#
# $Id: emerging-drop.rules $
# Emerging Threats Spamhaus DROP List rules.
#
# Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2010, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 2020


#  Generated 2010-09-06 00:03:02 EDT

alert tcp [119.42.144.0/21,121.46.64.0/18,122.202.96.0/19,128.168.0.0/16,128.199.0.0/16,132.232.0.0/16,132.240.0.0/16,134.33.0.0/16,136.228.0.0/16,138.252.0.0/16,138.43.0.0/16,139.167.0.0/16,140.170.0.0/16,143.135.0.0/16,143.49.0.0/16,143.95.0.0/16,144.67.0.0/16,148.178.0.0/16,148.248.0.0/16,150.141.0.0/16] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400000; rev:2020;)
alert tcp [167.28.0.0/16,167.97.0.0/16,168.151.0.0/16,170.106.0.0/16,170.120.0.0/16,170.67.0.0/16,170.75.0.0/16,188.130.250.0/23,188.170.192.0/21,188.170.216.0/21,188.170.243.0/24,188.212.0.0/20,188.229.13.0/24,188.229.16.0/21,188.229.40.0/21,188.229.48.0/21,188.229.56.0/21,188.229.64.0/21,188.229.72.0/21,188.229.80.0/21] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400001; rev:2020;)
alert tcp [192.43.154.0/23,192.43.156.0/22,192.43.160.0/24,192.43.175.0/24,192.43.176.0/21,192.43.184.0/24,192.67.16.0/24,192.86.85.0/24,193.104.106.0/24,193.104.110.0/24,193.104.12.0/24,193.104.146.0/24,193.104.153.0/24,193.104.176.0/24,193.104.22.0/24,193.104.253.0/24,193.104.27.0/24,193.104.34.0/24,193.104.41.0/24,193.104.94.0/24] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400002; rev:2020;)
alert tcp [193.105.207.0/24,193.105.245.0/24,193.106.32.0/22,193.109.246.0/23,193.110.136.0/24,193.138.172.0/22,193.142.244.0/24,193.148.47.0/24,193.16.100.0/24,193.169.234.0/23,193.169.250.0/23,193.228.145.0/24,193.238.36.0/22,193.27.246.0/23,193.41.38.0/24,193.43.134.0/24,193.46.211.0/24,194.0.221.0/24,194.110.160.0/22,194.116.146.0/23] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400003; rev:2020;)
alert tcp [194.165.4.0/23,194.28.44.0/22,194.8.250.0/23,194.8.74.0/23,195.114.8.0/23,195.14.112.0/23,195.170.178.0/24,195.182.57.0/24,195.225.176.0/22,195.234.159.0/24,195.238.242.0/24,195.5.161.0/24,195.5.168.0/24,195.54.170.0/23,195.74.88.0/23,195.78.108.0/23,195.78.122.0/23,195.88.144.0/23,195.88.190.0/23,195.88.226.0/23] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400004; rev:2020;)
alert tcp [196.32.216.0/21,198.151.152.0/22,198.186.16.0/20,198.186.25.0/24,198.204.0.0/21,199.120.163.0/24,199.166.200.0/22,199.245.138.0/24,199.60.102.0/24,200.106.128.0/20,200.115.112.0/21,200.115.96.0/20,200.123.224.0/20,200.124.160.0/21,200.22.0.0/16,200.50.192.0/19,201.71.0.0/20,203.19.101.0/24,203.31.88.0/23,203.34.205.0/24] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400005; rev:2020;)
alert tcp [204.187.224.0/20,204.187.240.0/21,204.187.248.0/22,204.187.252.0/23,204.187.254.0/24,204.194.184.0/21,204.236.0.0/19,204.52.255.0/24,204.89.224.0/24,205.235.64.0/20,205.236.189.0/24,206.197.175.0/24,206.197.176.0/24,206.197.177.0/24,206.197.28.0/24,206.197.29.0/24,207.189.0.0/19,208.81.136.0/21,208.82.136.0/21,208.90.0.0/21] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400006; rev:2020;)
alert tcp [218.75.128.0/19,41.221.112.0/20,58.83.12.0/22,58.83.8.0/22,62.122.32.0/21,62.182.152.0/21,64.112.0.0/17,64.112.128.0/18,64.15.0.0/20,64.28.176.0/20,64.44.0.0/16,66.206.32.0/22,66.98.112.0/20,67.210.0.0/20,67.211.208.0/20,67.213.128.0/20,67.218.208.0/20,69.8.176.0/20,72.13.16.0/20,72.2.176.0/20] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400007; rev:2020;)
alert tcp [79.110.160.0/20,79.110.176.0/20,79.110.48.0/20,79.135.128.0/19,79.174.0.0/19,85.202.160.0/20,85.202.192.0/20,85.255.112.0/20,86.55.243.0/24,88.135.64.0/20,88.214.211.0/24,91.193.192.0/22,91.194.0.0/23,91.196.232.0/22,91.198.109.0/24,91.198.127.0/24,91.199.112.0/24,91.199.123.0/24,91.200.164.0/22,91.200.248.0/22] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400008; rev:2020;)
alert tcp [91.202.52.0/22,91.203.92.0/22,91.205.40.0/22,91.207.116.0/23,91.208.0.0/24,91.208.162.0/24,91.208.228.0/24,91.209.14.0/24,91.209.183.0/24,91.209.184.0/24,91.209.186.0/24,91.209.238.0/24,91.209.48.0/24,91.209.58.0/24,91.210.172.0/22,91.211.224.0/22,91.211.64.0/22,91.211.88.0/22,91.212.107.0/24,91.212.123.0/24] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400009; rev:2020;)
alert tcp [91.212.45.0/24,91.212.65.0/24,91.213.121.0/24,91.213.126.0/24,91.213.174.0/24,91.213.217.0/24,91.213.29.0/24,91.213.72.0/24,91.213.75.0/24,91.213.93.0/24,91.213.94.0/24,91.216.11.0/24,91.216.122.0/24,91.216.3.0/24,91.216.73.0/24,93.120.32.0/19,93.168.18.0/23,93.168.20.0/23,93.168.22.0/23,93.168.24.0/23] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400010; rev:2020;)
alert tcp [93.174.164.0/24,93.175.240.0/20,93.188.160.0/21,94.126.176.0/21,94.130.0.0/15,94.154.0.0/18,94.154.128.0/18,94.154.64.0/18,94.158.240.0/20,94.232.248.0/21,95.177.128.0/18,95.177.192.0/19,95.177.224.0/20,95.215.192.0/22,95.216.0.0/15,95.64.98.0/23] any <> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flags:S; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400011; rev:2020;)