.34.178.166,64.34.179.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (171)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510341; rev:2003; fwsam: src, 24 hours;)
alert tcp [64.34.205.46,64.34.39.105,64.38.69.167,64.40.123.31,64.40.69.178,64.5.219.168,64.59.82.56,64.62.175.66,64.62.181.43,64.69.35.43,64.69.38.145,64.69.41.8,64.69.81.4,64.70.19.33,64.71.155.113,64.74.223.36,64.79.79.227,64.85.170.57,64.85.170.98,64.86.88.144,64.87.1.152,64.87.36.185,64.89.72.86,64.90.182.185,65.100.230.26,65.102.235.205,65.103.138.169,65.107.118.194,65.111.165.7,65.111.168.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (172)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510342; rev:2003; fwsam: src, 24 hours;)
alert udp [64.34.205.46,64.34.39.105,64.38.69.167,64.40.123.31,64.40.69.178,64.5.219.168,64.59.82.56,64.62.175.66,64.62.181.43,64.69.35.43,64.69.38.145,64.69.41.8,64.69.81.4,64.70.19.33,64.71.155.113,64.74.223.36,64.79.79.227,64.85.170.57,64.85.170.98,64.86.88.144,64.87.1.152,64.87.36.185,64.89.72.86,64.90.182.185,65.100.230.26,65.102.235.205,65.103.138.169,65.107.118.194,65.111.165.7,65.111.168.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (172)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510343; rev:2003; fwsam: src, 24 hours;)
alert tcp [65.111.180.119,65.111.184.207,65.111.38.205,65.119.31.194,65.123.143.50,65.170.133.65,65.18.172.222,65.18.174.155,65.19.178.213,65.190.60.207,65.23.129.126,65.23.153.34,65.23.158.13,65.23.158.34,65.240.70.98,65.29.120.148,65.32.57.210,65.38.221.194,65.38.91.225,65.39.174.4,65.39.248.216,65.39.71.90,65.41.114.7,65.44.224.10,65.49.37.36,65.82.14.175,65.82.69.7,65.98.52.172,65.99.194.159,65.99.209.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (173)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510344; rev:2003; fwsam: src, 24 hours;)
alert udp [65.111.180.119,65.111.184.207,65.111.38.205,65.119.31.194,65.123.143.50,65.170.133.65,65.18.172.222,65.18.174.155,65.19.178.213,65.190.60.207,65.23.129.126,65.23.153.34,65.23.158.13,65.23.158.34,65.240.70.98,65.29.120.148,65.32.57.210,65.38.221.194,65.38.91.225,65.39.174.4,65.39.248.216,65.39.71.90,65.41.114.7,65.44.224.10,65.49.37.36,65.82.14.175,65.82.69.7,65.98.52.172,65.99.194.159,65.99.209.89] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (173)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510345; rev:2003; fwsam: src, 24 hours;)
alert tcp [66.101.193.138,66.101.197.202,66.11.150.104,66.117.2.2,66.117.66.18,66.128.53.189,66.128.59.200,66.133.64.110,66.133.64.111,66.135.32.245,66.135.32.248,66.135.33.37,66.135.37.211,66.135.48.23,66.135.59.11,66.135.59.148,66.135.59.232,66.147.134.181,66.152.191.103,66.152.92.56,66.159.18.9,66.159.205.105,66.159.90.65,66.17.23.100,66.175.122.93,66.180.163.187,66.183.17.184,66.185.167.115,66.188.49.147,66.197.141.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (174)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510346; rev:2003; fwsam: src, 24 hours;)
alert udp [66.101.193.138,66.101.197.202,66.11.150.104,66.117.2.2,66.117.66.18,66.128.53.189,66.128.59.200,66.133.64.110,66.133.64.111,66.135.32.245,66.135.32.248,66.135.33.37,66.135.37.211,66.135.48.23,66.135.59.11,66.135.59.148,66.135.59.232,66.147.134.181,66.152.191.103,66.152.92.56,66.159.18.9,66.159.205.105,66.159.90.65,66.17.23.100,66.175.122.93,66.180.163.187,66.183.17.184,66.185.167.115,66.188.49.147,66.197.141.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (174)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510347; rev:2003; fwsam: src, 24 hours;)
alert tcp [66.197.234.21,66.197.240.53,66.197.250.230,66.198.244.11,66.206.114.114,66.212.18.184,66.212.18.210,66.212.19.56,66.214.226.200,66.219.22.133,66.220.0.250,66.225.7.120,66.228.208.17,66.230.162.226,66.232.146.221,66.232.147.77,66.239.207.58,66.239.237.202,66.240.199.11,66.240.199.69,66.240.208.68,66.243.243.120,66.244.150.176,66.248.143.34,66.249.160.170,66.250.40.5,66.254.228.118,66.31.185.58,66.40.10.12,66.45.171.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (175)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510348; rev:2003; fwsam: src, 24 hours;)
alert udp [66.197.234.21,66.197.240.53,66.197.250.230,66.198.244.11,66.206.114.114,66.212.18.184,66.212.18.210,66.212.19.56,66.214.226.200,66.219.22.133,66.220.0.250,66.225.7.120,66.228.208.17,66.230.162.226,66.232.146.221,66.232.147.77,66.239.207.58,66.239.237.202,66.240.199.11,66.240.199.69,66.240.208.68,66.243.243.120,66.244.150.176,66.248.143.34,66.249.160.170,66.250.40.5,66.254.228.118,66.31.185.58,66.40.10.12,66.45.171.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (175)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510349; rev:2003; fwsam: src, 24 hours;)
alert tcp [66.45.230.101,66.45.233.242,66.46.196.237,66.48.71.42,66.49.221.145,66.55.144.165,66.55.145.36,66.55.150.212,66.6.216.244,66.60.72.32,66.63.191.167,66.64.127.82,66.65.5.154,66.7.149.243,66.7.204.160,66.7.221.26,66.71.182.11,66.71.246.164,66.71.250.89,66.71.252.47,66.71.252.68,66.78.21.172,66.78.31.186,66.79.162.213,66.79.163.46,66.93.30.146,66.96.146.81,66.96.146.90,66.96.16.32,66.96.223.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (176)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510350; rev:2003; fwsam: src, 24 hours;)
alert udp [66.45.230.101,66.45.233.242,66.46.196.237,66.48.71.42,66.49.221.145,66.55.144.165,66.55.145.36,66.55.150.212,66.6.216.244,66.60.72.32,66.63.191.167,66.64.127.82,66.65.5.154,66.7.149.243,66.7.204.160,66.7.221.26,66.71.182.11,66.71.246.164,66.71.250.89,66.71.252.47,66.71.252.68,66.78.21.172,66.78.31.186,66.79.162.213,66.79.163.46,66.93.30.146,66.96.146.81,66.96.146.90,66.96.16.32,66.96.223.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (176)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510351; rev:2003; fwsam: src, 24 hours;)
alert tcp [66.96.238.245,66.96.241.140,67.101.115.108,67.106.82.228,67.106.82.233,67.109.65.37,67.118.41.164,67.131.250.129,67.133.102.2,67.136.161.154,67.137.54.45,67.148.10.162,67.18.182.170,67.18.208.53,67.18.208.7,67.181.140.60,67.186.211.219,67.19.188.234,67.19.22.138,67.19.230.170,67.19.29.250,67.19.46.186,67.19.98.138,67.190.88.207,67.191.50.233,67.192.132.242,67.192.162.12,67.192.234.10,67.192.251.180,67.202.104.158] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (177)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510352; rev:2003; fwsam: src, 24 hours;)
alert udp [66.96.238.245,66.96.241.140,67.101.115.108,67.106.82.228,67.106.82.233,67.109.65.37,67.118.41.164,67.131.250.129,67.133.102.2,67.136.161.154,67.137.54.45,67.148.10.162,67.18.182.170,67.18.208.53,67.18.208.7,67.181.140.60,67.186.211.219,67.19.188.234,67.19.22.138,67.19.230.170,67.19.29.250,67.19.46.186,67.19.98.138,67.190.88.207,67.191.50.233,67.192.132.242,67.192.162.12,67.192.234.10,67.192.251.180,67.202.104.158] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (177)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510353; rev:2003; fwsam: src, 24 hours;)
alert tcp [67.202.108.110,67.202.38.77,67.202.73.94,67.202.84.98,67.202.87.55,67.205.102.209,67.205.103.24,67.205.107.152,67.205.111.108,67.205.66.228,67.205.89.109,67.205.89.121,67.206.220.79,67.207.132.52,67.207.194.50,67.207.194.82,67.209.77.27,67.210.231.188,67.210.244.55,67.211.43.238,67.212.186.186,67.212.189.90,67.212.193.113,67.212.66.226,67.214.161.149,67.215.172.2,67.215.245.145,67.215.246.90,67.221.214.66,67.222.135.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (178)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510354; rev:2003; fwsam: src, 24 hours;)
alert udp [67.202.108.110,67.202.38.77,67.202.73.94,67.202.84.98,67.202.87.55,67.205.102.209,67.205.103.24,67.205.107.152,67.205.111.108,67.205.66.228,67.205.89.109,67.205.89.121,67.206.220.79,67.207.132.52,67.207.194.50,67.207.194.82,67.209.77.27,67.210.231.188,67.210.244.55,67.211.43.238,67.212.186.186,67.212.189.90,67.212.193.113,67.212.66.226,67.214.161.149,67.215.172.2,67.215.245.145,67.215.246.90,67.221.214.66,67.222.135.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (178)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510355; rev:2003; fwsam: src, 24 hours;)
alert tcp [67.223.238.69,67.227.82.202,67.228.130.45,67.228.137.9,67.228.164.67,67.228.184.3,67.228.205.162,67.228.238.204,67.228.94.234,67.23.15.160,67.23.167.138,67.23.167.45,67.23.178.54,67.23.18.42,67.23.188.14,67.23.19.37,67.23.232.21,67.23.236.45,67.23.237.44,67.23.31.232,67.23.35.35,67.23.36.228,67.23.43.38,67.23.46.37,67.23.46.76,67.231.241.130,67.242.197.139,67.246.58.78,67.34.178.96,67.37.240.189] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (179)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510356; rev:2003; fwsam: src, 24 hours;)
alert udp [67.223.238.69,67.227.82.202,67.228.130.45,67.228.137.9,67.228.164.67,67.228.184.3,67.228.205.162,67.228.238.204,67.228.94.234,67.23.15.160,67.23.167.138,67.23.167.45,67.23.178.54,67.23.18.42,67.23.188.14,67.23.19.37,67.23.232.21,67.23.236.45,67.23.237.44,67.23.31.232,67.23.35.35,67.23.36.228,67.23.43.38,67.23.46.37,67.23.46.76,67.231.241.130,67.242.197.139,67.246.58.78,67.34.178.96,67.37.240.189] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (179)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510357; rev:2003; fwsam: src, 24 hours;)
alert tcp [67.39.95.188,67.43.226.146,67.52.98.213,67.55.171.240,67.59.188.60,67.90.117.219,67.90.194.2,67.90.61.167,68.116.199.231,68.122.21.230,68.142.141.210,68.143.86.154,68.149.186.111,68.15.125.214,68.15.91.138,68.168.208.116,68.168.222.158,68.169.239.80,68.169.42.215,68.169.43.149,68.169.44.161,68.169.44.165,68.169.44.221,68.169.44.222,68.169.46.143,68.169.46.253,68.169.46.9,68.174.74.30,68.178.232.100,68.179.86.125] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (180)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510358; rev:2003; fwsam: src, 24 hours;)
alert udp [67.39.95.188,67.43.226.146,67.52.98.213,67.55.171.240,67.59.188.60,67.90.117.219,67.90.194.2,67.90.61.167,68.116.199.231,68.122.21.230,68.142.141.210,68.143.86.154,68.149.186.111,68.15.125.214,68.15.91.138,68.168.208.116,68.168.222.158,68.169.239.80,68.169.42.215,68.169.43.149,68.169.44.161,68.169.44.165,68.169.44.221,68.169.44.222,68.169.46.143,68.169.46.253,68.169.46.9,68.174.74.30,68.178.232.100,68.179.86.125] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (180)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510359; rev:2003; fwsam: src, 24 hours;)
alert tcp [68.180.151.96,68.183.230.70,68.190.22.250,68.197.160.106,68.208.187.66,68.233.235.38,68.234.15.46,68.234.221.102,68.236.181.133,68.59.219.117,68.61.164.215,68.62.57.15,68.72.235.250,68.75.40.72,68.83.9.40,68.90.69.202,68.92.9.83,69.10.51.202,69.105.225.55,69.113.114.107,69.12.215.34,69.120.2.123,69.144.244.163,69.147.175.180,69.161.142.177,69.162.125.77,69.162.71.20,69.163.153.121,69.164.192.243,69.164.193.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (181)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510360; rev:2003; fwsam: src, 24 hours;)
alert udp [68.180.151.96,68.183.230.70,68.190.22.250,68.197.160.106,68.208.187.66,68.233.235.38,68.234.15.46,68.234.221.102,68.236.181.133,68.59.219.117,68.61.164.215,68.62.57.15,68.72.235.250,68.75.40.72,68.83.9.40,68.90.69.202,68.92.9.83,69.10.51.202,69.105.225.55,69.113.114.107,69.12.215.34,69.120.2.123,69.144.244.163,69.147.175.180,69.161.142.177,69.162.125.77,69.162.71.20,69.163.153.121,69.164.192.243,69.164.193.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (181)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510361; rev:2003; fwsam: src, 24 hours;)
alert tcp [69.164.198.43,69.164.199.215,69.164.199.225,69.164.215.223,69.167.177.160,69.168.54.68,69.169.145.90,69.169.183.21,69.170.135.92,69.174.242.21,69.174.245.148,69.174.246.16,69.174.246.162,69.175.108.234,69.175.111.238,69.175.112.27,69.175.122.178,69.175.35.138,69.175.6.102,69.175.87.66,69.175.99.42,69.197.137.226,69.197.6.65,69.198.160.190,69.20.239.58,69.208.138.109,69.231.158.6,69.235.236.171,69.235.30.151,69.235.42.93] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (182)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510362; rev:2003; fwsam: src, 24 hours;)
alert udp [69.164.198.43,69.164.199.215,69.164.199.225,69.164.215.223,69.167.177.160,69.168.54.68,69.169.145.90,69.169.183.21,69.170.135.92,69.174.242.21,69.174.245.148,69.174.246.16,69.174.246.162,69.175.108.234,69.175.111.238,69.175.112.27,69.175.122.178,69.175.35.138,69.175.6.102,69.175.87.66,69.175.99.42,69.197.137.226,69.197.6.65,69.198.160.190,69.20.239.58,69.208.138.109,69.231.158.6,69.235.236.171,69.235.30.151,69.235.42.93] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (182)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510363; rev:2003; fwsam: src, 24 hours;)
alert tcp [69.245.36.36,69.246.129.20,69.27.107.236,69.27.98.4,69.28.134.114,69.3.228.36,69.30.218.72,69.30.25.44,69.36.10.215,69.36.11.160,69.36.11.169,69.36.13.85,69.36.15.218,69.36.2.88,69.36.3.131,69.36.3.80,69.36.3.9,69.36.8.43,69.36.9.2,69.38.139.76,69.42.69.6,69.42.89.214,69.43.136.151,69.43.160.145,69.45.144.59,69.45.144.61,69.46.252.5,69.50.217.210,69.50.217.91,69.55.238.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (183)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510364; rev:2003; fwsam: src, 24 hours;)
