#
# $Id: emerging-compromised.rules
# Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources
#
#Sources include:
#
#  Daniel Gerzo's BruteForceBlocker
#  http://danger.rulez.sk/projects/bruteforceblocker/
#
#  Abuse.ch's Zeus Tracker (aka WNSPoem, etc)
#  https://zeustracker.abuse.ch/faq.php
#
#  The CZ Honeynet Project
#  http://www.honeynet.cz
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2010, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 2006

#  Generated 2010-09-05 00:03:03 EDT

alert tcp [109.120.1.31,109.123.91.67,109.123.95.174,109.169.200.233,109.169.218.193,109.169.56.3,109.184.115.42,109.189.97.55,109.195.109.9,109.195.64.250,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.200.105.2,109.207.1.133,109.70.26.36,109.72.241.22,109.74.139.148,109.74.3.219,109.86.194.103,110.133.119.39,110.137.70.196,110.15.0.74,110.162.97.181,110.172.174.50,110.2.183.129,110.45.138.146,110.45.144.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (1)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500000; rev:2006;)
alert udp [109.120.1.31,109.123.91.67,109.123.95.174,109.169.200.233,109.169.218.193,109.169.56.3,109.184.115.42,109.189.97.55,109.195.109.9,109.195.64.250,109.196.130.43,109.196.134.30,109.196.134.35,109.196.143.60,109.196.143.67,109.200.105.2,109.207.1.133,109.70.26.36,109.72.241.22,109.74.139.148,109.74.3.219,109.86.194.103,110.133.119.39,110.137.70.196,110.15.0.74,110.162.97.181,110.172.174.50,110.2.183.129,110.45.138.146,110.45.144.72] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (1)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500001; rev:2006;)
alert tcp [110.45.146.31,110.52.11.52,110.54.253.1,110.67.62.187,110.77.129.165,110.77.129.166,111.1.8.105,111.119.170.183,111.119.203.14,111.119.231.90,111.125.224.128,111.125.242.29,111.171.205.176,111.252.3.236,111.67.203.114,111.67.205.118,112.104.116.155,112.137.141.10,112.137.147.186,112.137.162.138,112.166.159.215,112.172.129.87,112.175.141.21,112.175.232.155,112.175.242.101,112.200.215.98,112.201.181.195,112.202.42.39,112.202.73.132,112.213.87.159] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (2)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500002; rev:2006;)
alert udp [110.45.146.31,110.52.11.52,110.54.253.1,110.67.62.187,110.77.129.165,110.77.129.166,111.1.8.105,111.119.170.183,111.119.203.14,111.119.231.90,111.125.224.128,111.125.242.29,111.171.205.176,111.252.3.236,111.67.203.114,111.67.205.118,112.104.116.155,112.137.141.10,112.137.147.186,112.137.162.138,112.166.159.215,112.172.129.87,112.175.141.21,112.175.232.155,112.175.242.101,112.200.215.98,112.201.181.195,112.202.42.39,112.202.73.132,112.213.87.159] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (2)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500003; rev:2006;)
alert tcp [112.216.13.12,112.216.151.10,112.216.161.138,112.216.62.85,112.216.72.125,112.68.55.251,112.70.17.91,112.76.33.11,112.78.124.135,112.78.127.210,112.78.127.217,112.78.192.248,112.78.196.52,112.78.198.157,112.78.198.19,112.78.198.74,112.78.6.210,112.90.146.2,112.95.144.231,113.105.152.49,113.105.8.171,113.106.99.202,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.11.194.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (3)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500004; rev:2006;)
alert udp [112.216.13.12,112.216.151.10,112.216.161.138,112.216.62.85,112.216.72.125,112.68.55.251,112.70.17.91,112.76.33.11,112.78.124.135,112.78.127.210,112.78.127.217,112.78.192.248,112.78.196.52,112.78.198.157,112.78.198.19,112.78.198.74,112.78.6.210,112.90.146.2,112.95.144.231,113.105.152.49,113.105.8.171,113.106.99.202,113.11.194.143,113.11.194.145,113.11.194.148,113.11.194.16,113.11.194.167,113.11.194.174,113.11.194.175,113.11.194.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (3)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500005; rev:2006;)
alert tcp [113.130.85.35,113.14.147.234,113.17.144.158,113.193.5.100,113.193.5.140,113.193.5.70,113.193.71.21,113.20.5.49,113.23.128.24,113.237.78.44,113.31.18.14,113.32.105.102,113.33.180.100,113.35.127.109,113.53.235.91,113.53.91.11,113.59.254.6,113.6.252.48,113.61.226.1,114.108.177.48,114.111.164.248,114.112.178.25,114.112.188.44,114.127.246.36,114.130.136.59,114.130.8.135,114.135.11.187,114.149.21.44,114.150.207.67,114.159.21.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (4)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500006; rev:2006;)
alert udp [113.130.85.35,113.14.147.234,113.17.144.158,113.193.5.100,113.193.5.140,113.193.5.70,113.193.71.21,113.20.5.49,113.23.128.24,113.237.78.44,113.31.18.14,113.32.105.102,113.33.180.100,113.35.127.109,113.53.235.91,113.53.91.11,113.59.254.6,113.6.252.48,113.61.226.1,114.108.177.48,114.111.164.248,114.112.178.25,114.112.188.44,114.127.246.36,114.130.136.59,114.130.8.135,114.135.11.187,114.149.21.44,114.150.207.67,114.159.21.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (4)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500007; rev:2006;)
alert tcp [114.180.251.94,114.181.164.20,114.181.239.177,114.185.23.104,114.200.199.26,114.201.142.130,114.202.247.105,114.203.87.20,114.203.87.28,114.207.112.16,114.207.112.37,114.207.113.141,114.207.113.181,114.207.245.86,114.25.180.87,114.251.16.20,114.251.3.130,114.31.50.10,114.31.59.135,114.32.147.164,114.32.23.10,114.33.74.87,114.33.79.25,114.41.235.224,114.42.195.85,114.44.177.179,114.46.56.112,114.48.241.22,114.56.230.83,114.70.9.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (5)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500008; rev:2006;)
alert udp [114.180.251.94,114.181.164.20,114.181.239.177,114.185.23.104,114.200.199.26,114.201.142.130,114.202.247.105,114.203.87.20,114.203.87.28,114.207.112.16,114.207.112.37,114.207.113.141,114.207.113.181,114.207.245.86,114.25.180.87,114.251.16.20,114.251.3.130,114.31.50.10,114.31.59.135,114.32.147.164,114.32.23.10,114.33.74.87,114.33.79.25,114.41.235.224,114.42.195.85,114.44.177.179,114.46.56.112,114.48.241.22,114.56.230.83,114.70.9.15] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (5)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500009; rev:2006;)
alert tcp [114.80.105.5,114.80.129.136,114.80.94.183,114.80.96.181,114.80.96.92,114.80.97.69,115.113.135.102,115.113.149.83,115.113.182.131,115.113.214.228,115.115.37.36,115.118.251.163,115.118.26.251,115.124.164.227,115.133.13.76,115.135.138.30,115.146.17.125,115.146.18.31,115.163.155.104,115.165.178.144,115.165.178.145,115.165.178.81,115.166.131.202,115.168.66.166,115.178.62.27,115.178.73.24,115.186.115.108,115.238.54.117,115.240.8.133,115.240.84.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (6)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500010; rev:2006;)
alert udp [114.80.105.5,114.80.129.136,114.80.94.183,114.80.96.181,114.80.96.92,114.80.97.69,115.113.135.102,115.113.149.83,115.113.182.131,115.113.214.228,115.115.37.36,115.118.251.163,115.118.26.251,115.124.164.227,115.133.13.76,115.135.138.30,115.146.17.125,115.146.18.31,115.163.155.104,115.165.178.144,115.165.178.145,115.165.178.81,115.166.131.202,115.168.66.166,115.178.62.27,115.178.73.24,115.186.115.108,115.238.54.117,115.240.8.133,115.240.84.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (6)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500011; rev:2006;)