alert udp [69.245.36.36,69.246.129.20,69.27.107.236,69.27.98.4,69.28.134.114,69.3.228.36,69.30.218.72,69.30.25.44,69.36.10.215,69.36.11.160,69.36.11.169,69.36.13.85,69.36.15.218,69.36.2.88,69.36.3.131,69.36.3.80,69.36.3.9,69.36.8.43,69.36.9.2,69.38.139.76,69.42.69.6,69.42.89.214,69.43.136.151,69.43.160.145,69.45.144.59,69.45.144.61,69.46.252.5,69.50.217.210,69.50.217.91,69.55.238.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (183)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510365; rev:2003; fwsam: src, 24 hours;)
alert tcp [69.55.45.40,69.55.62.18,69.55.75.184,69.59.177.132,69.59.195.102,69.60.116.208,69.60.160.149,69.60.204.9,69.60.21.130,69.60.224.11,69.63.165.98,69.64.147.211,69.64.210.120,69.64.62.50,69.65.40.43,69.65.41.75,69.7.46.19,69.70.74.242,69.72.183.240,69.73.154.103,69.73.155.139,69.73.170.112,69.73.230.90,69.80.228.12,69.89.15.235,69.89.2.250,69.89.78.36,69.90.188.183,69.90.76.18,69.93.157.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (184)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510366; rev:2003; fwsam: src, 24 hours;)
alert udp [69.55.45.40,69.55.62.18,69.55.75.184,69.59.177.132,69.59.195.102,69.60.116.208,69.60.160.149,69.60.204.9,69.60.21.130,69.60.224.11,69.63.165.98,69.64.147.211,69.64.210.120,69.64.62.50,69.65.40.43,69.65.41.75,69.7.46.19,69.70.74.242,69.72.183.240,69.73.154.103,69.73.155.139,69.73.170.112,69.73.230.90,69.80.228.12,69.89.15.235,69.89.2.250,69.89.78.36,69.90.188.183,69.90.76.18,69.93.157.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (184)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510367; rev:2003; fwsam: src, 24 hours;)
alert tcp [69.94.110.5,70.103.134.16,70.106.61.246,70.113.36.214,70.130.186.19,70.143.2.137,70.164.40.83,70.169.138.177,70.184.243.102,70.237.193.20,70.28.53.140,70.28.71.70,70.33.143.69,70.33.179.242,70.34.192.69,70.38.38.138,70.38.54.101,70.38.54.102,70.38.54.206,70.38.54.212,70.38.78.211,70.52.212.150,70.66.213.81,70.70.249.57,70.84.196.162,70.84.62.194,70.85.129.101,70.85.31.210,70.85.52.99,70.85.95.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (185)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510368; rev:2003; fwsam: src, 24 hours;)
alert udp [69.94.110.5,70.103.134.16,70.106.61.246,70.113.36.214,70.130.186.19,70.143.2.137,70.164.40.83,70.169.138.177,70.184.243.102,70.237.193.20,70.28.53.140,70.28.71.70,70.33.143.69,70.33.179.242,70.34.192.69,70.38.38.138,70.38.54.101,70.38.54.102,70.38.54.206,70.38.54.212,70.38.78.211,70.52.212.150,70.66.213.81,70.70.249.57,70.84.196.162,70.84.62.194,70.85.129.101,70.85.31.210,70.85.52.99,70.85.95.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (185)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510369; rev:2003; fwsam: src, 24 hours;)
alert tcp [70.86.103.194,70.86.30.226,70.86.44.154,70.86.67.234,70.86.69.138,70.87.222.248,70.88.166.101,70.91.189.73,71.0.80.118,71.127.77.134,71.137.227.73,71.156.48.210,71.161.55.80,71.176.1.226,71.200.48.91,71.201.148.7,71.205.6.46,71.251.120.226,71.42.243.140,71.5.111.90,71.54.72.118,71.56.94.96,71.6.142.25,71.6.150.121,71.6.165.245,71.86.225.66,72.10.163.74,72.129.105.189,72.13.197.7,72.14.178.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (186)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510370; rev:2003; fwsam: src, 24 hours;)
alert udp [70.86.103.194,70.86.30.226,70.86.44.154,70.86.67.234,70.86.69.138,70.87.222.248,70.88.166.101,70.91.189.73,71.0.80.118,71.127.77.134,71.137.227.73,71.156.48.210,71.161.55.80,71.176.1.226,71.200.48.91,71.201.148.7,71.205.6.46,71.251.120.226,71.42.243.140,71.5.111.90,71.54.72.118,71.56.94.96,71.6.142.25,71.6.150.121,71.6.165.245,71.86.225.66,72.10.163.74,72.129.105.189,72.13.197.7,72.14.178.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (186)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510371; rev:2003; fwsam: src, 24 hours;)
alert tcp [72.14.182.109,72.14.182.12,72.14.186.132,72.14.188.99,72.16.171.185,72.16.252.90,72.172.167.34,72.18.205.114,72.189.243.92,72.22.2.34,72.232.211.10,72.232.219.152,72.232.232.130,72.232.255.162,72.233.32.74,72.233.53.55,72.233.7.165,72.233.89.66,72.240.198.39,72.245.219.51,72.249.1.66,72.249.105.217,72.249.105.96,72.249.126.203,72.249.186.200,72.249.190.165,72.249.37.27,72.249.77.245,72.249.77.74,72.249.83.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (187)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510372; rev:2003; fwsam: src, 24 hours;)
alert udp [72.14.182.109,72.14.182.12,72.14.186.132,72.14.188.99,72.16.171.185,72.16.252.90,72.172.167.34,72.18.205.114,72.189.243.92,72.22.2.34,72.232.211.10,72.232.219.152,72.232.232.130,72.232.255.162,72.233.32.74,72.233.53.55,72.233.7.165,72.233.89.66,72.240.198.39,72.245.219.51,72.249.1.66,72.249.105.217,72.249.105.96,72.249.126.203,72.249.186.200,72.249.190.165,72.249.37.27,72.249.77.245,72.249.77.74,72.249.83.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (187)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510373; rev:2003; fwsam: src, 24 hours;)
alert tcp [72.251.195.146,72.26.201.166,72.26.208.66,72.26.224.58,72.29.104.106,72.29.72.189,72.29.89.43,72.3.182.114,72.3.236.120,72.32.125.210,72.34.226.100,72.34.234.40,72.34.244.202,72.34.247.90,72.35.27.41,72.35.75.38,72.44.84.165,72.45.200.18,72.46.129.202,72.46.244.148,72.47.200.226,72.47.209.133,72.51.224.160,72.51.41.34,72.52.128.195,72.52.191.225,72.52.205.189,72.52.208.117,72.52.220.32,72.52.223.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (188)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510374; rev:2003; fwsam: src, 24 hours;)
alert udp [72.251.195.146,72.26.201.166,72.26.208.66,72.26.224.58,72.29.104.106,72.29.72.189,72.29.89.43,72.3.182.114,72.3.236.120,72.32.125.210,72.34.226.100,72.34.234.40,72.34.244.202,72.34.247.90,72.35.27.41,72.35.75.38,72.44.84.165,72.45.200.18,72.46.129.202,72.46.244.148,72.47.200.226,72.47.209.133,72.51.224.160,72.51.41.34,72.52.128.195,72.52.191.225,72.52.205.189,72.52.208.117,72.52.220.32,72.52.223.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (188)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510375; rev:2003; fwsam: src, 24 hours;)
alert tcp [72.52.65.205,72.54.123.34,72.55.137.204,72.55.140.199,72.55.140.75,72.55.143.148,72.55.146.176,72.55.148.207,72.55.148.232,72.55.153.75,72.55.156.171,72.55.156.23,72.55.164.240,72.55.174.109,72.55.174.135,72.55.174.42,72.9.147.163,72.9.245.82,74.113.68.26,74.121.180.154,74.121.180.186,74.126.23.81,74.188.28.66,74.200.72.170,74.207.244.247,74.207.247.8,74.207.251.184,74.207.251.21,74.208.123.7,74.208.15.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (189)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510376; rev:2003; fwsam: src, 24 hours;)
alert udp [72.52.65.205,72.54.123.34,72.55.137.204,72.55.140.199,72.55.140.75,72.55.143.148,72.55.146.176,72.55.148.207,72.55.148.232,72.55.153.75,72.55.156.171,72.55.156.23,72.55.164.240,72.55.174.109,72.55.174.135,72.55.174.42,72.9.147.163,72.9.245.82,74.113.68.26,74.121.180.154,74.121.180.186,74.126.23.81,74.188.28.66,74.200.72.170,74.207.244.247,74.207.247.8,74.207.251.184,74.207.251.21,74.208.123.7,74.208.15.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (189)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510377; rev:2003; fwsam: src, 24 hours;)
alert tcp [74.208.158.83,74.208.170.66,74.208.195.11,74.208.43.218,74.208.44.17,74.213.171.215,74.220.16.51,74.222.1.99,74.50.115.136,74.50.3.108,74.50.49.34,74.50.52.43,74.50.53.198,74.50.99.232,74.52.107.114,74.52.48.66,74.53.203.66,74.54.135.106,74.54.156.73,74.54.222.105,74.54.223.198,74.54.79.25,74.54.82.223,74.54.82.224,74.55.122.6,74.55.14.2,74.55.15.74,74.55.167.66,74.55.189.178,74.55.201.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (190)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510378; rev:2003; fwsam: src, 24 hours;)
alert udp [74.208.158.83,74.208.170.66,74.208.195.11,74.208.43.218,74.208.44.17,74.213.171.215,74.220.16.51,74.222.1.99,74.50.115.136,74.50.3.108,74.50.49.34,74.50.52.43,74.50.53.198,74.50.99.232,74.52.107.114,74.52.48.66,74.53.203.66,74.54.135.106,74.54.156.73,74.54.222.105,74.54.223.198,74.54.79.25,74.54.82.223,74.54.82.224,74.55.122.6,74.55.14.2,74.55.15.74,74.55.167.66,74.55.189.178,74.55.201.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (190)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510379; rev:2003; fwsam: src, 24 hours;)
alert tcp [74.55.22.226,74.55.250.210,74.55.6.60,74.55.71.2,74.62.154.168,74.63.232.46,74.63.252.139,74.63.39.130,74.65.195.239,74.82.51.107,74.82.51.130,74.82.51.28,74.85.199.98,74.85.64.154,74.86.147.26,74.86.151.38,74.86.161.138,74.86.162.46,74.86.181.26,74.86.52.90,74.86.67.250,74.86.84.207,74.86.85.120,74.92.91.97,74.93.189.173,74.94.160.6,74.95.46.54,74.95.79.97,75.101.207.163,75.101.229.240] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (191)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510380; rev:2003; fwsam: src, 24 hours;)
alert udp [74.55.22.226,74.55.250.210,74.55.6.60,74.55.71.2,74.62.154.168,74.63.232.46,74.63.252.139,74.63.39.130,74.65.195.239,74.82.51.107,74.82.51.130,74.82.51.28,74.85.199.98,74.85.64.154,74.86.147.26,74.86.151.38,74.86.161.138,74.86.162.46,74.86.181.26,74.86.52.90,74.86.67.250,74.86.84.207,74.86.85.120,74.92.91.97,74.93.189.173,74.94.160.6,74.95.46.54,74.95.79.97,75.101.207.163,75.101.229.240] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (191)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510381; rev:2003; fwsam: src, 24 hours;)
alert tcp [75.103.226.6,75.11.92.225,75.119.217.238,75.125.118.158,75.125.131.34,75.125.140.82,75.125.149.90,75.125.183.194,75.125.217.2,75.125.61.167,75.125.97.18,75.126.139.100,75.126.186.101,75.127.110.52,75.127.112.130,75.127.112.18,75.127.72.154,75.127.81.12,75.127.81.15,75.127.81.29,75.127.97.138,75.127.97.23,75.131.242.118,75.144.254.25,75.147.60.33,75.147.62.198,75.149.205.74,75.149.55.204,75.149.85.71,75.15.199.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (192)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510382; rev:2003; fwsam: src, 24 hours;)
alert udp [75.103.226.6,75.11.92.225,75.119.217.238,75.125.118.158,75.125.131.34,75.125.140.82,75.125.149.90,75.125.183.194,75.125.217.2,75.125.61.167,75.125.97.18,75.126.139.100,75.126.186.101,75.127.110.52,75.127.112.130,75.127.112.18,75.127.72.154,75.127.81.12,75.127.81.15,75.127.81.29,75.127.97.138,75.127.97.23,75.131.242.118,75.144.254.25,75.147.60.33,75.147.62.198,75.149.205.74,75.149.55.204,75.149.85.71,75.15.199.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (192)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510383; rev:2003; fwsam: src, 24 hours;)
alert tcp [75.151.77.169,75.16.206.104,75.179.23.111,75.22.138.23,75.22.22.148,75.37.127.100,75.45.0.127,75.45.11.77,75.50.108.131,75.53.145.116,75.59.219.22,75.7.82.23,75.83.54.1,76.10.204.100,76.107.49.232,76.11.140.188,76.12.113.228,76.12.116.164,76.12.12.123,76.12.147.199,76.12.28.98,76.12.88.168,76.163.25.140,76.164.45.18,76.180.176.208,76.188.169.250,76.194.93.214,76.201.177.136,76.21.243.13,76.229.169.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (193)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510384; rev:2003; fwsam: src, 24 hours;)
alert udp [75.151.77.169,75.16.206.104,75.179.23.111,75.22.138.23,75.22.22.148,75.37.127.100,75.45.0.127,75.45.11.77,75.50.108.131,75.53.145.116,75.59.219.22,75.7.82.23,75.83.54.1,76.10.204.100,76.107.49.232,76.11.140.188,76.12.113.228,76.12.116.164,76.12.12.123,76.12.147.199,76.12.28.98,76.12.88.168,76.163.25.140,76.164.45.18,76.180.176.208,76.188.169.250,76.194.93.214,76.201.177.136,76.21.243.13,76.229.169.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (193)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510385; rev:2003; fwsam: src, 24 hours;)
alert tcp [76.229.207.41,76.241.121.124,76.248.69.52,76.254.236.90,76.73.125.202,76.74.154.104,76.74.218.12,76.74.239.156,76.74.252.170,76.74.253.57,76.76.101.70,76.76.11.73,76.76.18.227,76.76.189.250,76.76.96.188,76.76.99.91,76.79.200.203,76.87.55.81,76.99.115.237,77.103.12.129,77.104.235.139,77.107.221.43,77.109.85.227,77.111.69.213,77.111.89.200,77.120.115.208,77.120.116.116,77.120.120.118,77.120.120.71,77.127.6.197] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (194)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510386; rev:2003; fwsam: src, 24 hours;)
alert udp [76.229.207.41,76.241.121.124,76.248.69.52,76.254.236.90,76.73.125.202,76.74.154.104,76.74.218.12,76.74.239.156,76.74.252.170,76.74.253.57,76.76.101.70,76.76.11.73,76.76.18.227,76.76.189.250,76.76.96.188,76.76.99.91,76.79.200.203,76.87.55.81,76.99.115.237,77.103.12.129,77.104.235.139,77.107.221.43,77.109.85.227,77.111.69.213,77.111.89.200,77.120.115.208,77.120.116.116,77.120.120.118,77.120.120.71,77.127.6.197] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (194)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510387; rev:2003; fwsam: src, 24 hours;)
alert tcp [77.162.98.211,77.211.251.221,77.213.225.13,77.221.134.218,77.221.138.234,77.221.140.102,77.221.140.15,77.221.148.74,77.221.148.82,77.221.148.98,77.221.152.106,77.221.157.58,77.221.159.242,77.222.134.90,77.222.142.44,77.222.142.58,77.222.40.206,77.222.43.156,77.222.43.170,77.222.43.19,77.222.43.222,77.222.43.37,77.222.43.44,77.222.43.80,77.222.56.126,77.223.141.49,77.232.225.65,77.234.201.89,77.235.43.185,77.235.43.217] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (195)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510388; rev:2003; fwsam: src, 24 hours;)
alert udp [77.162.98.211,77.211.251.221,77.213.225.13,77.221.134.218,77.221.138.234,77.221.140.102,77.221.140.15,77.221.148.74,77.221.148.82,77.221.148.98,77.221.152.106,77.221.157.58,77.221.159.242,77.222.134.90,77.222.142.44,77.222.142.58,77.222.40.206,77.222.43.156,77.222.43.170,77.222.43.19,77.222.43.222,77.222.43.37,77.222.43.44,77.222.43.80,77.222.56.126,77.223.141.49,77.232.225.65,77.234.201.89,77.235.43.185,77.235.43.217] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (195)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510389; rev:2003; fwsam: src, 24 hours;)
alert tcp [77.237.85.19,77.239.29.71,77.241.83.105,77.241.83.140,77.241.83.16,77.241.83.161,77.241.83.35,77.241.83.40,77.241.89.68,77.241.91.70,77.242.96.66,77.243.231.114,77.243.235.84,77.244.242.21,77.244.249.12,77.245.145.193,77.245.145.197,77.245.64.114,77.245.78.58,77.246.179.117,77.247.208.35,77.249.255.30,77.253.210.2,77.254.168.171,77.29.106.233,77.29.109.150,77.29.122.4,77.29.28.42,77.37.12.160,77.37.136.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (196)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510390; rev:2003; fwsam: src, 24 hours;)
alert udp [77.237.85.19,77.239.29.71,77.241.83.105,77.241.83.140,77.241.83.16,77.241.83.161,77.241.83.35,77.241.83.40,77.241.89.68,77.241.91.70,77.242.96.66,77.243.231.114,77.243.235.84,77.244.242.21,77.244.249.12,77.245.145.193,77.245.145.197,77.245.64.114,77.245.78.58,77.246.179.117,77.247.208.35,77.249.255.30,77.253.210.2,77.254.168.171,77.29.106.233,77.29.109.150,77.29.122.4,77.29.28.42,77.37.12.160,77.37.136.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (196)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510391; rev:2003; fwsam: src, 24 hours;)
alert tcp [77.37.163.250,77.37.20.73,77.39.16.122,77.40.244.75,77.41.122.141,77.43.21.70,77.47.185.110,77.48.22.6,77.48.42.5,77.48.63.206,77.67.124.245,77.67.124.4,77.68.37.74,77.68.40.108,77.68.56.237,77.68.59.86,77.68.60.22,77.70.78.189,77.74.193.43,77.74.197.4,77.75.34.106,77.76.137.237,77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.211,77.78.248.15,77.78.248.74,77.78.248.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (197)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510392; rev:2003; fwsam: src, 24 hours;)
alert udp [77.37.163.250,77.37.20.73,77.39.16.122,77.40.244.75,77.41.122.141,77.43.21.70,77.47.185.110,77.48.22.6,77.48.42.5,77.48.63.206,77.67.124.245,77.67.124.4,77.68.37.74,77.68.40.108,77.68.56.237,77.68.59.86,77.68.60.22,77.70.78.189,77.74.193.43,77.74.197.4,77.75.34.106,77.76.137.237,77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.211,77.78.248.15,77.78.248.74,77.78.248.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (197)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510393; rev:2003; fwsam: src, 24 hours;)
alert tcp [77.79.115.167,77.79.65.86,77.86.49.191,77.88.66.251,77.89.132.146,77.92.130.236,77.92.143.120,77.92.68.201,77.92.75.135,77.92.77.234,77.92.77.28,77.92.77.38,77.92.93.2,77.93.215.12,77.93.218.67,77.93.222.128,77.93.222.40,77.93.240.42,77.93.254.208,77.94.189.23,77.94.242.118,78.101.160.58,78.102.77.245,78.105.115.76,78.108.138.31,78.108.178.210,78.108.178.231,78.108.178.46,78.108.183.101,78.108.88.129] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (198)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510394; rev:2003; fwsam: src, 24 hours;)
alert udp [77.79.115.167,77.79.65.86,77.86.49.191,77.88.66.251,77.89.132.146,77.92.130.236,77.92.143.120,77.92.68.201,77.92.75.135,77.92.77.234,77.92.77.28,77.92.77.38,77.92.93.2,77.93.215.12,77.93.218.67,77.93.222.128,77.93.222.40,77.93.240.42,77.93.254.208,77.94.189.23,77.94.242.118,78.101.160.58,78.102.77.245,78.105.115.76,78.108.138.31,78.108.178.210,78.108.178.231,78.108.178.46,78.108.183.101,78.108.88.129] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (198)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510395; rev:2003; fwsam: src, 24 hours;)
alert tcp [78.108.88.79,78.108.95.182,78.111.218.178,78.111.236.62,78.111.80.121,78.111.81.226,78.111.99.210,78.128.23.105,78.129.174.227,78.129.199.244,78.129.223.111,78.131.140.5,78.134.117.44,78.137.160.36,78.137.168.230,78.138.115.71,78.140.1.71,78.140.143.7,78.140.149.159,78.141.172.140,78.142.157.205,78.142.157.206,78.143.30.2,78.152.179.121,78.156.48.250,78.159.112.45,78.159.112.66,78.159.121.94,78.225.2.212,78.231.0.100] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (199)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510396; rev:2003; fwsam: src, 24 hours;)
alert udp [78.108.88.79,78.108.95.182,78.111.218.178,78.111.236.62,78.111.80.121,78.111.81.226,78.111.99.210,78.128.23.105,78.129.174.227,78.129.199.244,78.129.223.111,78.131.140.5,78.134.117.44,78.137.160.36,78.137.168.230,78.138.115.71,78.140.1.71,78.140.143.7,78.140.149.159,78.141.172.140,78.142.157.205,78.142.157.206,78.143.30.2,78.152.179.121,78.156.48.250,78.159.112.45,78.159.112.66,78.159.121.94,78.225.2.212,78.231.0.100] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (199)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510397; rev:2003; fwsam: src, 24 hours;)
alert tcp [78.24.219.174,78.24.222.123,78.3.253.176,78.30.209.187,78.30.212.133,78.30.232.112,78.37.83.203,78.39.243.50,78.4.19.170,78.40.226.30,78.42.220.112,78.46.100.48,78.46.103.150,78.46.104.150,78.46.104.66,78.46.105.82,78.46.15.219,78.46.32.194,78.46.41.103,78.46.41.50,78.46.41.88,78.46.42.233,78.46.47.171,78.46.71.139,78.46.72.115,78.46.73.2,78.46.80.44,78.46.84.200,78.46.87.108,78.46.87.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (200)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510398; rev:2003; fwsam: src, 24 hours;)
alert udp [78.24.219.174,78.24.222.123,78.3.253.176,78.30.209.187,78.30.212.133,78.30.232.112,78.37.83.203,78.39.243.50,78.4.19.170,78.40.226.30,78.42.220.112,78.46.100.48,78.46.103.150,78.46.104.150,78.46.104.66,78.46.105.82,78.46.15.219,78.46.32.194,78.46.41.103,78.46.41.50,78.46.41.88,78.46.42.233,78.46.47.171,78.46.71.139,78.46.72.115,78.46.73.2,78.46.80.44,78.46.84.200,78.46.87.108,78.46.87.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (200)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510399; rev:2003; fwsam: src, 24 hours;)
alert tcp [78.46.87.6,78.46.90.202,78.46.91.173,78.46.97.112,78.46.99.171,78.47.238.49,78.5.143.241,78.55.108.41,78.56.181.61,78.8.4.208,78.90.16.53,78.90.52.165,79.106.255.56,79.107.100.248,79.107.100.249,79.107.100.250,79.107.100.251,79.107.100.252,79.107.100.253,79.107.100.254,79.110.112.210,79.113.225.22,79.116.208.142,79.117.117.250,79.118.202.106,79.118.207.176,79.118.255.242,79.125.11.68,79.126.21.113,79.132.192.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (201)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510400; rev:2003; fwsam: src, 24 hours;)
alert udp [78.46.87.6,78.46.90.202,78.46.91.173,78.46.97.112,78.46.99.171,78.47.238.49,78.5.143.241,78.55.108.41,78.56.181.61,78.8.4.208,78.90.16.53,78.90.52.165,79.106.255.56,79.107.100.248,79.107.100.249,79.107.100.250,79.107.100.251,79.107.100.252,79.107.100.253,79.107.100.254,79.110.112.210,79.113.225.22,79.116.208.142,79.117.117.250,79.118.202.106,79.118.207.176,79.118.255.242,79.125.11.68,79.126.21.113,79.132.192.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (201)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510401; rev:2003; fwsam: src, 24 hours;)
alert tcp [79.132.229.12,79.135.152.9,79.136.125.142,79.136.63.149,79.136.98.156,79.138.178.89,79.14.253.188,79.142.112.193,79.148.118.225,79.160.154.42,79.165.184.179,79.171.100.100,79.171.100.106,79.171.18.112,79.171.18.193,79.171.20.190,79.174.64.15,79.174.64.220,79.174.64.226,79.174.64.241,79.174.64.246,79.174.64.252,79.174.65.151,79.174.65.179,79.174.65.26,79.174.65.85,79.174.66.200,79.174.66.229,79.174.66.239,79.174.66.28] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (202)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510402; rev:2003; fwsam: src, 24 hours;)
alert udp [79.132.229.12,79.135.152.9,79.136.125.142,79.136.63.149,79.136.98.156,79.138.178.89,79.14.253.188,79.142.112.193,79.148.118.225,79.160.154.42,79.165.184.179,79.171.100.100,79.171.100.106,79.171.18.112,79.171.18.193,79.171.20.190,79.174.64.15,79.174.64.220,79.174.64.226,79.174.64.241,79.174.64.246,79.174.64.252,79.174.65.151,79.174.65.179,79.174.65.26,79.174.65.85,79.174.66.200,79.174.66.229,79.174.66.239,79.174.66.28] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (202)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510403; rev:2003; fwsam: src, 24 hours;)
alert tcp [79.174.66.79,79.174.67.102,79.174.67.143,79.174.67.181,79.174.67.28,79.174.78.81,79.174.79.108,79.174.79.112,79.174.79.131,79.174.79.132,79.174.79.136,79.174.79.139,79.174.79.254,79.174.79.32,79.174.79.34,79.174.79.35,79.174.79.36,79.174.79.43,79.174.79.45,79.174.79.68,79.174.79.71,79.174.79.77,79.174.79.84,79.174.79.99,79.18.239.38,79.181.114.83,79.181.122.102,79.181.127.63,79.183.7.117,79.185.199.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (203)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510404; rev:2003; fwsam: src, 24 hours;)
alert udp [79.174.66.79,79.174.67.102,79.174.67.143,79.174.67.181,79.174.67.28,79.174.78.81,79.174.79.108,79.174.79.112,79.174.79.131,79.174.79.132,79.174.79.136,79.174.79.139,79.174.79.254,79.174.79.32,79.174.79.34,79.174.79.35,79.174.79.36,79.174.79.43,79.174.79.45,79.174.79.68,79.174.79.71,79.174.79.77,79.174.79.84,79.174.79.99,79.18.239.38,79.181.114.83,79.181.122.102,79.181.127.63,79.183.7.117,79.185.199.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (203)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510405; rev:2003; fwsam: src, 24 hours;)
alert tcp [79.186.160.80,79.187.8.20,79.189.213.18,79.190.204.138,79.190.28.162,79.190.43.178,79.190.71.234,79.191.24.157,79.25.129.83,79.29.40.63,79.36.220.16,79.38.222.4,79.38.86.58,79.48.78.74,79.5.155.1,79.5.254.204,79.5.97.184,79.54.62.158,79.98.25.189,79.98.27.100,79.98.27.113,79.98.27.196,79.98.27.202,79.98.27.208,79.98.27.219,79.98.27.236,79.98.27.57,79.98.29.208,79.98.29.214,79.98.29.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (204)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510406; rev:2003; fwsam: src, 24 hours;)
alert udp [79.186.160.80,79.187.8.20,79.189.213.18,79.190.204.138,79.190.28.162,79.190.43.178,79.190.71.234,79.191.24.157,79.25.129.83,79.29.40.63,79.36.220.16,79.38.222.4,79.38.86.58,79.48.78.74,79.5.155.1,79.5.254.204,79.5.97.184,79.54.62.158,79.98.25.189,79.98.27.100,79.98.27.113,79.98.27.196,79.98.27.202,79.98.27.208,79.98.27.219,79.98.27.236,79.98.27.57,79.98.29.208,79.98.29.214,79.98.29.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (204)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510407; rev:2003; fwsam: src, 24 hours;)
alert tcp [8.2.208.2,8.25.128.141,8.25.128.69,8.25.128.70,8.5.1.36,80.11.56.27,80.112.234.218,80.12.80.125,80.13.106.175,80.13.247.112,80.138.192.223,80.14.98.174,80.146.177.67,80.152.212.6,80.152.229.62,80.153.1.172,80.153.155.40,80.154.42.54,80.160.71.231,80.160.71.235,80.168.88.252,80.168.90.75,80.169.87.101,80.179.155.55,80.179.230.40,80.190.229.210,80.190.243.231,80.190.251.244,80.191.149.83,80.191.161.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (205)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510408; rev:2003; fwsam: src, 24 hours;)
alert udp [8.2.208.2,8.25.128.141,8.25.128.69,8.25.128.70,8.5.1.36,80.11.56.27,80.112.234.218,80.12.80.125,80.13.106.175,80.13.247.112,80.138.192.223,80.14.98.174,80.146.177.67,80.152.212.6,80.152.229.62,80.153.1.172,80.153.155.40,80.154.42.54,80.160.71.231,80.160.71.235,80.168.88.252,80.168.90.75,80.169.87.101,80.179.155.55,80.179.230.40,80.190.229.210,80.190.243.231,80.190.251.244,80.191.149.83,80.191.161.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (205)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510409; rev:2003; fwsam: src, 24 hours;)
alert tcp [80.191.180.102,80.191.214.7,80.194.247.163,80.196.101.246,80.203.201.46,80.23.239.68,80.237.157.108,80.237.178.182,80.237.178.187,80.237.178.188,80.237.178.189,80.237.2.177,80.237.209.59,80.240.202.170,80.241.16.33,80.241.245.6,80.242.164.61,80.243.168.145,80.243.212.104,80.244.34.138,80.245.39.142,80.245.39.147,80.245.57.202,80.247.17.29,80.247.210.16,80.248.180.223,80.248.213.168,80.248.71.140,80.249.166.152,80.249.210.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (206)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510410; rev:2003; fwsam: src, 24 hours;)
alert udp [80.191.180.102,80.191.214.7,80.194.247.163,80.196.101.246,80.203.201.46,80.23.239.68,80.237.157.108,80.237.178.182,80.237.178.187,80.237.178.188,80.237.178.189,80.237.2.177,80.237.209.59,80.240.202.170,80.241.16.33,80.241.245.6,80.242.164.61,80.243.168.145,80.243.212.104,80.244.34.138,80.245.39.142,80.245.39.147,80.245.57.202,80.247.17.29,80.247.210.16,80.248.180.223,80.248.213.168,80.248.71.140,80.249.166.152,80.249.210.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (206)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510411; rev:2003; fwsam: src, 24 hours;)