alert tcp [115.248.49.217,115.30.133.204,115.30.144.47,115.30.194.145,115.30.199.252,115.31.136.250,115.31.143.125,115.31.165.187,115.37.247.54,115.41.218.48,115.68.58.227,115.89.138.194,115.93.50.163,115.93.50.166,116.10.195.4,116.12.209.99,116.122.158.201,116.122.158.207,116.124.190.71,116.125.126.101,116.125.126.30,116.125.126.40,116.126.87.172,116.127.121.148,116.214.25.66,116.214.26.145,116.228.212.38,116.228.67.200,116.236.224.82,116.254.79.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (7)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500012; rev:2006;)
alert udp [115.248.49.217,115.30.133.204,115.30.144.47,115.30.194.145,115.30.199.252,115.31.136.250,115.31.143.125,115.31.165.187,115.37.247.54,115.41.218.48,115.68.58.227,115.89.138.194,115.93.50.163,115.93.50.166,116.10.195.4,116.12.209.99,116.122.158.201,116.122.158.207,116.124.190.71,116.125.126.101,116.125.126.30,116.125.126.40,116.126.87.172,116.127.121.148,116.214.25.66,116.214.26.145,116.228.212.38,116.228.67.200,116.236.224.82,116.254.79.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (7)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500013; rev:2006;)
alert tcp [116.255.154.56,116.255.159.159,116.28.64.158,116.48.137.141,116.55.226.131,116.58.176.241,116.72.157.92,116.74.105.2,116.83.21.112,116.90.163.170,117.102.8.244,117.103.56.164,117.120.27.12,117.16.245.135,117.18.75.164,117.18.75.170,117.193.0.62,117.194.1.197,117.194.96.153,117.195.198.55,117.195.39.105,117.195.65.29,117.195.70.10,117.196.138.67,117.197.0.207,117.198.152.74,117.198.174.172,117.198.194.113,117.198.230.206,117.199.1.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (8)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500014; rev:2006;)
alert udp [116.255.154.56,116.255.159.159,116.28.64.158,116.48.137.141,116.55.226.131,116.58.176.241,116.72.157.92,116.74.105.2,116.83.21.112,116.90.163.170,117.102.8.244,117.103.56.164,117.120.27.12,117.16.245.135,117.18.75.164,117.18.75.170,117.193.0.62,117.194.1.197,117.194.96.153,117.195.198.55,117.195.39.105,117.195.65.29,117.195.70.10,117.196.138.67,117.197.0.207,117.198.152.74,117.198.174.172,117.198.194.113,117.198.230.206,117.199.1.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (8)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500015; rev:2006;)
alert tcp [117.199.24.218,117.200.129.9,117.200.195.172,117.200.196.39,117.200.213.103,117.200.215.43,117.200.36.208,117.200.48.149,117.200.97.28,117.201.18.97,117.201.86.225,117.203.193.17,117.204.145.44,117.204.210.145,117.204.242.161,117.205.100.254,117.205.100.73,117.205.146.218,117.205.21.66,117.205.7.215,117.207.3.146,117.207.33.72,117.207.49.63,117.207.6.94,117.241.185.236,117.241.232.168,117.241.234.159,117.241.240.100,117.242.1.65,117.242.4.253] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (9)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500016; rev:2006;)
alert udp [117.199.24.218,117.200.129.9,117.200.195.172,117.200.196.39,117.200.213.103,117.200.215.43,117.200.36.208,117.200.48.149,117.200.97.28,117.201.18.97,117.201.86.225,117.203.193.17,117.204.145.44,117.204.210.145,117.204.242.161,117.205.100.254,117.205.100.73,117.205.146.218,117.205.21.66,117.205.7.215,117.207.3.146,117.207.33.72,117.207.49.63,117.207.6.94,117.241.185.236,117.241.232.168,117.241.234.159,117.241.240.100,117.242.1.65,117.242.4.253] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (9)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500017; rev:2006;)
alert tcp [117.28.238.132,117.34.69.10,117.34.79.133,117.41.169.18,117.41.169.20,117.41.229.178,117.41.239.5,117.6.10.155,117.91.148.219,118.0.115.62,118.0.217.45,118.102.129.212,118.102.148.86,118.105.216.234,118.105.233.231,118.105.235.186,118.111.71.106,118.122.179.69,118.123.213.47,118.125.243.7,118.129.166.226,118.131.179.134,118.142.28.243,118.144.75.232,118.166.238.30,118.166.240.8,118.169.148.92,118.175.12.220,118.19.133.119,118.20.197.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (10)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500018; rev:2006;)
alert udp [117.28.238.132,117.34.69.10,117.34.79.133,117.41.169.18,117.41.169.20,117.41.229.178,117.41.239.5,117.6.10.155,117.91.148.219,118.0.115.62,118.0.217.45,118.102.129.212,118.102.148.86,118.105.216.234,118.105.233.231,118.105.235.186,118.111.71.106,118.122.179.69,118.123.213.47,118.125.243.7,118.129.166.226,118.131.179.134,118.142.28.243,118.144.75.232,118.166.238.30,118.166.240.8,118.169.148.92,118.175.12.220,118.19.133.119,118.20.197.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (10)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500019; rev:2006;)
alert tcp [118.212.129.181,118.217.12.34,118.217.181.134,118.217.181.156,118.218.198.225,118.218.42.230,118.221.120.219,118.231.114.149,118.237.135.9,118.237.147.218,118.237.87.109,118.241.78.112,118.243.118.151,118.37.127.137,118.69.204.177,118.69.250.134,118.8.188.32,118.8.96.147,118.87.20.81,118.96.187.222,118.97.8.212,118.98.215.116,119.1.200.130,119.12.239.152,119.145.109.202,119.145.144.73,119.145.41.146,119.146.67.18,119.147.50.61,119.150.11.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (11)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500020; rev:2006;)
alert udp [118.212.129.181,118.217.12.34,118.217.181.134,118.217.181.156,118.218.198.225,118.218.42.230,118.221.120.219,118.231.114.149,118.237.135.9,118.237.147.218,118.237.87.109,118.241.78.112,118.243.118.151,118.37.127.137,118.69.204.177,118.69.250.134,118.8.188.32,118.8.96.147,118.87.20.81,118.96.187.222,118.97.8.212,118.98.215.116,119.1.200.130,119.12.239.152,119.145.109.202,119.145.144.73,119.145.41.146,119.146.67.18,119.147.50.61,119.150.11.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (11)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500021; rev:2006;)
alert tcp [119.163.121.6,119.167.244.61,119.167.244.92,119.188.7.130,119.188.7.131,119.188.7.133,119.188.7.134,119.188.7.138,119.188.7.139,119.188.7.141,119.188.7.145,119.188.7.155,119.188.7.157,119.188.7.162,119.188.7.163,119.188.7.164,119.188.7.166,119.188.7.167,119.188.7.168,119.188.7.170,119.188.7.174,119.188.7.186,119.188.7.192,119.188.7.195,119.188.7.196,119.188.7.200,119.188.7.208,119.196.21.224,119.197.32.201,119.235.27.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (12)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500022; rev:2006;)
alert udp [119.163.121.6,119.167.244.61,119.167.244.92,119.188.7.130,119.188.7.131,119.188.7.133,119.188.7.134,119.188.7.138,119.188.7.139,119.188.7.141,119.188.7.145,119.188.7.155,119.188.7.157,119.188.7.162,119.188.7.163,119.188.7.164,119.188.7.166,119.188.7.167,119.188.7.168,119.188.7.170,119.188.7.174,119.188.7.186,119.188.7.192,119.188.7.195,119.188.7.196,119.188.7.200,119.188.7.208,119.196.21.224,119.197.32.201,119.235.27.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (12)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500023; rev:2006;)
alert tcp [119.240.154.45,119.243.73.41,119.245.230.115,119.245.231.222,119.247.199.102,119.254.3.83,119.254.4.162,119.255.23.2,119.255.56.170,119.255.6.100,119.36.107.74,119.40.26.22,119.6.86.51,119.6.86.53,119.62.128.101,119.7.13.199,119.70.154.52,119.82.96.198,119.88.56.44,12.146.209.146,12.158.237.70,12.162.182.162,12.183.200.133,12.184.45.94,12.228.94.39,12.23.106.210,12.233.141.195,12.46.24.194,120.107.149.118,120.107.149.147] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (13)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500024; rev:2006;)
alert udp [119.240.154.45,119.243.73.41,119.245.230.115,119.245.231.222,119.247.199.102,119.254.3.83,119.254.4.162,119.255.23.2,119.255.56.170,119.255.6.100,119.36.107.74,119.40.26.22,119.6.86.51,119.6.86.53,119.62.128.101,119.7.13.199,119.70.154.52,119.82.96.198,119.88.56.44,12.146.209.146,12.158.237.70,12.162.182.162,12.183.200.133,12.184.45.94,12.228.94.39,12.23.106.210,12.233.141.195,12.46.24.194,120.107.149.118,120.107.149.147] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (13)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500025; rev:2006;)
alert tcp [120.107.160.13,120.124.90.69,120.126.57.60,120.64.255.254,120.72.43.47,120.72.43.48,120.72.47.219,120.74.251.159,120.75.21.97,121.10.117.132,121.10.133.226,121.101.213.4,121.101.214.46,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,121.103.229.126,121.11.153.242,121.11.66.70,121.111.247.201,121.115.196.160,121.115.87.139,121.117.2.7,121.119.160.109,121.119.178.204,121.12.127.75,121.12.171.73,121.121.113.194,121.121.22.180] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (14)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500026; rev:2006;)
alert udp [120.107.160.13,120.124.90.69,120.126.57.60,120.64.255.254,120.72.43.47,120.72.43.48,120.72.47.219,120.74.251.159,120.75.21.97,121.10.117.132,121.10.133.226,121.101.213.4,121.101.214.46,121.101.216.201,121.101.216.205,121.101.216.211,121.101.216.212,121.103.229.126,121.11.153.242,121.11.66.70,121.111.247.201,121.115.196.160,121.115.87.139,121.117.2.7,121.119.160.109,121.119.178.204,121.12.127.75,121.12.171.73,121.121.113.194,121.121.22.180] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (14)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500027; rev:2006;)
alert tcp [121.124.124.229,121.125.60.215,121.13.236.72,121.136.177.137,121.14.104.226,121.14.117.11,121.14.118.21,121.14.195.176,121.15.129.66,121.15.211.11,121.15.214.129,121.15.226.230,121.160.171.6,121.170.179.222,121.172.253.22,121.179.146.5,121.180.16.51,121.182.97.100,121.190.239.196,121.204.0.2,121.207.254.227,121.240.26.228,121.242.204.2,121.242.23.223,121.243.130.139,121.243.34.24,121.246.26.95,121.246.33.200,121.247.218.189,121.247.80.208] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (15)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500028; rev:2006;)
alert udp [121.124.124.229,121.125.60.215,121.13.236.72,121.136.177.137,121.14.104.226,121.14.117.11,121.14.118.21,121.14.195.176,121.15.129.66,121.15.211.11,121.15.214.129,121.15.226.230,121.160.171.6,121.170.179.222,121.172.253.22,121.179.146.5,121.180.16.51,121.182.97.100,121.190.239.196,121.204.0.2,121.207.254.227,121.240.26.228,121.242.204.2,121.242.23.223,121.243.130.139,121.243.34.24,121.246.26.95,121.246.33.200,121.247.218.189,121.247.80.208] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (15)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500029; rev:2006;)
alert tcp [121.254.224.148,121.254.228.149,121.254.231.199,121.254.231.200,121.254.252.82,121.254.252.83,121.28.104.14,121.52.215.133,121.78.112.79,121.78.116.92,121.78.145.13,121.78.238.40,121.82.137.228,121.82.195.84,121.82.209.252,121.83.165.217,121.9.210.248,121.9.212.13,121.92.166.52,121.94.253.93,122.11.56.250,122.115.63.116,122.116.115.161,122.116.56.209,122.121.213.203,122.129.198.122,122.145.252.213,122.146.155.133,122.146.50.128,122.146.68.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (16)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500030; rev:2006;)
alert udp [121.254.224.148,121.254.228.149,121.254.231.199,121.254.231.200,121.254.252.82,121.254.252.83,121.28.104.14,121.52.215.133,121.78.112.79,121.78.116.92,121.78.145.13,121.78.238.40,121.82.137.228,121.82.195.84,121.82.209.252,121.83.165.217,121.9.210.248,121.9.212.13,121.92.166.52,121.94.253.93,122.11.56.250,122.115.63.116,122.116.115.161,122.116.56.209,122.121.213.203,122.129.198.122,122.145.252.213,122.146.155.133,122.146.50.128,122.146.68.237] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (16)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500031; rev:2006;)
alert tcp [122.154.8.141,122.155.0.121,122.155.16.234,122.160.169.162,122.161.32.128,122.161.87.148,122.168.136.50,122.168.170.216,122.169.52.69,122.17.4.251,122.170.126.114,122.180.114.98,122.180.129.123,122.180.99.195,122.181.147.236,122.181.174.150,122.182.15.187,122.183.202.35,122.183.80.82,122.194.21.12,122.199.140.158,122.199.242.22,122.200.90.17,122.201.145.74,122.202.21.108,122.208.218.251,122.224.215.68,122.224.73.212,122.224.95.135,122.225.37.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (17)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500032; rev:2006;)
alert udp [122.154.8.141,122.155.0.121,122.155.16.234,122.160.169.162,122.161.32.128,122.161.87.148,122.168.136.50,122.168.170.216,122.169.52.69,122.17.4.251,122.170.126.114,122.180.114.98,122.180.129.123,122.180.99.195,122.181.147.236,122.181.174.150,122.182.15.187,122.183.202.35,122.183.80.82,122.194.21.12,122.199.140.158,122.199.242.22,122.200.90.17,122.201.145.74,122.202.21.108,122.208.218.251,122.224.215.68,122.224.73.212,122.224.95.135,122.225.37.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (17)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500033; rev:2006;)
alert tcp [122.225.37.88,122.225.38.32,122.226.12.18,122.227.186.178,122.240.68.106,122.249.183.95,122.252.223.100,122.48.159.247,122.49.213.34,122.49.78.130,122.50.133.226,122.50.192.54,122.51.148.199,122.53.161.148,122.70.144.105,122.70.149.195,122.70.156.223,122.72.28.19,122.72.31.130,122.72.31.180,122.9.61.204,123.103.168.59,123.108.108.147,123.114.170.157,123.119.75.253,123.138.22.83,123.138.234.233,123.150.196.8,123.196.113.11,123.200.5.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (18)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500034; rev:2006;)
alert udp [122.225.37.88,122.225.38.32,122.226.12.18,122.227.186.178,122.240.68.106,122.249.183.95,122.252.223.100,122.48.159.247,122.49.213.34,122.49.78.130,122.50.133.226,122.50.192.54,122.51.148.199,122.53.161.148,122.70.144.105,122.70.149.195,122.70.156.223,122.72.28.19,122.72.31.130,122.72.31.180,122.9.61.204,123.103.168.59,123.108.108.147,123.114.170.157,123.119.75.253,123.138.22.83,123.138.234.233,123.150.196.8,123.196.113.11,123.200.5.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (18)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500035; rev:2006;)
alert tcp [123.201.132.208,123.201.155.119,123.201.156.54,123.201.193.55,123.201.211.5,123.201.242.214,123.201.242.252,123.201.25.24,123.201.37.182,123.201.58.11,123.204.183.15,123.204.50.171,123.221.193.203,123.222.57.219,123.225.169.86,123.233.242.78,123.236.128.211,123.236.134.130,123.236.159.211,123.236.189.59,123.237.230.94,123.237.75.14,123.237.77.238,123.237.77.92,123.237.87.10,123.238.126.178,123.238.139.91,123.238.16.149,123.238.61.136,123.242.230.169] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (19)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500036; rev:2006;)