alert tcp [80.249.239.48,80.251.250.22,80.254.160.203,80.34.120.85,80.35.193.53,80.36.161.34,80.38.118.86,80.38.244.97,80.48.2.2,80.50.231.134,80.51.214.113,80.52.213.251,80.52.244.27,80.53.122.122,80.55.121.5,80.55.186.238,80.55.63.250,80.59.169.239,80.59.39.81,80.6.22.239,80.64.63.140,80.64.65.45,80.65.230.139,80.68.199.66,80.68.90.63,80.70.208.108,80.70.96.167,80.72.235.105,80.73.192.42,80.74.113.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (207)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510412; rev:2003; fwsam: src, 24 hours;)
alert udp [80.249.239.48,80.251.250.22,80.254.160.203,80.34.120.85,80.35.193.53,80.36.161.34,80.38.118.86,80.38.244.97,80.48.2.2,80.50.231.134,80.51.214.113,80.52.213.251,80.52.244.27,80.53.122.122,80.55.121.5,80.55.186.238,80.55.63.250,80.59.169.239,80.59.39.81,80.6.22.239,80.64.63.140,80.64.65.45,80.65.230.139,80.68.199.66,80.68.90.63,80.70.208.108,80.70.96.167,80.72.235.105,80.73.192.42,80.74.113.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (207)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510413; rev:2003; fwsam: src, 24 hours;)
alert tcp [80.74.142.85,80.74.151.61,80.74.157.211,80.74.99.180,80.77.95.20,80.80.162.130,80.81.115.188,80.81.208.138,80.81.254.168,80.81.254.22,80.81.254.55,80.82.17.136,80.86.167.182,80.86.198.13,80.86.198.70,80.86.92.117,80.87.131.126,80.87.131.154,80.87.131.156,80.87.221.26,80.89.34.187,80.91.191.180,80.91.191.247,80.92.200.196,80.92.90.61,80.93.62.127,80.95.160.6,80.95.160.71,81.0.104.90,81.0.214.212] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (208)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510414; rev:2003; fwsam: src, 24 hours;)
alert udp [80.74.142.85,80.74.151.61,80.74.157.211,80.74.99.180,80.77.95.20,80.80.162.130,80.81.115.188,80.81.208.138,80.81.254.168,80.81.254.22,80.81.254.55,80.82.17.136,80.86.167.182,80.86.198.13,80.86.198.70,80.86.92.117,80.87.131.126,80.87.131.154,80.87.131.156,80.87.221.26,80.89.34.187,80.91.191.180,80.91.191.247,80.92.200.196,80.92.90.61,80.93.62.127,80.95.160.6,80.95.160.71,81.0.104.90,81.0.214.212] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (208)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510415; rev:2003; fwsam: src, 24 hours;)
alert tcp [81.0.228.182,81.0.237.125,81.112.238.90,81.13.68.140,81.137.102.251,81.169.132.156,81.169.132.184,81.169.134.15,81.169.152.52,81.169.165.123,81.169.167.181,81.169.181.190,81.171.35.60,81.173.18.172,81.173.18.180,81.173.19.215,81.174.67.3,81.175.61.223,81.176.236.226,81.176.66.98,81.177.33.156,81.18.169.235,81.18.26.61,81.180.127.115,81.180.167.201,81.183.216.186,81.19.118.199,81.19.151.195,81.19.152.142,81.190.44.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (209)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510416; rev:2003; fwsam: src, 24 hours;)
alert udp [81.0.228.182,81.0.237.125,81.112.238.90,81.13.68.140,81.137.102.251,81.169.132.156,81.169.132.184,81.169.134.15,81.169.152.52,81.169.165.123,81.169.167.181,81.169.181.190,81.171.35.60,81.173.18.172,81.173.18.180,81.173.19.215,81.174.67.3,81.175.61.223,81.176.236.226,81.176.66.98,81.177.33.156,81.18.169.235,81.18.26.61,81.180.127.115,81.180.167.201,81.183.216.186,81.19.118.199,81.19.151.195,81.19.152.142,81.190.44.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (209)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510417; rev:2003; fwsam: src, 24 hours;)
alert tcp [81.193.123.49,81.196.20.134,81.196.221.186,81.2.198.65,81.20.168.4,81.201.105.107,81.202.109.93,81.202.115.134,81.202.27.206,81.208.11.194,81.208.35.109,81.208.35.84,81.208.62.115,81.215.195.175,81.219.54.77,81.223.155.37,81.23.121.38,81.23.236.73,81.24.147.76,81.24.32.230,81.246.117.138,81.25.120.192,81.252.196.50,81.255.23.154,81.255.91.101,81.27.197.67,81.27.44.248,81.28.96.203,81.28.96.74,81.28.97.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (210)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510418; rev:2003; fwsam: src, 24 hours;)
alert udp [81.193.123.49,81.196.20.134,81.196.221.186,81.2.198.65,81.20.168.4,81.201.105.107,81.202.109.93,81.202.115.134,81.202.27.206,81.208.11.194,81.208.35.109,81.208.35.84,81.208.62.115,81.215.195.175,81.219.54.77,81.223.155.37,81.23.121.38,81.23.236.73,81.24.147.76,81.24.32.230,81.246.117.138,81.25.120.192,81.252.196.50,81.255.23.154,81.255.91.101,81.27.197.67,81.27.44.248,81.28.96.203,81.28.96.74,81.28.97.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (210)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510419; rev:2003; fwsam: src, 24 hours;)
alert tcp [81.28.97.60,81.28.97.73,81.28.97.84,81.29.146.34,81.29.146.49,81.29.197.196,81.30.151.42,81.30.64.130,81.38.245.237,81.4.76.84,81.47.130.26,81.56.112.105,81.56.201.37,81.56.203.73,81.7.71.182,81.80.40.214,81.82.252.4,81.83.10.210,81.83.12.68,81.83.13.175,81.88.54.234,81.89.103.168,81.89.103.80,81.89.110.57,81.89.48.85,81.89.61.38,81.95.98.210,82.103.128.121,82.104.144.82,82.112.192.102] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (211)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510420; rev:2003; fwsam: src, 24 hours;)
alert udp [81.28.97.60,81.28.97.73,81.28.97.84,81.29.146.34,81.29.146.49,81.29.197.196,81.30.151.42,81.30.64.130,81.38.245.237,81.4.76.84,81.47.130.26,81.56.112.105,81.56.201.37,81.56.203.73,81.7.71.182,81.80.40.214,81.82.252.4,81.83.10.210,81.83.12.68,81.83.13.175,81.88.54.234,81.89.103.168,81.89.103.80,81.89.110.57,81.89.48.85,81.89.61.38,81.95.98.210,82.103.128.121,82.104.144.82,82.112.192.102] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (211)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510421; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.113.106.207,82.113.121.103,82.113.121.99,82.113.153.100,82.113.49.38,82.114.175.37,82.114.224.205,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250,82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.116.192.114,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.225.62,82.127.114.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (212)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510422; rev:2003; fwsam: src, 24 hours;)
alert udp [82.113.106.207,82.113.121.103,82.113.121.99,82.113.153.100,82.113.49.38,82.114.175.37,82.114.224.205,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250,82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.116.192.114,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.225.62,82.127.114.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (212)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510423; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.127.66.230,82.128.245.136,82.128.253.201,82.130.119.4,82.130.177.254,82.131.192.212,82.132.26.234,82.135.139.6,82.135.231.21,82.135.41.2,82.135.69.69,82.135.88.150,82.139.23.190,82.139.71.187,82.140.153.153,82.142.126.251,82.146.125.50,82.146.46.133,82.147.175.55,82.148.23.83,82.148.29.250,82.148.31.212,82.152.59.9,82.154.248.147,82.155.0.78,82.155.51.55,82.158.128.129,82.160.135.13,82.177.18.212,82.179.71.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (213)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510424; rev:2003; fwsam: src, 24 hours;)
alert udp [82.127.66.230,82.128.245.136,82.128.253.201,82.130.119.4,82.130.177.254,82.131.192.212,82.132.26.234,82.135.139.6,82.135.231.21,82.135.41.2,82.135.69.69,82.135.88.150,82.139.23.190,82.139.71.187,82.140.153.153,82.142.126.251,82.146.125.50,82.146.46.133,82.147.175.55,82.148.23.83,82.148.29.250,82.148.31.212,82.152.59.9,82.154.248.147,82.155.0.78,82.155.51.55,82.158.128.129,82.160.135.13,82.177.18.212,82.179.71.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (213)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510425; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.187.110.74,82.192.81.236,82.193.234.212,82.197.153.201,82.198.126.7,82.200.214.21,82.200.29.94,82.204.31.223,82.207.102.11,82.207.113.150,82.207.238.78,82.208.10.183,82.210.130.234,82.210.31.12,82.212.69.12,82.221.32.6,82.224.119.156,82.224.245.110,82.224.34.103,82.225.233.120,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.126.154,82.228.150.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (214)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510426; rev:2003; fwsam: src, 24 hours;)
alert udp [82.187.110.74,82.192.81.236,82.193.234.212,82.197.153.201,82.198.126.7,82.200.214.21,82.200.29.94,82.204.31.223,82.207.102.11,82.207.113.150,82.207.238.78,82.208.10.183,82.210.130.234,82.210.31.12,82.212.69.12,82.221.32.6,82.224.119.156,82.224.245.110,82.224.34.103,82.225.233.120,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.126.154,82.228.150.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (214)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510427; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.228.44.201,82.229.122.192,82.229.227.1,82.230.149.95,82.230.207.7,82.230.42.230,82.231.151.134,82.231.21.217,82.231.69.123,82.231.75.20,82.232.13.212,82.232.183.109,82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.152.62,82.233.167.2,82.234.161.15,82.234.79.36,82.235.113.121,82.235.119.25,82.235.127.164,82.235.96.131,82.236.11.160,82.237.17.189,82.237.170.208,82.237.191.169,82.237.28.34,82.237.48.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (215)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510428; rev:2003; fwsam: src, 24 hours;)
alert udp [82.228.44.201,82.229.122.192,82.229.227.1,82.230.149.95,82.230.207.7,82.230.42.230,82.231.151.134,82.231.21.217,82.231.69.123,82.231.75.20,82.232.13.212,82.232.183.109,82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.152.62,82.233.167.2,82.234.161.15,82.234.79.36,82.235.113.121,82.235.119.25,82.235.127.164,82.235.96.131,82.236.11.160,82.237.17.189,82.237.170.208,82.237.191.169,82.237.28.34,82.237.48.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (215)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510429; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.238.133.192,82.238.210.201,82.238.226.103,82.238.37.41,82.239.116.169,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.243.43.232,82.244.221.227,82.244.231.46,82.244.58.88,82.245.156.195,82.245.173.106,82.245.237.84,82.245.72.57,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.124.59,82.247.195.164,82.247.200.74,82.248.211.212] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (216)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510430; rev:2003; fwsam: src, 24 hours;)
alert udp [82.238.133.192,82.238.210.201,82.238.226.103,82.238.37.41,82.239.116.169,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.243.43.232,82.244.221.227,82.244.231.46,82.244.58.88,82.245.156.195,82.245.173.106,82.245.237.84,82.245.72.57,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.124.59,82.247.195.164,82.247.200.74,82.248.211.212] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (216)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510431; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.250.101.249,82.250.160.218,82.250.211.183,82.251.124.13,82.251.125.61,82.251.232.13,82.251.249.60,82.252.156.220,82.254.248.225,82.255.113.164,82.39.212.129,82.49.189.156,82.51.145.80,82.53.174.211,82.57.29.206,82.60.67.225,82.64.130.152,82.64.185.164,82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.65.66.39,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.70.177.150,82.76.165.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (217)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510432; rev:2003; fwsam: src, 24 hours;)
alert udp [82.250.101.249,82.250.160.218,82.250.211.183,82.251.124.13,82.251.125.61,82.251.232.13,82.251.249.60,82.252.156.220,82.254.248.225,82.255.113.164,82.39.212.129,82.49.189.156,82.51.145.80,82.53.174.211,82.57.29.206,82.60.67.225,82.64.130.152,82.64.185.164,82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.65.66.39,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.70.177.150,82.76.165.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (217)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510433; rev:2003; fwsam: src, 24 hours;)
alert tcp [82.77.216.130,82.77.232.250,82.78.195.122,82.79.151.15,82.82.135.179,82.82.224.124,82.83.248.238,82.83.91.13,82.85.90.87,82.88.1.187,82.95.224.38,82.97.15.139,82.98.86.167,83.0.155.162,83.10.222.194,83.101.24.213,83.103.127.122,83.103.127.243,83.103.171.23,83.11.161.211,83.11.63.105,83.11.72.49,83.12.134.162,83.12.155.202,83.12.243.234,83.12.251.154,83.12.75.42,83.13.162.26,83.13.220.122,83.135.140.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (218)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510434; rev:2003; fwsam: src, 24 hours;)
alert udp [82.77.216.130,82.77.232.250,82.78.195.122,82.79.151.15,82.82.135.179,82.82.224.124,82.83.248.238,82.83.91.13,82.85.90.87,82.88.1.187,82.95.224.38,82.97.15.139,82.98.86.167,83.0.155.162,83.10.222.194,83.101.24.213,83.103.127.122,83.103.127.243,83.103.171.23,83.11.161.211,83.11.63.105,83.11.72.49,83.12.134.162,83.12.155.202,83.12.243.234,83.12.251.154,83.12.75.42,83.13.162.26,83.13.220.122,83.135.140.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (218)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510435; rev:2003; fwsam: src, 24 hours;)
alert tcp [83.137.130.146,83.137.145.150,83.137.193.200,83.137.249.128,83.138.135.122,83.138.141.138,83.14.53.114,83.14.95.202,83.140.191.168,83.142.208.44,83.143.217.206,83.145.103.208,83.149.226.52,83.149.70.53,83.149.72.198,83.149.74.6,83.149.85.116,83.149.95.160,83.15.19.141,83.15.19.142,83.15.211.170,83.15.59.243,83.150.121.253,83.150.156.127,83.151.29.133,83.151.31.26,83.16.178.250,83.16.227.242,83.167.238.123,83.168.238.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (219)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510436; rev:2003; fwsam: src, 24 hours;)
alert udp [83.137.130.146,83.137.145.150,83.137.193.200,83.137.249.128,83.138.135.122,83.138.141.138,83.14.53.114,83.14.95.202,83.140.191.168,83.142.208.44,83.143.217.206,83.145.103.208,83.149.226.52,83.149.70.53,83.149.72.198,83.149.74.6,83.149.85.116,83.149.95.160,83.15.19.141,83.15.19.142,83.15.211.170,83.15.59.243,83.150.121.253,83.150.156.127,83.151.29.133,83.151.31.26,83.16.178.250,83.16.227.242,83.167.238.123,83.168.238.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (219)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510437; rev:2003; fwsam: src, 24 hours;)
alert tcp [83.169.0.250,83.17.156.90,83.170.112.218,83.170.112.250,83.170.113.138,83.170.115.110,83.170.115.84,83.170.83.204,83.170.85.139,83.170.85.180,83.170.85.61,83.170.88.210,83.172.144.47,83.175.70.17,83.18.168.58,83.18.59.178,83.18.87.18,83.19.20.250,83.2.224.2,83.2.40.7,83.2.81.91,83.202.204.151,83.21.35.18,83.211.51.122,83.211.93.140,83.212.127.238,83.216.149.245,83.216.43.201,83.221.34.4,83.222.110.209] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (220)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510438; rev:2003; fwsam: src, 24 hours;)
alert udp [83.169.0.250,83.17.156.90,83.170.112.218,83.170.112.250,83.170.113.138,83.170.115.110,83.170.115.84,83.170.83.204,83.170.85.139,83.170.85.180,83.170.85.61,83.170.88.210,83.172.144.47,83.175.70.17,83.18.168.58,83.18.59.178,83.18.87.18,83.19.20.250,83.2.224.2,83.2.40.7,83.2.81.91,83.202.204.151,83.21.35.18,83.211.51.122,83.211.93.140,83.212.127.238,83.216.149.245,83.216.43.201,83.221.34.4,83.222.110.209] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (220)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510439; rev:2003; fwsam: src, 24 hours;)
alert tcp [83.222.127.70,83.222.130.10,83.226.186.238,83.227.154.200,83.227.73.193,83.227.77.160,83.231.61.8,83.233.149.162,83.233.246.237,83.236.192.11,83.238.187.53,83.240.163.234,83.243.42.8,83.245.202.137,83.245.63.121,83.25.194.58,83.25.238.126,83.254.58.189,83.26.63.46,83.27.118.250,83.28.24.71,83.29.239.140,83.29.247.1,83.29.54.31,83.30.159.109,83.31.86.172,83.31.96.1,83.42.61.86,83.5.125.138,83.59.151.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (221)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510440; rev:2003; fwsam: src, 24 hours;)
alert udp [83.222.127.70,83.222.130.10,83.226.186.238,83.227.154.200,83.227.73.193,83.227.77.160,83.231.61.8,83.233.149.162,83.233.246.237,83.236.192.11,83.238.187.53,83.240.163.234,83.243.42.8,83.245.202.137,83.245.63.121,83.25.194.58,83.25.238.126,83.254.58.189,83.26.63.46,83.27.118.250,83.28.24.71,83.29.239.140,83.29.247.1,83.29.54.31,83.30.159.109,83.31.86.172,83.31.96.1,83.42.61.86,83.5.125.138,83.59.151.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (221)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510441; rev:2003; fwsam: src, 24 hours;)
alert tcp [83.6.113.143,83.6.208.127,83.64.6.117,83.8.216.95,83.87.224.30,83.88.199.75,83.9.18.229,83.9.34.211,83.96.235.40,83.97.161.213,83.98.128.109,83.98.150.51,84.10.156.60,84.104.240.14,84.106.83.73,84.109.63.225,84.115.85.207,84.120.248.233,84.120.61.39,84.123.185.81,84.123.39.91,84.124.106.11,84.124.11.117,84.124.27.36,84.124.75.143,84.126.112.181,84.127.197.48,84.15.40.80,84.158.68.249,84.16.226.87] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (222)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510442; rev:2003; fwsam: src, 24 hours;)
alert udp [83.6.113.143,83.6.208.127,83.64.6.117,83.8.216.95,83.87.224.30,83.88.199.75,83.9.18.229,83.9.34.211,83.96.235.40,83.97.161.213,83.98.128.109,83.98.150.51,84.10.156.60,84.104.240.14,84.106.83.73,84.109.63.225,84.115.85.207,84.120.248.233,84.120.61.39,84.123.185.81,84.123.39.91,84.124.106.11,84.124.11.117,84.124.27.36,84.124.75.143,84.126.112.181,84.127.197.48,84.15.40.80,84.158.68.249,84.16.226.87] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (222)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510443; rev:2003; fwsam: src, 24 hours;)
alert tcp [84.16.230.120,84.16.250.152,84.16.75.103,84.19.186.146,84.2.35.53,84.20.10.36,84.200.231.12,84.205.160.1,84.234.16.87,84.242.134.203,84.243.234.20,84.244.149.142,84.244.73.50,84.245.188.71,84.246.224.155,84.246.247.122,84.253.134.114,84.253.142.220,84.253.34.33,84.255.213.22,84.255.228.20,84.33.201.12,84.36.167.28,84.37.19.125,84.38.64.159,84.38.65.217,84.38.66.212,84.38.66.215,84.38.66.242,84.38.67.120] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (223)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510444; rev:2003; fwsam: src, 24 hours;)
alert udp [84.16.230.120,84.16.250.152,84.16.75.103,84.19.186.146,84.2.35.53,84.20.10.36,84.200.231.12,84.205.160.1,84.234.16.87,84.242.134.203,84.243.234.20,84.244.149.142,84.244.73.50,84.245.188.71,84.246.224.155,84.246.247.122,84.253.134.114,84.253.142.220,84.253.34.33,84.255.213.22,84.255.228.20,84.33.201.12,84.36.167.28,84.37.19.125,84.38.64.159,84.38.65.217,84.38.66.212,84.38.66.215,84.38.66.242,84.38.67.120] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (223)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510445; rev:2003; fwsam: src, 24 hours;)
alert tcp [84.38.67.250,84.38.67.40,84.48.55.139,84.50.28.14,84.51.251.9,84.52.115.188,84.52.71.84,84.52.98.134,84.55.14.29,84.55.151.154,84.62.75.20,84.73.233.110,84.75.116.84,84.79.69.222,84.89.61.97,84.95.241.157,85.10.192.231,85.10.193.185,85.10.193.241,85.10.194.176,85.10.195.252,85.10.199.101,85.10.199.203,85.10.201.236,85.10.202.3,85.10.203.208,85.10.227.71,85.105.205.167,85.11.33.12,85.112.126.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (224)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510446; rev:2003; fwsam: src, 24 hours;)
alert udp [84.38.67.250,84.38.67.40,84.48.55.139,84.50.28.14,84.51.251.9,84.52.115.188,84.52.71.84,84.52.98.134,84.55.14.29,84.55.151.154,84.62.75.20,84.73.233.110,84.75.116.84,84.79.69.222,84.89.61.97,84.95.241.157,85.10.192.231,85.10.193.185,85.10.193.241,85.10.194.176,85.10.195.252,85.10.199.101,85.10.199.203,85.10.201.236,85.10.202.3,85.10.203.208,85.10.227.71,85.105.205.167,85.11.33.12,85.112.126.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (224)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510447; rev:2003; fwsam: src, 24 hours;)
alert tcp [85.112.126.8,85.114.130.162,85.114.130.247,85.114.133.83,85.114.141.22,85.114.143.39,85.114.143.43,85.114.181.162,85.118.160.24,85.119.157.52,85.119.158.47,85.12.17.157,85.12.24.87,85.12.24.89,85.12.33.10,85.12.33.24,85.12.43.219,85.120.224.59,85.124.142.46,85.124.148.170,85.125.151.19,85.125.237.82,85.125.80.181,85.125.86.111,85.125.96.226,85.130.233.79,85.131.217.8,85.131.247.251,85.14.138.236,85.14.178.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (225)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510448; rev:2003; fwsam: src, 24 hours;)
alert udp [85.112.126.8,85.114.130.162,85.114.130.247,85.114.133.83,85.114.141.22,85.114.143.39,85.114.143.43,85.114.181.162,85.118.160.24,85.119.157.52,85.119.158.47,85.12.17.157,85.12.24.87,85.12.24.89,85.12.33.10,85.12.33.24,85.12.43.219,85.120.224.59,85.124.142.46,85.124.148.170,85.125.151.19,85.125.237.82,85.125.80.181,85.125.86.111,85.125.96.226,85.130.233.79,85.131.217.8,85.131.247.251,85.14.138.236,85.14.178.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (225)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510449; rev:2003; fwsam: src, 24 hours;)
alert tcp [85.14.84.234,85.152.90.240,85.155.145.33,85.158.254.155,85.17.10.189,85.17.138.39,85.17.138.8,85.17.148.201,85.17.154.86,85.17.183.147,85.17.19.205,85.17.211.12,85.17.250.240,85.17.36.108,85.17.59.138,85.17.90.77,85.17.92.134,85.17.92.141,85.17.92.35,85.17.92.9,85.17.94.5,85.18.107.165,85.18.135.252,85.18.163.174,85.18.73.187,85.180.119.53,85.186.255.54,85.187.47.253,85.190.44.176,85.193.59.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (226)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510450; rev:2003; fwsam: src, 24 hours;)
alert udp [85.14.84.234,85.152.90.240,85.155.145.33,85.158.254.155,85.17.10.189,85.17.138.39,85.17.138.8,85.17.148.201,85.17.154.86,85.17.183.147,85.17.19.205,85.17.211.12,85.17.250.240,85.17.36.108,85.17.59.138,85.17.90.77,85.17.92.134,85.17.92.141,85.17.92.35,85.17.92.9,85.17.94.5,85.18.107.165,85.18.135.252,85.18.163.174,85.18.73.187,85.180.119.53,85.186.255.54,85.187.47.253,85.190.44.176,85.193.59.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (226)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510451; rev:2003; fwsam: src, 24 hours;)
alert tcp [85.199.179.22,85.201.160.202,85.207.237.33,85.214.120.54,85.214.131.133,85.214.133.151,85.214.133.190,85.214.32.175,85.214.38.111,85.214.44.68,85.214.52.197,85.214.56.75,85.214.63.64,85.214.84.157,85.214.84.59,85.214.86.188,85.214.90.220,85.217.136.155,85.218.152.241,85.219.184.129,85.219.198.221,85.219.236.100,85.219.6.116,85.221.23.4,85.223.51.11,85.224.185.84,85.225.108.193,85.225.112.56,85.225.134.179,85.228.159.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (227)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510452; rev:2003; fwsam: src, 24 hours;)
alert udp [85.199.179.22,85.201.160.202,85.207.237.33,85.214.120.54,85.214.131.133,85.214.133.151,85.214.133.190,85.214.32.175,85.214.38.111,85.214.44.68,85.214.52.197,85.214.56.75,85.214.63.64,85.214.84.157,85.214.84.59,85.214.86.188,85.214.90.220,85.217.136.155,85.218.152.241,85.219.184.129,85.219.198.221,85.219.236.100,85.219.6.116,85.221.23.4,85.223.51.11,85.224.185.84,85.225.108.193,85.225.112.56,85.225.134.179,85.228.159.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (227)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510453; rev:2003; fwsam: src, 24 hours;)
alert tcp [85.231.30.180,85.233.69.40,85.234.133.114,85.239.208.226,85.24.138.219,85.24.165.206,85.24.184.118,85.249.223.151,85.25.124.189,85.25.135.189,85.25.141.122,85.25.52.49,85.255.194.163,85.31.107.14,85.31.187.32,85.37.38.220,85.67.214.76,85.77.237.200,85.92.137.214,85.92.138.206,85.92.139.133,85.92.139.192,85.92.139.194,85.92.144.102,85.92.146.193,85.93.146.154,85.94.160.143,86.101.228.141,86.110.192.77,86.110.67.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (228)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510454; rev:2003; fwsam: src, 24 hours;)
alert udp [85.231.30.180,85.233.69.40,85.234.133.114,85.239.208.226,85.24.138.219,85.24.165.206,85.24.184.118,85.249.223.151,85.25.124.189,85.25.135.189,85.25.141.122,85.25.52.49,85.255.194.163,85.31.107.14,85.31.187.32,85.37.38.220,85.67.214.76,85.77.237.200,85.92.137.214,85.92.138.206,85.92.139.133,85.92.139.192,85.92.139.194,85.92.144.102,85.92.146.193,85.93.146.154,85.94.160.143,86.101.228.141,86.110.192.77,86.110.67.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (228)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510455; rev:2003; fwsam: src, 24 hours;)
alert tcp [86.110.96.29,86.111.244.181,86.111.245.183,86.111.97.31,86.121.214.49,86.125.25.163,86.168.14.36,86.34.137.186,86.34.187.82,86.39.131.92,86.39.146.3,86.47.226.61,86.50.67.124,86.53.239.179,86.55.177.93,86.55.211.116,86.55.211.117,86.55.236.254,86.55.5.98,86.57.246.138,86.59.29.53,86.64.222.3,86.64.248.252,86.66.20.21,86.9.79.253,87.1.33.237,87.101.232.106,87.101.50.7,87.101.50.8,87.105.248.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (229)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510456; rev:2003; fwsam: src, 24 hours;)
alert udp [86.110.96.29,86.111.244.181,86.111.245.183,86.111.97.31,86.121.214.49,86.125.25.163,86.168.14.36,86.34.137.186,86.34.187.82,86.39.131.92,86.39.146.3,86.47.226.61,86.50.67.124,86.53.239.179,86.55.177.93,86.55.211.116,86.55.211.117,86.55.236.254,86.55.5.98,86.57.246.138,86.59.29.53,86.64.222.3,86.64.248.252,86.66.20.21,86.9.79.253,87.1.33.237,87.101.232.106,87.101.50.7,87.101.50.8,87.105.248.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (229)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510457; rev:2003; fwsam: src, 24 hours;)
alert tcp [87.106.102.76,87.106.189.180,87.106.212.112,87.106.241.9,87.106.254.55,87.106.4.125,87.106.5.82,87.106.59.162,87.106.65.83,87.106.86.155,87.106.99.106,87.107.20.5,87.107.20.8,87.110.220.5,87.117.200.206,87.117.205.9,87.118.100.7,87.118.104.89,87.118.106.243,87.118.112.236,87.118.112.46,87.118.112.71,87.118.114.243,87.118.116.95,87.118.123.94,87.118.203.43,87.118.82.57,87.118.84.17,87.118.87.217,87.118.88.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (230)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510458; rev:2003; fwsam: src, 24 hours;)
alert udp [87.106.102.76,87.106.189.180,87.106.212.112,87.106.241.9,87.106.254.55,87.106.4.125,87.106.5.82,87.106.59.162,87.106.65.83,87.106.86.155,87.106.99.106,87.107.20.5,87.107.20.8,87.110.220.5,87.117.200.206,87.117.205.9,87.118.100.7,87.118.104.89,87.118.106.243,87.118.112.236,87.118.112.46,87.118.112.71,87.118.114.243,87.118.116.95,87.118.123.94,87.118.203.43,87.118.82.57,87.118.84.17,87.118.87.217,87.118.88.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (230)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510459; rev:2003; fwsam: src, 24 hours;)