alert udp [123.201.132.208,123.201.155.119,123.201.156.54,123.201.193.55,123.201.211.5,123.201.242.214,123.201.242.252,123.201.25.24,123.201.37.182,123.201.58.11,123.204.183.15,123.204.50.171,123.221.193.203,123.222.57.219,123.225.169.86,123.233.242.78,123.236.128.211,123.236.134.130,123.236.159.211,123.236.189.59,123.237.230.94,123.237.75.14,123.237.77.238,123.237.77.92,123.237.87.10,123.238.126.178,123.238.139.91,123.238.16.149,123.238.61.136,123.242.230.169] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (19)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500037; rev:2006;)
alert tcp [123.242.230.228,123.242.231.193,123.248.249.193,123.30.184.134,123.30.184.88,123.30.184.89,123.30.19.38,123.30.7.41,123.48.141.177,123.48.7.109,123.49.32.76,123.49.47.120,123.50.217.173,123.65.217.183,124.105.161.139,124.109.32.133,124.110.137.51,124.110.219.45,124.123.232.169,124.124.200.18,124.124.200.22,124.124.212.172,124.124.244.132,124.124.59.60,124.124.9.44,124.124.91.195,124.125.155.246,124.125.243.108,124.125.244.245,124.125.250.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (20)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500038; rev:2006;)
alert udp [123.242.230.228,123.242.231.193,123.248.249.193,123.30.184.134,123.30.184.88,123.30.184.89,123.30.19.38,123.30.7.41,123.48.141.177,123.48.7.109,123.49.32.76,123.49.47.120,123.50.217.173,123.65.217.183,124.105.161.139,124.109.32.133,124.110.137.51,124.110.219.45,124.123.232.169,124.124.200.18,124.124.200.22,124.124.212.172,124.124.244.132,124.124.59.60,124.124.9.44,124.124.91.195,124.125.155.246,124.125.243.108,124.125.244.245,124.125.250.84] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (20)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500039; rev:2006;)
alert tcp [124.125.34.91,124.125.38.217,124.125.50.88,124.125.66.221,124.125.83.62,124.125.93.210,124.127.125.2,124.137.16.167,124.150.142.171,124.153.102.70,124.16.130.78,124.160.93.131,124.172.234.109,124.172.237.19,124.193.216.206,124.207.168.42,124.207.65.29,124.207.96.251,124.212.184.173,124.214.89.188,124.217.216.66,124.217.239.158,124.217.251.224,124.232.131.82,124.237.96.186,124.244.251.180,124.247.243.111,124.3.115.152,124.30.20.116,124.30.203.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (21)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500040; rev:2006;)
alert udp [124.125.34.91,124.125.38.217,124.125.50.88,124.125.66.221,124.125.83.62,124.125.93.210,124.127.125.2,124.137.16.167,124.150.142.171,124.153.102.70,124.16.130.78,124.160.93.131,124.172.234.109,124.172.237.19,124.193.216.206,124.207.168.42,124.207.65.29,124.207.96.251,124.212.184.173,124.214.89.188,124.217.216.66,124.217.239.158,124.217.251.224,124.232.131.82,124.237.96.186,124.244.251.180,124.247.243.111,124.3.115.152,124.30.20.116,124.30.203.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (21)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500041; rev:2006;)
alert tcp [124.40.117.102,124.42.126.56,124.42.34.72,124.42.35.72,124.42.9.109,124.47.118.156,124.74.193.19,124.74.24.142,124.74.45.122,124.80.234.210,124.81.246.147,124.82.212.70,124.82.221.194,124.85.118.117,124.98.1.83,125.0.145.204,125.141.142.100,125.141.233.12,125.141.234.81,125.160.17.242,125.160.17.33,125.165.25.120,125.166.160.234,125.167.119.90,125.172.77.110,125.19.232.131,125.192.80.183,125.195.52.183,125.200.175.213,125.200.219.94] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (22)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500042; rev:2006;)
alert udp [124.40.117.102,124.42.126.56,124.42.34.72,124.42.35.72,124.42.9.109,124.47.118.156,124.74.193.19,124.74.24.142,124.74.45.122,124.80.234.210,124.81.246.147,124.82.212.70,124.82.221.194,124.85.118.117,124.98.1.83,125.0.145.204,125.141.142.100,125.141.233.12,125.141.234.81,125.160.17.242,125.160.17.33,125.165.25.120,125.166.160.234,125.167.119.90,125.172.77.110,125.19.232.131,125.192.80.183,125.195.52.183,125.200.175.213,125.200.219.94] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (22)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500043; rev:2006;)
alert tcp [125.200.76.120,125.206.118.199,125.206.121.187,125.206.227.75,125.210.209.148,125.210.253.164,125.211.200.32,125.211.221.29,125.212.115.56,125.214.64.200,125.215.148.77,125.215.205.180,125.22.105.83,125.225.40.225,125.235.33.52,125.235.4.111,125.235.4.20,125.247.250.200,125.247.254.140,125.248.69.130,125.249.164.101,125.31.78.190,125.35.1.21,125.46.11.61,125.46.41.42,125.5.112.177,125.6.137.211,125.7.234.53,125.76.229.235,125.76.230.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (23)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500044; rev:2006;)
alert udp [125.200.76.120,125.206.118.199,125.206.121.187,125.206.227.75,125.210.209.148,125.210.253.164,125.211.200.32,125.211.221.29,125.212.115.56,125.214.64.200,125.215.148.77,125.215.205.180,125.22.105.83,125.225.40.225,125.235.33.52,125.235.4.111,125.235.4.20,125.247.250.200,125.247.254.140,125.248.69.130,125.249.164.101,125.31.78.190,125.35.1.21,125.46.11.61,125.46.41.42,125.5.112.177,125.6.137.211,125.7.234.53,125.76.229.235,125.76.230.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (23)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500045; rev:2006;)
alert tcp [125.76.233.111,125.88.128.4,125.88.13.5,125.90.93.70,128.121.234.237,128.174.241.156,128.175.34.143,128.46.116.112,129.105.112.145,129.137.6.227,129.194.160.75,130.117.187.107,130.245.191.106,131.94.37.157,132.248.103.109,132.248.83.244,133.34.147.34,133.41.110.10,133.70.173.140,133.79.205.20,133.86.38.42,134.102.135.232,134.102.208.59,137.158.126.68,137.189.27.132,138.73.201.14,138.73.201.16,139.13.44.1,139.13.81.158,139.14.23.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (24)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500046; rev:2006;)
alert udp [125.76.233.111,125.88.128.4,125.88.13.5,125.90.93.70,128.121.234.237,128.174.241.156,128.175.34.143,128.46.116.112,129.105.112.145,129.137.6.227,129.194.160.75,130.117.187.107,130.245.191.106,131.94.37.157,132.248.103.109,132.248.83.244,133.34.147.34,133.41.110.10,133.70.173.140,133.79.205.20,133.86.38.42,134.102.135.232,134.102.208.59,137.158.126.68,137.189.27.132,138.73.201.14,138.73.201.16,139.13.44.1,139.13.81.158,139.14.23.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (24)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500047; rev:2006;)
alert tcp [139.142.235.138,139.53.16.133,140.109.236.73,140.109.55.6,140.109.98.210,140.113.239.71,140.114.119.1,140.114.55.124,140.115.107.92,140.116.31.27,140.118.170.113,140.118.30.17,140.119.185.21,140.119.19.89,140.119.220.171,140.121.30.200,140.122.140.3,140.126.176.31,140.126.176.6,140.127.112.188,140.127.114.171,140.128.213.2,140.128.225.4,140.130.43.178,140.138.144.225,140.138.144.231,140.174.118.252,141.154.213.18,141.20.83.15,141.212.106.113] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (25)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500048; rev:2006;)
alert udp [139.142.235.138,139.53.16.133,140.109.236.73,140.109.55.6,140.109.98.210,140.113.239.71,140.114.119.1,140.114.55.124,140.115.107.92,140.116.31.27,140.118.170.113,140.118.30.17,140.119.185.21,140.119.19.89,140.119.220.171,140.121.30.200,140.122.140.3,140.126.176.31,140.126.176.6,140.127.112.188,140.127.114.171,140.128.213.2,140.128.225.4,140.130.43.178,140.138.144.225,140.138.144.231,140.174.118.252,141.154.213.18,141.20.83.15,141.212.106.113] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (25)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500049; rev:2006;)
alert tcp [141.212.109.228,141.212.109.244,141.212.109.89,141.212.113.85,141.223.133.47,141.223.61.228,141.250.2.193,141.44.52.3,141.45.176.154,141.48.223.1,142.46.157.44,143.248.91.131,144.16.111.140,145.116.14.40,145.24.222.82,146.164.128.26,146.96.128.158,147.156.252.198,147.156.51.124,147.175.16.89,147.175.70.185,147.32.5.125,147.83.15.184,147.83.50.136,147.83.50.47,147.83.60.2,148.204.124.99,148.208.169.250,148.228.181.190,148.243.214.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (26)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500050; rev:2006;)
alert udp [141.212.109.228,141.212.109.244,141.212.109.89,141.212.113.85,141.223.133.47,141.223.61.228,141.250.2.193,141.44.52.3,141.45.176.154,141.48.223.1,142.46.157.44,143.248.91.131,144.16.111.140,145.116.14.40,145.24.222.82,146.164.128.26,146.96.128.158,147.156.252.198,147.156.51.124,147.175.16.89,147.175.70.185,147.32.5.125,147.83.15.184,147.83.50.136,147.83.50.47,147.83.60.2,148.204.124.99,148.208.169.250,148.228.181.190,148.243.214.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (26)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500051; rev:2006;)
alert tcp [148.244.221.188,148.244.236.82,148.244.98.137,150.101.189.34,150.101.240.66,150.145.59.149,150.145.63.202,150.185.129.37,150.214.108.118,150.214.188.23,150.214.191.117,150.217.156.35,151.1.210.48,151.1.219.222,151.100.17.246,151.13.202.194,151.197.55.88,151.22.71.2,151.9.119.81,152.99.39.6,153.109.96.231,153.19.99.121,155.207.113.135,155.230.105.168,156.17.186.235,156.17.79.4,156.35.33.199,157.100.195.134,157.114.1.3,157.24.188.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (27)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500052; rev:2006;)
alert udp [148.244.221.188,148.244.236.82,148.244.98.137,150.101.189.34,150.101.240.66,150.145.59.149,150.145.63.202,150.185.129.37,150.214.108.118,150.214.188.23,150.214.191.117,150.217.156.35,151.1.210.48,151.1.219.222,151.100.17.246,151.13.202.194,151.197.55.88,151.22.71.2,151.9.119.81,152.99.39.6,153.109.96.231,153.19.99.121,155.207.113.135,155.230.105.168,156.17.186.235,156.17.79.4,156.35.33.199,157.100.195.134,157.114.1.3,157.24.188.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (27)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500053; rev:2006;)
alert tcp [157.86.114.141,157.86.160.22,157.88.229.16,158.109.201.12,158.155.4.14,158.182.11.202,158.195.31.72,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.155,159.148.178.133,159.213.42.5,159.226.67.49,159.226.7.162,160.80.82.106,161.200.93.137,161.53.141.3,161.58.178.227,162.105.67.211,163.139.169.178,163.16.72.3,163.17.21.2,163.17.65.203,163.178.108.80,163.178.170.75,163.180.114.73,163.19.124.6,163.19.129.10,163.19.13.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (28)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500054; rev:2006;)
alert udp [157.86.114.141,157.86.160.22,157.88.229.16,158.109.201.12,158.155.4.14,158.182.11.202,158.195.31.72,159.148.117.144,159.148.117.146,159.148.117.147,159.148.117.155,159.148.178.133,159.213.42.5,159.226.67.49,159.226.7.162,160.80.82.106,161.200.93.137,161.53.141.3,161.58.178.227,162.105.67.211,163.139.169.178,163.16.72.3,163.17.21.2,163.17.65.203,163.178.108.80,163.178.170.75,163.180.114.73,163.19.124.6,163.19.129.10,163.19.13.4] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (28)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500055; rev:2006;)
alert tcp [163.19.143.54,163.19.156.240,163.19.249.2,163.19.30.58,163.19.8.1,163.19.81.130,163.19.81.133,163.19.90.6,163.20.63.13,163.20.9.8,163.21.10.1,163.21.129.15,163.21.251.7,163.21.39.8,163.22.100.1,163.22.109.129,163.22.110.1,163.22.110.130,163.22.112.129,163.22.114.3,163.22.135.1,163.22.141.1,163.22.149.129,163.22.151.129,163.22.32.97,163.22.62.1,163.22.68.129,163.22.78.131,163.22.81.1,163.23.111.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (29)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500056; rev:2006;)
alert udp [163.19.143.54,163.19.156.240,163.19.249.2,163.19.30.58,163.19.8.1,163.19.81.130,163.19.81.133,163.19.90.6,163.20.63.13,163.20.9.8,163.21.10.1,163.21.129.15,163.21.251.7,163.21.39.8,163.22.100.1,163.22.109.129,163.22.110.1,163.22.110.130,163.22.112.129,163.22.114.3,163.22.135.1,163.22.141.1,163.22.149.129,163.22.151.129,163.22.32.97,163.22.62.1,163.22.68.129,163.22.78.131,163.22.81.1,163.23.111.1] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (29)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500057; rev:2006;)
alert tcp [163.23.86.65,163.23.92.193,163.24.19.150,163.24.20.118,163.24.8.12,163.25.131.126,163.32.199.6,163.32.244.4,164.41.25.120,164.77.170.66,164.77.199.162,164.77.232.44,164.77.67.221,164.78.248.57,166.70.74.34,168.144.196.119,168.176.125.116,169.199.89.66,170.210.200.9,170.210.44.160,170.51.33.70,170.51.45.246,173.0.49.45,173.0.50.28,173.0.50.84,173.1.245.247,173.13.191.65,173.13.45.154,173.14.188.89,173.14.231.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (30)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500058; rev:2006;)
alert udp [163.23.86.65,163.23.92.193,163.24.19.150,163.24.20.118,163.24.8.12,163.25.131.126,163.32.199.6,163.32.244.4,164.41.25.120,164.77.170.66,164.77.199.162,164.77.232.44,164.77.67.221,164.78.248.57,166.70.74.34,168.144.196.119,168.176.125.116,169.199.89.66,170.210.200.9,170.210.44.160,170.51.33.70,170.51.45.246,173.0.49.45,173.0.50.28,173.0.50.84,173.1.245.247,173.13.191.65,173.13.45.154,173.14.188.89,173.14.231.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (30)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500059; rev:2006;)
alert tcp [173.160.135.189,173.164.143.171,173.166.139.82,173.168.4.103,173.174.177.147,173.193.194.106,173.193.214.228,173.200.68.21,173.201.247.26,173.203.100.184,173.203.104.91,173.203.106.250,173.203.216.115,173.203.216.153,173.203.216.225,173.203.216.231,173.203.216.99,173.203.217.110,173.203.217.5,173.203.86.101,173.203.87.174,173.203.93.141,173.208.152.234,173.208.76.17,173.21.181.200,173.224.217.188,173.230.138.116,173.230.145.104,173.234.77.108,173.236.97.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (31)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500060; rev:2006;)
alert udp [173.160.135.189,173.164.143.171,173.166.139.82,173.168.4.103,173.174.177.147,173.193.194.106,173.193.214.228,173.200.68.21,173.201.247.26,173.203.100.184,173.203.104.91,173.203.106.250,173.203.216.115,173.203.216.153,173.203.216.225,173.203.216.231,173.203.216.99,173.203.217.110,173.203.217.5,173.203.86.101,173.203.87.174,173.203.93.141,173.208.152.234,173.208.76.17,173.21.181.200,173.224.217.188,173.230.138.116,173.230.145.104,173.234.77.108,173.236.97.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (31)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500061; rev:2006;)