alert tcp [87.118.88.74,87.118.90.222,87.118.94.137,87.118.98.95,87.119.198.20,87.120.152.223,87.121.27.115,87.139.22.199,87.14.165.32,87.16.124.231,87.163.205.161,87.19.76.183,87.19.94.66,87.193.138.136,87.193.142.242,87.194.159.100,87.194.19.132,87.194.36.1,87.200.105.98,87.204.217.2,87.204.23.215,87.205.149.152,87.216.176.66,87.225.128.25,87.226.12.92,87.229.30.113,87.230.103.91,87.230.56.40,87.230.78.232,87.230.83.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (231)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510460; rev:2003; fwsam: src, 24 hours;)
alert udp [87.118.88.74,87.118.90.222,87.118.94.137,87.118.98.95,87.119.198.20,87.120.152.223,87.121.27.115,87.139.22.199,87.14.165.32,87.16.124.231,87.163.205.161,87.19.76.183,87.19.94.66,87.193.138.136,87.193.142.242,87.194.159.100,87.194.19.132,87.194.36.1,87.200.105.98,87.204.217.2,87.204.23.215,87.205.149.152,87.216.176.66,87.225.128.25,87.226.12.92,87.229.30.113,87.230.103.91,87.230.56.40,87.230.78.232,87.230.83.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (231)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510461; rev:2003; fwsam: src, 24 hours;)
alert tcp [87.230.85.194,87.230.92.134,87.233.156.163,87.234.44.208,87.236.232.109,87.236.232.111,87.236.232.18,87.237.106.195,87.237.184.108,87.237.56.233,87.238.75.118,87.24.9.163,87.240.72.77,87.242.73.96,87.242.98.199,87.244.206.3,87.246.53.11,87.249.108.9,87.255.24.162,87.3.146.251,87.3.32.99,87.5.220.171,87.54.134.250,87.56.181.14,87.56.252.158,87.60.133.149,87.63.36.152,87.69.12.66,87.86.238.221,87.96.215.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (232)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510462; rev:2003; fwsam: src, 24 hours;)
alert udp [87.230.85.194,87.230.92.134,87.233.156.163,87.234.44.208,87.236.232.109,87.236.232.111,87.236.232.18,87.237.106.195,87.237.184.108,87.237.56.233,87.238.75.118,87.24.9.163,87.240.72.77,87.242.73.96,87.242.98.199,87.244.206.3,87.246.53.11,87.249.108.9,87.255.24.162,87.3.146.251,87.3.32.99,87.5.220.171,87.54.134.250,87.56.181.14,87.56.252.158,87.60.133.149,87.63.36.152,87.69.12.66,87.86.238.221,87.96.215.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (232)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510463; rev:2003; fwsam: src, 24 hours;)
alert tcp [87.96.215.6,87.97.30.25,87.97.96.79,87.98.253.89,88.100.93.160,88.107.10.169,88.132.58.248,88.146.173.4,88.146.86.72,88.149.195.30,88.149.202.196,88.151.97.150,88.156.100.248,88.156.239.181,88.159.160.228,88.159.8.164,88.159.82.234,88.160.116.150,88.167.176.20,88.169.214.123,88.177.160.128,88.177.173.231,88.178.4.175,88.190.11.166,88.190.12.164,88.191.102.156,88.191.104.156,88.191.119.141,88.191.124.168,88.191.124.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (233)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510464; rev:2003; fwsam: src, 24 hours;)
alert udp [87.96.215.6,87.97.30.25,87.97.96.79,87.98.253.89,88.100.93.160,88.107.10.169,88.132.58.248,88.146.173.4,88.146.86.72,88.149.195.30,88.149.202.196,88.151.97.150,88.156.100.248,88.156.239.181,88.159.160.228,88.159.8.164,88.159.82.234,88.160.116.150,88.167.176.20,88.169.214.123,88.177.160.128,88.177.173.231,88.178.4.175,88.190.11.166,88.190.12.164,88.191.102.156,88.191.104.156,88.191.119.141,88.191.124.168,88.191.124.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (233)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510465; rev:2003; fwsam: src, 24 hours;)
alert tcp [88.191.14.154,88.191.16.115,88.191.17.209,88.191.18.98,88.191.23.69,88.191.24.39,88.191.30.24,88.191.37.200,88.191.38.208,88.191.50.140,88.191.63.231,88.191.68.82,88.191.71.10,88.191.73.174,88.191.73.232,88.191.77.125,88.191.77.215,88.191.79.37,88.191.83.8,88.191.92.122,88.191.92.243,88.191.93.244,88.191.94.204,88.191.94.244,88.191.94.64,88.191.95.217,88.198.13.233,88.198.14.155,88.198.14.53,88.198.204.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (234)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510466; rev:2003; fwsam: src, 24 hours;)
alert udp [88.191.14.154,88.191.16.115,88.191.17.209,88.191.18.98,88.191.23.69,88.191.24.39,88.191.30.24,88.191.37.200,88.191.38.208,88.191.50.140,88.191.63.231,88.191.68.82,88.191.71.10,88.191.73.174,88.191.73.232,88.191.77.125,88.191.77.215,88.191.79.37,88.191.83.8,88.191.92.122,88.191.92.243,88.191.93.244,88.191.94.204,88.191.94.244,88.191.94.64,88.191.95.217,88.198.13.233,88.198.14.155,88.198.14.53,88.198.204.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (234)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510467; rev:2003; fwsam: src, 24 hours;)
alert tcp [88.198.25.138,88.198.250.165,88.198.28.14,88.198.32.114,88.198.33.104,88.198.33.87,88.198.34.250,88.198.36.163,88.198.36.85,88.198.41.243,88.198.48.140,88.198.48.209,88.198.48.240,88.198.50.108,88.198.50.120,88.198.52.99,88.198.57.75,88.198.60.15,88.198.62.11,88.198.62.40,88.198.62.5,88.198.66.13,88.198.68.52,88.198.9.220,88.199.84.3,88.203.200.26,88.204.168.251,88.208.201.226,88.208.205.130,88.208.207.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (235)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510468; rev:2003; fwsam: src, 24 hours;)
alert udp [88.198.25.138,88.198.250.165,88.198.28.14,88.198.32.114,88.198.33.104,88.198.33.87,88.198.34.250,88.198.36.163,88.198.36.85,88.198.41.243,88.198.48.140,88.198.48.209,88.198.48.240,88.198.50.108,88.198.50.120,88.198.52.99,88.198.57.75,88.198.60.15,88.198.62.11,88.198.62.40,88.198.62.5,88.198.66.13,88.198.68.52,88.198.9.220,88.199.84.3,88.203.200.26,88.204.168.251,88.208.201.226,88.208.205.130,88.208.207.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (235)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510469; rev:2003; fwsam: src, 24 hours;)
alert tcp [88.208.208.242,88.208.219.97,88.208.232.36,88.208.236.192,88.209.212.139,88.209.222.233,88.209.249.225,88.212.3.2,88.214.193.108,88.214.193.116,88.214.193.141,88.214.193.216,88.214.193.35,88.214.193.74,88.214.194.28,88.214.205.18,88.222.116.19,88.233.9.252,88.245.103.84,88.248.153.142,88.248.50.13,88.255.131.82,88.255.225.103,88.255.239.62,88.26.176.95,88.26.206.74,88.41.48.170,88.44.214.142,88.46.90.90,88.49.255.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (236)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510470; rev:2003; fwsam: src, 24 hours;)
alert udp [88.208.208.242,88.208.219.97,88.208.232.36,88.208.236.192,88.209.212.139,88.209.222.233,88.209.249.225,88.212.3.2,88.214.193.108,88.214.193.116,88.214.193.141,88.214.193.216,88.214.193.35,88.214.193.74,88.214.194.28,88.214.205.18,88.222.116.19,88.233.9.252,88.245.103.84,88.248.153.142,88.248.50.13,88.255.131.82,88.255.225.103,88.255.239.62,88.26.176.95,88.26.206.74,88.41.48.170,88.44.214.142,88.46.90.90,88.49.255.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (236)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510471; rev:2003; fwsam: src, 24 hours;)
alert tcp [88.52.191.133,88.55.61.35,88.56.189.226,88.62.162.96,88.69.182.109,88.80.0.102,88.80.6.178,88.81.165.2,88.84.137.198,88.84.137.199,88.84.142.88,88.84.148.186,88.84.150.180,88.84.156.220,88.84.156.45,88.85.87.30,88.86.121.209,88.87.36.102,89.105.196.150,89.105.197.203,89.107.226.2,89.107.66.239,89.108.119.163,89.108.120.191,89.108.125.14,89.108.68.81,89.108.70.16,89.108.70.215,89.108.70.247,89.108.70.47] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (237)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510472; rev:2003; fwsam: src, 24 hours;)
alert udp [88.52.191.133,88.55.61.35,88.56.189.226,88.62.162.96,88.69.182.109,88.80.0.102,88.80.6.178,88.81.165.2,88.84.137.198,88.84.137.199,88.84.142.88,88.84.148.186,88.84.150.180,88.84.156.220,88.84.156.45,88.85.87.30,88.86.121.209,88.87.36.102,89.105.196.150,89.105.197.203,89.107.226.2,89.107.66.239,89.108.119.163,89.108.120.191,89.108.125.14,89.108.68.81,89.108.70.16,89.108.70.215,89.108.70.247,89.108.70.47] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (237)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510473; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.108.71.28,89.108.71.32,89.108.79.104,89.108.79.107,89.108.79.147,89.108.79.69,89.109.15.188,89.110.128.15,89.110.132.213,89.111.103.138,89.111.184.202,89.111.184.93,89.111.185.100,89.111.185.102,89.111.185.106,89.111.185.125,89.111.185.181,89.111.185.190,89.111.185.43,89.111.185.77,89.111.189.5,89.111.189.8,89.113.247.109,89.115.178.75,89.116.50.113,89.117.4.29,89.120.99.187,89.121.248.205,89.122.154.234,89.128.183.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (238)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510474; rev:2003; fwsam: src, 24 hours;)
alert udp [89.108.71.28,89.108.71.32,89.108.79.104,89.108.79.107,89.108.79.147,89.108.79.69,89.109.15.188,89.110.128.15,89.110.132.213,89.111.103.138,89.111.184.202,89.111.184.93,89.111.185.100,89.111.185.102,89.111.185.106,89.111.185.125,89.111.185.181,89.111.185.190,89.111.185.43,89.111.185.77,89.111.189.5,89.111.189.8,89.113.247.109,89.115.178.75,89.116.50.113,89.117.4.29,89.120.99.187,89.121.248.205,89.122.154.234,89.128.183.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (238)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510475; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.133.17.148,89.137.242.138,89.138.4.202,89.139.96.93,89.143.128.171,89.143.69.8,89.145.96.166,89.145.97.25,89.146.153.9,89.146.18.19,89.147.84.239,89.149.242.113,89.149.242.191,89.149.242.192,89.149.242.25,89.149.244.54,89.150.203.80,89.151.125.148,89.151.173.75,89.151.191.154,89.152.176.32,89.163.145.213,89.165.14.230,89.165.40.10,89.166.186.184,89.166.50.106,89.167.84.169,89.169.103.223,89.169.137.216,89.169.147.159] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (239)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510476; rev:2003; fwsam: src, 24 hours;)
alert udp [89.133.17.148,89.137.242.138,89.138.4.202,89.139.96.93,89.143.128.171,89.143.69.8,89.145.96.166,89.145.97.25,89.146.153.9,89.146.18.19,89.147.84.239,89.149.242.113,89.149.242.191,89.149.242.192,89.149.242.25,89.149.244.54,89.150.203.80,89.151.125.148,89.151.173.75,89.151.191.154,89.152.176.32,89.163.145.213,89.165.14.230,89.165.40.10,89.166.186.184,89.166.50.106,89.167.84.169,89.169.103.223,89.169.137.216,89.169.147.159] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (239)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510477; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.171.112.124,89.171.55.120,89.173.30.176,89.174.119.240,89.174.182.94,89.178.101.253,89.178.12.185,89.178.135.131,89.178.14.204,89.178.236.223,89.178.27.43,89.18.16.68,89.18.189.170,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.185.193.116,89.185.210.155,89.185.229.22,89.185.245.160,89.186.103.148,89.187.135.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (240)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510478; rev:2003; fwsam: src, 24 hours;)
alert udp [89.171.112.124,89.171.55.120,89.173.30.176,89.174.119.240,89.174.182.94,89.178.101.253,89.178.12.185,89.178.135.131,89.178.14.204,89.178.236.223,89.178.27.43,89.18.16.68,89.18.189.170,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.185.193.116,89.185.210.155,89.185.229.22,89.185.245.160,89.186.103.148,89.187.135.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (240)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510479; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.187.41.6,89.188.107.42,89.19.20.2,89.19.29.60,89.19.5.196,89.19.5.234,89.19.8.250,89.191.224.25,89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.20.140.7,89.200.169.79,89.200.171.46,89.201.210.64,89.202.203.114,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.100] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (241)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510480; rev:2003; fwsam: src, 24 hours;)
alert udp [89.187.41.6,89.188.107.42,89.19.20.2,89.19.29.60,89.19.5.196,89.19.5.234,89.19.8.250,89.191.224.25,89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.20.140.7,89.200.169.79,89.200.171.46,89.201.210.64,89.202.203.114,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.100] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (241)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510481; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.208.146.181,89.208.146.193,89.208.155.66,89.21.55.190,89.210.180.128,89.214.76.185,89.214.88.63,89.214.99.96,89.216.53.66,89.216.66.206,89.216.66.94,89.216.72.25,89.218.135.53,89.218.6.246,89.221.240.169,89.221.240.183,89.223.52.194,89.231.53.175,89.235.161.242,89.235.197.18,89.235.214.180,89.238.0.106,89.238.219.250,89.239.78.232,89.240.38.7,89.244.174.91,89.244.233.46,89.245.84.130,89.246.178.22,89.246.199.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (242)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510482; rev:2003; fwsam: src, 24 hours;)
alert udp [89.208.146.181,89.208.146.193,89.208.155.66,89.21.55.190,89.210.180.128,89.214.76.185,89.214.88.63,89.214.99.96,89.216.53.66,89.216.66.206,89.216.66.94,89.216.72.25,89.218.135.53,89.218.6.246,89.221.240.169,89.221.240.183,89.223.52.194,89.231.53.175,89.235.161.242,89.235.197.18,89.235.214.180,89.238.0.106,89.238.219.250,89.239.78.232,89.240.38.7,89.244.174.91,89.244.233.46,89.245.84.130,89.246.178.22,89.246.199.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (242)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510483; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78,89.247.40.22,89.247.57.254,89.248.169.110,89.248.174.30,89.248.248.51,89.248.82.93,89.248.86.114,89.249.3.203,89.250.112.130,89.250.112.244,89.250.114.102,89.250.190.12,89.250.195.254,89.250.29.8,89.251.128.55,89.252.8.2,89.253.155.27,89.253.238.249,89.254.129.58,89.28.4.60,89.29.116.98,89.3.83.180,89.31.144.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (243)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510484; rev:2003; fwsam: src, 24 hours;)