alert tcp [173.242.114.146,173.244.175.94,173.244.177.114,173.45.101.250,173.45.116.146,173.45.232.6,173.45.82.210,173.45.94.50,173.46.2.6,173.67.143.141,173.73.4.117,173.8.132.246,173.8.192.125,173.9.24.226,173.93.190.193,174.102.240.232,174.113.18.248,174.120.179.34,174.120.224.131,174.120.25.34,174.121.0.218,174.121.79.66,174.121.85.94,174.121.89.219,174.123.217.34,174.123.79.43,174.129.12.145,174.132.127.130,174.133.114.42,174.133.205.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (32)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500062; rev:2006;)
alert udp [173.242.114.146,173.244.175.94,173.244.177.114,173.45.101.250,173.45.116.146,173.45.232.6,173.45.82.210,173.45.94.50,173.46.2.6,173.67.143.141,173.73.4.117,173.8.132.246,173.8.192.125,173.9.24.226,173.93.190.193,174.102.240.232,174.113.18.248,174.120.179.34,174.120.224.131,174.120.25.34,174.121.0.218,174.121.79.66,174.121.85.94,174.121.89.219,174.123.217.34,174.123.79.43,174.129.12.145,174.132.127.130,174.133.114.42,174.133.205.202] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (32)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500063; rev:2006;)
alert tcp [174.142.104.57,174.142.104.9,174.142.53.134,174.142.78.169,174.143.148.151,174.143.152.97,174.143.154.110,174.143.172.86,174.143.173.212,174.143.174.129,174.143.247.224,174.33.77.123,174.34.132.200,174.34.141.50,174.34.155.178,174.36.169.42,174.36.245.146,174.36.250.214,174.37.136.126,174.37.165.222,174.37.172.68,174.37.200.163,174.37.233.26,174.37.3.105,174.37.91.122,174.98.185.9,175.199.25.71,175.28.131.212,175.41.134.7,178.162.167.120] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (33)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500064; rev:2006;)
alert udp [174.142.104.57,174.142.104.9,174.142.53.134,174.142.78.169,174.143.148.151,174.143.152.97,174.143.154.110,174.143.172.86,174.143.173.212,174.143.174.129,174.143.247.224,174.33.77.123,174.34.132.200,174.34.141.50,174.34.155.178,174.36.169.42,174.36.245.146,174.36.250.214,174.37.136.126,174.37.165.222,174.37.172.68,174.37.200.163,174.37.233.26,174.37.3.105,174.37.91.122,174.98.185.9,175.199.25.71,175.28.131.212,175.41.134.7,178.162.167.120] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (33)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500065; rev:2006;)
alert tcp [178.17.163.90,178.18.16.132,178.18.17.147,178.187.11.195,178.208.83.10,178.208.83.6,178.22.67.140,178.239.48.4,178.63.224.221,178.63.225.213,178.63.55.57,178.72.104.3,178.95.215.231,180.131.127.226,180.131.17.20,180.148.137.152,180.148.137.99,180.149.11.23,180.151.249.187,180.178.30.22,180.189.50.2,180.70.116.110,183.87.30.57,183.87.44.192,183.97.153.63,184.106.218.20,184.106.219.75,184.154.12.27,184.82.4.136,184.82.79.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (34)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500066; rev:2006;)
alert udp [178.17.163.90,178.18.16.132,178.18.17.147,178.187.11.195,178.208.83.10,178.208.83.6,178.22.67.140,178.239.48.4,178.63.224.221,178.63.225.213,178.63.55.57,178.72.104.3,178.95.215.231,180.131.127.226,180.131.17.20,180.148.137.152,180.148.137.99,180.149.11.23,180.151.249.187,180.178.30.22,180.189.50.2,180.70.116.110,183.87.30.57,183.87.44.192,183.97.153.63,184.106.218.20,184.106.219.75,184.154.12.27,184.82.4.136,184.82.79.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (34)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500067; rev:2006;)
alert tcp [186.0.0.150,186.104.10.36,186.104.163.74,186.122.113.249,186.14.252.28,186.18.143.135,186.18.193.226,186.18.234.8,186.201.125.202,186.42.172.2,186.42.173.147,186.80.133.48,186.81.112.92,186.81.156.219,186.81.205.40,186.81.55.63,186.81.91.122,186.82.101.28,186.82.72.223,186.83.227.172,186.84.11.222,186.87.122.112,186.87.253.224,186.98.237.163,186.98.46.243,187.0.208.194,187.0.209.58,187.1.51.166,187.10.129.123,187.10.137.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (35)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500068; rev:2006;)
alert udp [186.0.0.150,186.104.10.36,186.104.163.74,186.122.113.249,186.14.252.28,186.18.143.135,186.18.193.226,186.18.234.8,186.201.125.202,186.42.172.2,186.42.173.147,186.80.133.48,186.81.112.92,186.81.156.219,186.81.205.40,186.81.55.63,186.81.91.122,186.82.101.28,186.82.72.223,186.83.227.172,186.84.11.222,186.87.122.112,186.87.253.224,186.98.237.163,186.98.46.243,187.0.208.194,187.0.209.58,187.1.51.166,187.10.129.123,187.10.137.37] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (35)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500069; rev:2006;)
alert tcp [187.10.172.215,187.10.190.176,187.10.60.50,187.10.88.108,187.101.18.151,187.101.19.144,187.11.144.148,187.11.231.119,187.11.66.159,187.11.8.25,187.114.178.207,187.115.142.34,187.115.62.178,187.142.214.71,187.17.64.162,187.18.5.22,187.19.98.231,187.2.148.16,187.21.210.236,187.21.22.248,187.23.11.75,187.23.8.99,187.32.36.42,187.32.93.1,187.34.148.177,187.34.154.215,187.34.192.132,187.34.209.140,187.34.225.236,187.34.225.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (36)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500070; rev:2006;)
alert udp [187.10.172.215,187.10.190.176,187.10.60.50,187.10.88.108,187.101.18.151,187.101.19.144,187.11.144.148,187.11.231.119,187.11.66.159,187.11.8.25,187.114.178.207,187.115.142.34,187.115.62.178,187.142.214.71,187.17.64.162,187.18.5.22,187.19.98.231,187.2.148.16,187.21.210.236,187.21.22.248,187.23.11.75,187.23.8.99,187.32.36.42,187.32.93.1,187.34.148.177,187.34.154.215,187.34.192.132,187.34.209.140,187.34.225.236,187.34.225.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (36)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500071; rev:2006;)
alert tcp [187.34.246.75,187.35.19.202,187.35.31.26,187.36.101.186,187.36.156.214,187.39.69.85,187.4.32.121,187.4.66.18,187.4.67.74,187.40.0.210,187.5.128.12,187.5.152.117,187.5.197.131,187.50.136.10,187.54.74.92,187.56.132.129,187.56.192.188,187.6.50.203,187.6.98.210,187.60.232.130,187.61.4.210,187.62.245.235,187.64.42.154,187.66.245.229,187.74.112.149,187.74.214.116,187.75.165.209,187.75.79.253,187.78.17.225,187.78.91.240] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (37)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500072; rev:2006;)
alert udp [187.34.246.75,187.35.19.202,187.35.31.26,187.36.101.186,187.36.156.214,187.39.69.85,187.4.32.121,187.4.66.18,187.4.67.74,187.40.0.210,187.5.128.12,187.5.152.117,187.5.197.131,187.50.136.10,187.54.74.92,187.56.132.129,187.56.192.188,187.6.50.203,187.6.98.210,187.60.232.130,187.61.4.210,187.62.245.235,187.64.42.154,187.66.245.229,187.74.112.149,187.74.214.116,187.75.165.209,187.75.79.253,187.78.17.225,187.78.91.240] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (37)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500073; rev:2006;)
alert tcp [187.8.155.138,188.120.225.146,188.120.226.204,188.120.242.135,188.120.245.131,188.123.102.72,188.127.128.140,188.138.32.103,188.163.29.95,188.163.65.166,188.163.78.26,188.165.195.34,188.17.155.25,188.181.128.134,188.186.158.133,188.186.173.132,188.214.17.32,188.220.18.68,188.246.80.181,188.36.57.164,188.40.105.78,188.40.123.140,188.40.134.20,188.40.159.20,188.40.167.22,188.40.167.8,188.40.207.76,188.40.36.89,188.40.39.12,188.40.54.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (38)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500074; rev:2006;)