alert udp [89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78,89.247.40.22,89.247.57.254,89.248.169.110,89.248.174.30,89.248.248.51,89.248.82.93,89.248.86.114,89.249.3.203,89.250.112.130,89.250.112.244,89.250.114.102,89.250.190.12,89.250.195.254,89.250.29.8,89.251.128.55,89.252.8.2,89.253.155.27,89.253.238.249,89.254.129.58,89.28.4.60,89.29.116.98,89.3.83.180,89.31.144.172] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (243)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510485; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.31.144.208,89.32.206.79,89.32.94.94,89.33.140.53,89.33.145.137,89.35.137.58,89.36.206.81,89.36.6.252,89.36.86.188,89.37.45.230,89.39.166.1,89.40.252.3,89.42.158.187,89.42.180.137,89.42.182.64,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.164.119,89.45.3.45,89.46.122.20,89.46.128.254,89.46.198.193,89.46.98.131,89.47.214.127,89.47.238.9,89.96.212.247,89.97.198.3,89.97.217.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (244)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510486; rev:2003; fwsam: src, 24 hours;)
alert udp [89.31.144.208,89.32.206.79,89.32.94.94,89.33.140.53,89.33.145.137,89.35.137.58,89.36.206.81,89.36.6.252,89.36.86.188,89.37.45.230,89.39.166.1,89.40.252.3,89.42.158.187,89.42.180.137,89.42.182.64,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.164.119,89.45.3.45,89.46.122.20,89.46.128.254,89.46.198.193,89.46.98.131,89.47.214.127,89.47.238.9,89.96.212.247,89.97.198.3,89.97.217.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (244)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510487; rev:2003; fwsam: src, 24 hours;)
alert tcp [89.97.22.193,89.97.249.87,89.97.5.4,90.15.224.213,90.150.233.8,90.156.145.71,90.156.158.49,90.156.159.204,90.156.159.54,90.156.208.65,90.156.210.185,90.156.210.62,90.156.211.175,90.156.211.178,90.156.211.243,90.156.212.31,90.169.64.92,90.177.104.183,90.178.78.98,90.182.90.186,90.183.101.182,90.183.9.150,90.184.84.152,90.186.58.207,90.190.106.15,90.191.231.113,90.220.11.19,90.231.213.27,90.52.1.156,91.0.246.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (245)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510488; rev:2003; fwsam: src, 24 hours;)
alert udp [89.97.22.193,89.97.249.87,89.97.5.4,90.15.224.213,90.150.233.8,90.156.145.71,90.156.158.49,90.156.159.204,90.156.159.54,90.156.208.65,90.156.210.185,90.156.210.62,90.156.211.175,90.156.211.178,90.156.211.243,90.156.212.31,90.169.64.92,90.177.104.183,90.178.78.98,90.182.90.186,90.183.101.182,90.183.9.150,90.184.84.152,90.186.58.207,90.190.106.15,90.191.231.113,90.220.11.19,90.231.213.27,90.52.1.156,91.0.246.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (245)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510489; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.11.67.146,91.112.85.26,91.113.148.11,91.113.24.23,91.113.248.154,91.113.26.222,91.115.111.242,91.117.107.226,91.117.124.26,91.12.54.167,91.12.70.189,91.12.84.193,91.121.147.142,91.121.221.90,91.121.221.94,91.121.75.81,91.121.81.192,91.121.94.24,91.121.96.212,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (246)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510490; rev:2003; fwsam: src, 24 hours;)
alert udp [91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.11.67.146,91.112.85.26,91.113.148.11,91.113.24.23,91.113.248.154,91.113.26.222,91.115.111.242,91.117.107.226,91.117.124.26,91.12.54.167,91.12.70.189,91.12.84.193,91.121.147.142,91.121.221.90,91.121.221.94,91.121.75.81,91.121.81.192,91.121.94.24,91.121.96.212,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (246)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510491; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.126.223.43,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98,91.138.22.82,91.139.185.134,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254,91.142.242.60,91.143.105.39,91.143.222.122,91.144.96.197,91.145.5.73,91.146.161.20,91.148.91.50,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (247)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510492; rev:2003; fwsam: src, 24 hours;)
alert udp [91.126.223.43,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98,91.138.22.82,91.139.185.134,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254,91.142.242.60,91.143.105.39,91.143.222.122,91.144.96.197,91.145.5.73,91.146.161.20,91.148.91.50,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (247)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510493; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.152.138.220,91.152.222.73,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84,91.154.239.93,91.154.244.162,91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45,91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.183.58.190,91.184.4.139,91.184.56.166,91.185.8.152,91.186.1.160,91.188.122.89,91.188.124.144,91.188.59.197,91.188.59.50,91.189.113.11,91.189.121.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (248)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510494; rev:2003; fwsam: src, 24 hours;)
alert udp [91.152.138.220,91.152.222.73,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84,91.154.239.93,91.154.244.162,91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45,91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.183.58.190,91.184.4.139,91.184.56.166,91.185.8.152,91.186.1.160,91.188.122.89,91.188.124.144,91.188.59.197,91.188.59.50,91.189.113.11,91.189.121.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (248)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510495; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.189.70.73,91.189.82.183,91.189.82.225,91.19.59.86,91.190.224.160,91.190.227.82,91.191.20.122,91.191.54.125,91.192.170.230,91.192.79.139,91.193.192.120,91.193.204.136,91.193.64.7,91.193.77.130,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (249)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510496; rev:2003; fwsam: src, 24 hours;)
alert udp [91.189.70.73,91.189.82.183,91.189.82.225,91.19.59.86,91.190.224.160,91.190.227.82,91.191.20.122,91.191.54.125,91.192.170.230,91.192.79.139,91.193.192.120,91.193.204.136,91.193.64.7,91.193.77.130,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (249)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510497; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31,91.194.0.32,91.194.0.33,91.194.0.40,91.194.0.5,91.194.177.211,91.194.75.146,91.194.75.147,91.195.214.12,91.195.60.238,91.196.107.83,91.196.115.52,91.196.53.104,91.197.129.102,91.197.129.117,91.197.129.205,91.197.129.24,91.198.105.78,91.198.106.196,91.198.127.68,91.199.198.21,91.199.4.242,91.2.179.21,91.200.41.72,91.201.253.125,91.201.52.136,91.202.161.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (250)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510498; rev:2003; fwsam: src, 24 hours;)
alert udp [91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31,91.194.0.32,91.194.0.33,91.194.0.40,91.194.0.5,91.194.177.211,91.194.75.146,91.194.75.147,91.195.214.12,91.195.60.238,91.196.107.83,91.196.115.52,91.196.53.104,91.197.129.102,91.197.129.117,91.197.129.205,91.197.129.24,91.198.105.78,91.198.106.196,91.198.127.68,91.199.198.21,91.199.4.242,91.2.179.21,91.200.41.72,91.201.253.125,91.201.52.136,91.202.161.134] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (250)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510499; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.203.132.163,91.203.170.38,91.203.216.57,91.204.161.90,91.205.173.108,91.205.188.15,91.205.43.184,91.205.62.178,91.205.74.7,91.206.30.52,91.206.30.54,91.206.30.56,91.206.42.26,91.206.42.34,91.207.102.26,91.207.103.32,91.207.220.74,91.207.230.32,91.207.5.234,91.207.99.20,91.208.142.21,91.209.238.28,91.209.90.203,91.21.80.93,91.210.129.40,91.210.151.102,91.210.181.90,91.210.193.19,91.210.194.222,91.210.58.48] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (251)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510500; rev:2003; fwsam: src, 24 hours;)
alert udp [91.203.132.163,91.203.170.38,91.203.216.57,91.204.161.90,91.205.173.108,91.205.188.15,91.205.43.184,91.205.62.178,91.205.74.7,91.206.30.52,91.206.30.54,91.206.30.56,91.206.42.26,91.206.42.34,91.207.102.26,91.207.103.32,91.207.220.74,91.207.230.32,91.207.5.234,91.207.99.20,91.208.142.21,91.209.238.28,91.209.90.203,91.21.80.93,91.210.129.40,91.210.151.102,91.210.181.90,91.210.193.19,91.210.194.222,91.210.58.48] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (251)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510501; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.211.100.138,91.211.117.144,91.211.119.176,91.211.19.68,91.211.245.63,91.212.143.15,91.212.198.173,91.212.213.3,91.212.219.136,91.212.220.30,91.212.41.14,91.213.117.195,91.213.117.80,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.214.168.67,91.214.45.188,91.215.218.38,91.215.243.162,91.216.141.144,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (252)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510502; rev:2003; fwsam: src, 24 hours;)
alert udp [91.211.100.138,91.211.117.144,91.211.119.176,91.211.19.68,91.211.245.63,91.212.143.15,91.212.198.173,91.212.213.3,91.212.219.136,91.212.220.30,91.212.41.14,91.213.117.195,91.213.117.80,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.214.168.67,91.214.45.188,91.215.218.38,91.215.243.162,91.216.141.144,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (252)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510503; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.218.228.15,91.218.38.161,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136,91.3.110.104,91.33.236.34,91.33.77.248,91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164,91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (253)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510504; rev:2003; fwsam: src, 24 hours;)
alert udp [91.218.228.15,91.218.38.161,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136,91.3.110.104,91.33.236.34,91.33.77.248,91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164,91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (253)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510505; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254,91.39.157.201,91.39.165.96,91.39.166.90,91.39.19.100,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138,91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (254)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510506; rev:2003; fwsam: src, 24 hours;)
alert udp [91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254,91.39.157.201,91.39.165.96,91.39.166.90,91.39.19.100,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138,91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (254)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510507; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186,91.62.127.134,91.62.80.76,91.62.84.139,91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.75.175.88,91.82.251.7,91.83.14.177,91.83.156.191,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.9.189.147,91.9.190.121,91.9.201.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (255)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510508; rev:2003; fwsam: src, 24 hours;)
alert udp [91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186,91.62.127.134,91.62.80.76,91.62.84.139,91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.75.175.88,91.82.251.7,91.83.14.177,91.83.156.191,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.9.189.147,91.9.190.121,91.9.201.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (255)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510509; rev:2003; fwsam: src, 24 hours;)
alert tcp [91.9.228.204,91.90.51.6,91.91.206.40,91.91.206.77,91.95.222.47,91.99.98.150,92.103.187.108,92.104.186.251,92.126.140.138,92.128.94.192,92.198.14.157,92.224.136.204,92.240.234.34,92.240.68.153,92.241.190.191,92.242.121.254,92.242.223.210,92.243.113.90,92.243.26.100,92.243.27.22,92.243.5.22,92.243.5.253,92.243.6.25,92.243.75.90,92.243.78.110,92.243.8.203,92.243.8.94,92.243.84.123,92.243.84.17,92.243.84.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (256)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510510; rev:2003; fwsam: src, 24 hours;)
alert udp [91.9.228.204,91.90.51.6,91.91.206.40,91.91.206.77,91.95.222.47,91.99.98.150,92.103.187.108,92.104.186.251,92.126.140.138,92.128.94.192,92.198.14.157,92.224.136.204,92.240.234.34,92.240.68.153,92.241.190.191,92.242.121.254,92.242.223.210,92.243.113.90,92.243.26.100,92.243.27.22,92.243.5.22,92.243.5.253,92.243.6.25,92.243.75.90,92.243.78.110,92.243.8.203,92.243.8.94,92.243.84.123,92.243.84.17,92.243.84.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (256)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510511; rev:2003; fwsam: src, 24 hours;)