alert udp [187.8.155.138,188.120.225.146,188.120.226.204,188.120.242.135,188.120.245.131,188.123.102.72,188.127.128.140,188.138.32.103,188.163.29.95,188.163.65.166,188.163.78.26,188.165.195.34,188.17.155.25,188.181.128.134,188.186.158.133,188.186.173.132,188.214.17.32,188.220.18.68,188.246.80.181,188.36.57.164,188.40.105.78,188.40.123.140,188.40.134.20,188.40.159.20,188.40.167.22,188.40.167.8,188.40.207.76,188.40.36.89,188.40.39.12,188.40.54.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (38)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500075; rev:2006;)
alert tcp [188.40.74.140,188.40.77.10,188.40.80.134,188.40.98.199,188.58.81.86,188.65.208.31,188.65.51.246,188.65.74.70,188.65.74.72,188.72.225.213,188.72.226.149,188.93.212.50,188.93.240.14,188.95.124.194,188.95.144.3,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.1.25.110,189.10.202.8,189.10.83.237,189.101.160.11,189.103.170.194,189.103.204.89,189.103.49.63,189.104.21.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (39)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500076; rev:2006;)
alert udp [188.40.74.140,188.40.77.10,188.40.80.134,188.40.98.199,188.58.81.86,188.65.208.31,188.65.51.246,188.65.74.70,188.65.74.72,188.72.225.213,188.72.226.149,188.93.212.50,188.93.240.14,188.95.124.194,188.95.144.3,188.95.159.27,188.95.159.29,188.95.159.30,188.95.159.40,188.95.159.43,188.95.159.72,188.95.48.125,189.1.25.110,189.10.202.8,189.10.83.237,189.101.160.11,189.103.170.194,189.103.204.89,189.103.49.63,189.104.21.75] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (39)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500077; rev:2006;)
alert tcp [189.105.206.110,189.106.35.44,189.106.60.107,189.107.109.55,189.107.25.181,189.107.48.18,189.108.123.58,189.11.11.130,189.110.112.62,189.110.134.132,189.110.142.209,189.110.82.250,189.111.61.79,189.112.107.57,189.112.179.113,189.114.137.90,189.123.118.128,189.123.214.149,189.123.28.162,189.123.54.171,189.123.81.117,189.126.103.184,189.126.110.136,189.126.110.88,189.13.202.70,189.136.171.137,189.138.17.131,189.139.142.105,189.14.245.99,189.146.11.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (40)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500078; rev:2006;)
alert udp [189.105.206.110,189.106.35.44,189.106.60.107,189.107.109.55,189.107.25.181,189.107.48.18,189.108.123.58,189.11.11.130,189.110.112.62,189.110.134.132,189.110.142.209,189.110.82.250,189.111.61.79,189.112.107.57,189.112.179.113,189.114.137.90,189.123.118.128,189.123.214.149,189.123.28.162,189.123.54.171,189.123.81.117,189.126.103.184,189.126.110.136,189.126.110.88,189.13.202.70,189.136.171.137,189.138.17.131,189.139.142.105,189.14.245.99,189.146.11.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (40)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500079; rev:2006;)
alert tcp [189.15.171.226,189.15.199.11,189.15.205.21,189.15.24.67,189.15.48.139,189.15.65.40,189.15.70.245,189.16.92.8,189.18.102.48,189.18.12.180,189.18.181.116,189.18.234.123,189.18.30.119,189.19.120.223,189.19.141.192,189.19.146.99,189.19.27.79,189.2.160.178,189.202.27.56,189.202.5.37,189.202.91.106,189.204.31.44,189.205.104.170,189.210.157.210,189.210.174.180,189.220.147.113,189.220.60.159,189.221.242.67,189.224.158.231,189.24.18.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (41)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500080; rev:2006;)
alert udp [189.15.171.226,189.15.199.11,189.15.205.21,189.15.24.67,189.15.48.139,189.15.65.40,189.15.70.245,189.16.92.8,189.18.102.48,189.18.12.180,189.18.181.116,189.18.234.123,189.18.30.119,189.19.120.223,189.19.141.192,189.19.146.99,189.19.27.79,189.2.160.178,189.202.27.56,189.202.5.37,189.202.91.106,189.204.31.44,189.205.104.170,189.210.157.210,189.210.174.180,189.220.147.113,189.220.60.159,189.221.242.67,189.224.158.231,189.24.18.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (41)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500081; rev:2006;)
alert tcp [189.24.49.51,189.3.236.155,189.30.31.131,189.32.212.52,189.32.245.39,189.35.91.175,189.36.209.122,189.38.136.193,189.38.250.63,189.39.156.95,189.39.83.20,189.41.13.149,189.41.86.232,189.42.147.82,189.42.162.2,189.43.55.85,189.45.17.53,189.45.37.101,189.46.10.46,189.46.13.207,189.46.131.163,189.46.164.136,189.46.200.118,189.46.200.223,189.46.231.215,189.46.234.40,189.46.242.80,189.46.36.52,189.46.4.144,189.46.44.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (42)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500082; rev:2006;)
alert udp [189.24.49.51,189.3.236.155,189.30.31.131,189.32.212.52,189.32.245.39,189.35.91.175,189.36.209.122,189.38.136.193,189.38.250.63,189.39.156.95,189.39.83.20,189.41.13.149,189.41.86.232,189.42.147.82,189.42.162.2,189.43.55.85,189.45.17.53,189.45.37.101,189.46.10.46,189.46.13.207,189.46.131.163,189.46.164.136,189.46.200.118,189.46.200.223,189.46.231.215,189.46.234.40,189.46.242.80,189.46.36.52,189.46.4.144,189.46.44.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (42)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500083; rev:2006;)
alert tcp [189.46.77.16,189.46.96.169,189.47.172.238,189.47.185.186,189.47.4.1,189.5.133.131,189.5.223.85,189.5.255.168,189.5.92.20,189.50.198.250,189.53.243.82,189.59.15.51,189.59.234.66,189.59.73.178,189.6.115.251,189.6.120.135,189.61.101.163,189.61.67.240,189.63.203.14,189.68.161.119,189.68.28.86,189.69.130.48,189.69.134.140,189.69.137.72,189.69.88.62,189.7.160.30,189.70.230.240,189.72.110.190,189.72.55.116,189.77.21.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (43)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500084; rev:2006;)
alert udp [189.46.77.16,189.46.96.169,189.47.172.238,189.47.185.186,189.47.4.1,189.5.133.131,189.5.223.85,189.5.255.168,189.5.92.20,189.50.198.250,189.53.243.82,189.59.15.51,189.59.234.66,189.59.73.178,189.6.115.251,189.6.120.135,189.61.101.163,189.61.67.240,189.63.203.14,189.68.161.119,189.68.28.86,189.69.130.48,189.69.134.140,189.69.137.72,189.69.88.62,189.7.160.30,189.70.230.240,189.72.110.190,189.72.55.116,189.77.21.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (43)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500085; rev:2006;)
alert tcp [189.78.0.84,189.78.117.71,189.78.125.57,189.78.140.112,189.78.146.41,189.78.149.144,189.80.148.214,189.80.178.209,189.80.20.189,189.80.228.114,189.81.84.129,189.82.22.49,189.82.97.193,189.96.27.135,189.97.45.99,189.98.190.50,190.105.63.61,190.107.127.207,190.12.13.78,190.12.6.2,190.12.89.138,190.12.89.184,190.120.226.150,190.120.226.170,190.122.163.2,190.128.50.187,190.129.64.10,190.129.67.20,190.129.69.227,190.131.109.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (44)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500086; rev:2006;)