alert tcp [92.243.84.44,92.243.84.82,92.245.96.228,92.247.13.254,92.249.212.38,92.36.17.13,92.36.181.165,92.36.80.91,92.37.241.58,92.38.229.94,92.38.233.26,92.42.250.227,92.46.135.121,92.46.212.223,92.46.98.61,92.47.14.11,92.47.20.115,92.48.101.35,92.48.121.7,92.51.132.242,92.51.133.31,92.51.146.72,92.51.147.164,92.51.155.111,92.51.155.36,92.51.155.44,92.51.157.84,92.53.106.14,92.55.72.3,92.60.176.41] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (257)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510512; rev:2003; fwsam: src, 24 hours;)
alert udp [92.243.84.44,92.243.84.82,92.245.96.228,92.247.13.254,92.249.212.38,92.36.17.13,92.36.181.165,92.36.80.91,92.37.241.58,92.38.229.94,92.38.233.26,92.42.250.227,92.46.135.121,92.46.212.223,92.46.98.61,92.47.14.11,92.47.20.115,92.48.101.35,92.48.121.7,92.51.132.242,92.51.133.31,92.51.146.72,92.51.147.164,92.51.155.111,92.51.155.36,92.51.155.44,92.51.157.84,92.53.106.14,92.55.72.3,92.60.176.41] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (257)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510513; rev:2003; fwsam: src, 24 hours;)
alert tcp [92.60.176.59,92.60.177.241,92.61.149.248,92.61.33.178,92.61.36.103,92.61.37.188,92.63.103.182,92.63.104.27,92.63.106.184,92.63.107.126,92.66.90.226,92.74.19.115,92.85.147.249,93.100.105.183,93.114.41.54,93.124.82.232,93.138.35.48,93.139.0.32,93.148.18.126,93.153.189.85,93.155.164.63,93.160.56.156,93.167.196.59,93.17.197.44,93.183.203.38,93.183.203.60,93.184.6.67,93.184.66.202,93.184.66.209,93.184.69.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (258)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510514; rev:2003; fwsam: src, 24 hours;)
alert udp [92.60.176.59,92.60.177.241,92.61.149.248,92.61.33.178,92.61.36.103,92.61.37.188,92.63.103.182,92.63.104.27,92.63.106.184,92.63.107.126,92.66.90.226,92.74.19.115,92.85.147.249,93.100.105.183,93.114.41.54,93.124.82.232,93.138.35.48,93.139.0.32,93.148.18.126,93.153.189.85,93.155.164.63,93.160.56.156,93.167.196.59,93.17.197.44,93.183.203.38,93.183.203.60,93.184.6.67,93.184.66.202,93.184.66.209,93.184.69.222] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (258)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510515; rev:2003; fwsam: src, 24 hours;)
alert tcp [93.184.78.10,93.186.104.46,93.186.126.179,93.186.126.250,93.186.126.43,93.186.176.81,93.186.177.95,93.186.192.131,93.186.201.50,93.186.60.230,93.187.141.43,93.187.168.35,93.187.168.57,93.187.205.106,93.38.220.143,93.41.63.189,93.62.247.246,93.63.56.95,93.80.7.87,93.84.112.229,93.86.62.147,93.89.10.142,93.89.208.162,93.90.183.162,93.91.156.1,93.91.168.202,93.94.228.181,93.95.100.87,93.95.101.249,93.97.20.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (259)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510516; rev:2003; fwsam: src, 24 hours;)
alert udp [93.184.78.10,93.186.104.46,93.186.126.179,93.186.126.250,93.186.126.43,93.186.176.81,93.186.177.95,93.186.192.131,93.186.201.50,93.186.60.230,93.187.141.43,93.187.168.35,93.187.168.57,93.187.205.106,93.38.220.143,93.41.63.189,93.62.247.246,93.63.56.95,93.80.7.87,93.84.112.229,93.86.62.147,93.89.10.142,93.89.208.162,93.90.183.162,93.91.156.1,93.91.168.202,93.94.228.181,93.95.100.87,93.95.101.249,93.97.20.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (259)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510517; rev:2003; fwsam: src, 24 hours;)
alert tcp [93.97.52.166,94.101.180.3,94.101.44.1,94.102.1.218,94.102.13.83,94.102.14.50,94.102.14.74,94.102.208.254,94.102.208.59,94.102.209.244,94.102.210.187,94.102.210.221,94.102.210.65,94.102.211.101,94.102.211.127,94.102.211.195,94.102.211.99,94.102.212.110,94.102.212.195,94.102.212.220,94.102.212.221,94.102.212.226,94.102.212.236,94.102.212.25,94.102.212.58,94.102.212.72,94.102.212.8,94.102.212.93,94.102.49.76,94.102.52.47] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (260)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510518; rev:2003; fwsam: src, 24 hours;)
alert udp [93.97.52.166,94.101.180.3,94.101.44.1,94.102.1.218,94.102.13.83,94.102.14.50,94.102.14.74,94.102.208.254,94.102.208.59,94.102.209.244,94.102.210.187,94.102.210.221,94.102.210.65,94.102.211.101,94.102.211.127,94.102.211.195,94.102.211.99,94.102.212.110,94.102.212.195,94.102.212.220,94.102.212.221,94.102.212.226,94.102.212.236,94.102.212.25,94.102.212.58,94.102.212.72,94.102.212.8,94.102.212.93,94.102.49.76,94.102.52.47] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (260)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510519; rev:2003; fwsam: src, 24 hours;)
alert tcp [94.102.6.219,94.102.63.12,94.102.7.154,94.111.33.242,94.111.43.146,94.112.244.34,94.125.244.152,94.125.49.82,94.125.50.219,94.126.18.216,94.126.40.154,94.127.67.103,94.127.68.70,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.36.89,94.137.188.138,94.137.27.33,94.137.42.5,94.137.48.197,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.141.144.240,94.141.149.89,94.141.29.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (261)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510520; rev:2003; fwsam: src, 24 hours;)
alert udp [94.102.6.219,94.102.63.12,94.102.7.154,94.111.33.242,94.111.43.146,94.112.244.34,94.125.244.152,94.125.49.82,94.125.50.219,94.126.18.216,94.126.40.154,94.127.67.103,94.127.68.70,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.36.89,94.137.188.138,94.137.27.33,94.137.42.5,94.137.48.197,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.141.144.240,94.141.149.89,94.141.29.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (261)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510521; rev:2003; fwsam: src, 24 hours;)
alert tcp [94.142.233.72,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1,94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76,94.153.181.216,94.153.183.251,94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.178.109.7,94.178.252.233,94.179.45.214,94.180.69.139,94.180.78.251,94.181.12.143,94.194.10.119,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82,94.197.194.33,94.197.226.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (262)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510522; rev:2003; fwsam: src, 24 hours;)
alert udp [94.142.233.72,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1,94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76,94.153.181.216,94.153.183.251,94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.178.109.7,94.178.252.233,94.179.45.214,94.180.69.139,94.180.78.251,94.181.12.143,94.194.10.119,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82,94.197.194.33,94.197.226.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (262)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510523; rev:2003; fwsam: src, 24 hours;)
alert tcp [94.197.23.2,94.197.247.133,94.198.240.126,94.198.81.140,94.198.99.64,94.209.45.46,94.21.14.23,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138,94.219.65.123,94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.48.66,94.222.166.57,94.222.216.118,94.228.210.218,94.228.212.200,94.228.215.225,94.229.35.150,94.229.36.234,94.229.85.89,94.229.93.163,94.230.17.242,94.230.37.0,94.230.38.189] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (263)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510524; rev:2003; fwsam: src, 24 hours;)
alert udp [94.197.23.2,94.197.247.133,94.198.240.126,94.198.81.140,94.198.99.64,94.209.45.46,94.21.14.23,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138,94.219.65.123,94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.48.66,94.222.166.57,94.222.216.118,94.228.210.218,94.228.212.200,94.228.215.225,94.229.35.150,94.229.36.234,94.229.85.89,94.229.93.163,94.230.17.242,94.230.37.0,94.230.38.189] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (263)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510525; rev:2003; fwsam: src, 24 hours;)
alert tcp [94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.237.121.102,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191,94.243.91.249,94.243.92.120,94.243.99.213,94.244.1.12,94.245.201.81,94.245.233.45,94.245.240.130,94.246.125.4,94.246.211.166,94.248.145.119,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.26.2.18,94.28.82.90,94.30.220.31,94.32.68.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (264)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510526; rev:2003; fwsam: src, 24 hours;)
alert udp [94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.237.121.102,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191,94.243.91.249,94.243.92.120,94.243.99.213,94.244.1.12,94.245.201.81,94.245.233.45,94.245.240.130,94.246.125.4,94.246.211.166,94.248.145.119,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.26.2.18,94.28.82.90,94.30.220.31,94.32.68.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (264)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510527; rev:2003; fwsam: src, 24 hours;)
alert tcp [94.33.10.97,94.40.11.195,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.51.137.177,94.52.219.53,94.52.221.11,94.53.12.138,94.54.1.36,94.55.5.232,94.59.120.99,94.66.208.108,94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84,94.73.48.201,94.73.9.218,94.74.248.8,94.75.207.115,94.75.209.167,94.75.210.40,94.75.213.129,94.75.213.156,94.75.229.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (265)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510528; rev:2003; fwsam: src, 24 hours;)
alert udp [94.33.10.97,94.40.11.195,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.51.137.177,94.52.219.53,94.52.221.11,94.53.12.138,94.54.1.36,94.55.5.232,94.59.120.99,94.66.208.108,94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84,94.73.48.201,94.73.9.218,94.74.248.8,94.75.207.115,94.75.209.167,94.75.210.40,94.75.213.129,94.75.213.156,94.75.229.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (265)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510529; rev:2003; fwsam: src, 24 hours;)
alert tcp [94.75.229.230,94.75.242.71,94.76.107.120,94.76.204.102,94.76.204.199,94.76.206.30,94.76.246.101,94.76.249.99,94.76.250.85,94.80.140.91,94.85.20.50,94.85.213.34,95.0.180.25,95.0.216.101,95.0.85.118,95.105.180.109,95.110.224.230,95.128.245.35,95.131.89.114,95.132.35.241,95.141.226.37,95.146.116.219,95.154.113.9,95.154.229.217,95.156.192.31,95.156.202.120,95.156.202.92,95.168.177.103,95.169.190.139,95.169.190.235] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (266)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510530; rev:2003; fwsam: src, 24 hours;)
alert udp [94.75.229.230,94.75.242.71,94.76.107.120,94.76.204.102,94.76.204.199,94.76.206.30,94.76.246.101,94.76.249.99,94.76.250.85,94.80.140.91,94.85.20.50,94.85.213.34,95.0.180.25,95.0.216.101,95.0.85.118,95.105.180.109,95.110.224.230,95.128.245.35,95.131.89.114,95.132.35.241,95.141.226.37,95.146.116.219,95.154.113.9,95.154.229.217,95.156.192.31,95.156.202.120,95.156.202.92,95.168.177.103,95.169.190.139,95.169.190.235] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (266)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510531; rev:2003; fwsam: src, 24 hours;)
alert tcp [95.170.221.13,95.170.64.177,95.176.158.244,95.211.0.93,95.211.113.247,95.211.118.150,95.211.118.153,95.211.129.181,95.211.129.43,95.211.129.96,95.211.130.79,95.211.19.162,95.211.52.140,95.211.82.101,95.211.85.215,95.211.87.202,95.211.98.147,95.211.99.137,95.215.1.6,95.215.36.5,95.215.68.18,95.244.235.24,95.26.36.246,95.27.34.195,95.29.90.61,95.48.193.98,95.48.25.90,95.52.181.38,95.56.158.69,95.56.230.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (267)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510532; rev:2003; fwsam: src, 24 hours;)
alert udp [95.170.221.13,95.170.64.177,95.176.158.244,95.211.0.93,95.211.113.247,95.211.118.150,95.211.118.153,95.211.129.181,95.211.129.43,95.211.129.96,95.211.130.79,95.211.19.162,95.211.52.140,95.211.82.101,95.211.85.215,95.211.87.202,95.211.98.147,95.211.99.137,95.215.1.6,95.215.36.5,95.215.68.18,95.244.235.24,95.26.36.246,95.27.34.195,95.29.90.61,95.48.193.98,95.48.25.90,95.52.181.38,95.56.158.69,95.56.230.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (267)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510533; rev:2003; fwsam: src, 24 hours;)
alert tcp [95.56.239.66,95.57.251.209,95.58.122.98,95.59.47.131,95.62.147.8,95.65.92.173,95.67.192.47,95.74.64.182,95.83.3.17,95.88.20.8,95.90.78.66,95.95.168.49,95.95.32.160,96.237.178.82,96.4.191.21,96.48.38.230,96.57.192.253,96.57.252.11,96.57.99.74,96.9.186.245,97.107.134.58,97.107.135.103,97.107.141.136,97.113.220.246,97.67.249.162,97.79.131.69,97.86.80.130,97.86.95.234,98.124.198.1,98.124.92.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (268)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510534; rev:2003; fwsam: src, 24 hours;)
alert udp [95.56.239.66,95.57.251.209,95.58.122.98,95.59.47.131,95.62.147.8,95.65.92.173,95.67.192.47,95.74.64.182,95.83.3.17,95.88.20.8,95.90.78.66,95.95.168.49,95.95.32.160,96.237.178.82,96.4.191.21,96.48.38.230,96.57.192.253,96.57.252.11,96.57.99.74,96.9.186.245,97.107.134.58,97.107.135.103,97.107.141.136,97.113.220.246,97.67.249.162,97.79.131.69,97.86.80.130,97.86.95.234,98.124.198.1,98.124.92.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (268)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510535; rev:2003; fwsam: src, 24 hours;)