alert udp [189.78.0.84,189.78.117.71,189.78.125.57,189.78.140.112,189.78.146.41,189.78.149.144,189.80.148.214,189.80.178.209,189.80.20.189,189.80.228.114,189.81.84.129,189.82.22.49,189.82.97.193,189.96.27.135,189.97.45.99,189.98.190.50,190.105.63.61,190.107.127.207,190.12.13.78,190.12.6.2,190.12.89.138,190.12.89.184,190.120.226.150,190.120.226.170,190.122.163.2,190.128.50.187,190.129.64.10,190.129.67.20,190.129.69.227,190.131.109.24] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (44)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500087; rev:2006;)
alert tcp [190.131.127.58,190.131.21.58,190.131.23.117,190.131.46.149,190.131.93.121,190.131.93.5,190.136.176.232,190.139.13.240,190.14.163.197,190.14.164.121,190.14.175.242,190.14.250.110,190.141.164.148,190.144.107.106,190.144.224.10,190.144.225.178,190.144.58.66,190.145.100.110,190.145.11.106,190.145.11.110,190.145.2.139,190.145.38.36,190.146.129.232,190.146.238.146,190.147.102.50,190.147.103.4,190.15.141.101,190.151.24.23,190.151.9.10,190.152.116.73] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (45)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500088; rev:2006;)
alert udp [190.131.127.58,190.131.21.58,190.131.23.117,190.131.46.149,190.131.93.121,190.131.93.5,190.136.176.232,190.139.13.240,190.14.163.197,190.14.164.121,190.14.175.242,190.14.250.110,190.141.164.148,190.144.107.106,190.144.224.10,190.144.225.178,190.144.58.66,190.145.100.110,190.145.11.106,190.145.11.110,190.145.2.139,190.145.38.36,190.146.129.232,190.146.238.146,190.147.102.50,190.147.103.4,190.15.141.101,190.151.24.23,190.151.9.10,190.152.116.73] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (45)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500089; rev:2006;)
alert tcp [190.152.222.218,190.154.23.52,190.158.146.21,190.158.230.33,190.159.208.79,190.160.55.13,190.161.104.222,190.161.74.188,190.163.109.122,190.164.246.80,190.164.97.139,190.17.245.112,190.172.231.2,190.173.246.254,190.174.178.159,190.179.22.49,190.179.73.87,190.184.35.27,190.186.93.184,190.187.30.194,190.188.40.62,190.188.41.224,190.189.148.215,190.189.160.135,190.189.169.212,190.190.132.198,190.190.216.31,190.191.179.250,190.193.10.216,190.193.128.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (46)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500090; rev:2006;)
alert udp [190.152.222.218,190.154.23.52,190.158.146.21,190.158.230.33,190.159.208.79,190.160.55.13,190.161.104.222,190.161.74.188,190.163.109.122,190.164.246.80,190.164.97.139,190.17.245.112,190.172.231.2,190.173.246.254,190.174.178.159,190.179.22.49,190.179.73.87,190.184.35.27,190.186.93.184,190.187.30.194,190.188.40.62,190.188.41.224,190.189.148.215,190.189.160.135,190.189.169.212,190.190.132.198,190.190.216.31,190.191.179.250,190.193.10.216,190.193.128.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (46)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500091; rev:2006;)
alert tcp [190.196.32.122,190.196.61.245,190.2.33.189,190.2.41.61,190.2.44.189,190.20.103.117,190.20.255.186,190.20.36.58,190.20.6.231,190.20.80.128,190.208.115.161,190.208.120.107,190.208.34.228,190.208.73.21,190.209.102.184,190.209.140.188,190.209.19.21,190.209.253.145,190.209.36.111,190.209.39.191,190.209.40.163,190.209.96.165,190.21.197.52,190.210.15.136,190.210.58.154,190.210.58.155,190.210.86.66,190.213.38.48,190.216.171.82,190.220.137.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (47)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500092; rev:2006;)
alert udp [190.196.32.122,190.196.61.245,190.2.33.189,190.2.41.61,190.2.44.189,190.20.103.117,190.20.255.186,190.20.36.58,190.20.6.231,190.20.80.128,190.208.115.161,190.208.120.107,190.208.34.228,190.208.73.21,190.209.102.184,190.209.140.188,190.209.19.21,190.209.253.145,190.209.36.111,190.209.39.191,190.209.40.163,190.209.96.165,190.21.197.52,190.210.15.136,190.210.58.154,190.210.58.155,190.210.86.66,190.213.38.48,190.216.171.82,190.220.137.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (47)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500093; rev:2006;)
alert tcp [190.220.208.222,190.225.246.238,190.228.84.37,190.24.193.158,190.24.23.43,190.244.187.194,190.244.204.244,190.246.140.244,190.247.159.62,190.248.10.146,190.249.58.118,190.25.135.100,190.25.151.231,190.25.211.226,190.25.229.74,190.25.75.161,190.254.103.11,190.254.194.162,190.254.221.66,190.26.107.38,190.26.214.196,190.26.61.95,190.27.194.90,190.27.194.98,190.27.197.90,190.27.203.114,190.27.23.226,190.3.66.154,190.31.159.17,190.34.166.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (48)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500094; rev:2006;)
alert udp [190.220.208.222,190.225.246.238,190.228.84.37,190.24.193.158,190.24.23.43,190.244.187.194,190.244.204.244,190.246.140.244,190.247.159.62,190.248.10.146,190.249.58.118,190.25.135.100,190.25.151.231,190.25.211.226,190.25.229.74,190.25.75.161,190.254.103.11,190.254.194.162,190.254.221.66,190.26.107.38,190.26.214.196,190.26.61.95,190.27.194.90,190.27.194.98,190.27.197.90,190.27.203.114,190.27.23.226,190.3.66.154,190.31.159.17,190.34.166.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (48)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500095; rev:2006;)
alert tcp [190.36.154.179,190.37.133.113,190.41.25.15,190.41.30.76,190.41.82.102,190.46.52.41,190.47.149.20,190.48.233.243,190.5.204.183,190.5.206.150,190.50.102.210,190.50.8.250,190.51.104.121,190.51.54.82,190.53.227.235,190.54.28.147,190.54.31.132,190.54.47.163,190.55.1.188,190.55.124.213,190.55.137.88,190.55.238.62,190.6.144.44,190.60.221.5,190.60.237.168,190.68.110.26,190.69.1.14,190.69.240.10,190.7.29.154,190.76.92.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (49)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500096; rev:2006;)
alert udp [190.36.154.179,190.37.133.113,190.41.25.15,190.41.30.76,190.41.82.102,190.46.52.41,190.47.149.20,190.48.233.243,190.5.204.183,190.5.206.150,190.50.102.210,190.50.8.250,190.51.104.121,190.51.54.82,190.53.227.235,190.54.28.147,190.54.31.132,190.54.47.163,190.55.1.188,190.55.124.213,190.55.137.88,190.55.238.62,190.6.144.44,190.60.221.5,190.60.237.168,190.68.110.26,190.69.1.14,190.69.240.10,190.7.29.154,190.76.92.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (49)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500097; rev:2006;)
alert tcp [190.79.233.91,190.81.169.250,190.81.175.42,190.81.177.28,190.81.59.29,190.82.144.73,190.82.170.214,190.82.213.120,190.82.237.57,190.84.165.41,190.84.248.33,190.9.103.138,190.92.24.39,190.94.81.93,190.95.104.190,190.95.28.7,190.95.30.136,190.95.72.62,190.95.99.128,190.96.164.100,192.118.54.19,192.122.131.105,192.167.122.9,192.167.137.10,192.192.100.156,192.192.214.132,192.192.241.160,192.192.241.2,192.228.180.23,192.38.32.159] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (50)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500098; rev:2006;)
alert udp [190.79.233.91,190.81.169.250,190.81.175.42,190.81.177.28,190.81.59.29,190.82.144.73,190.82.170.214,190.82.213.120,190.82.237.57,190.84.165.41,190.84.248.33,190.9.103.138,190.92.24.39,190.94.81.93,190.95.104.190,190.95.28.7,190.95.30.136,190.95.72.62,190.95.99.128,190.96.164.100,192.118.54.19,192.122.131.105,192.167.122.9,192.167.137.10,192.192.100.156,192.192.214.132,192.192.241.160,192.192.241.2,192.228.180.23,192.38.32.159] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (50)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500099; rev:2006;)
alert tcp [192.48.184.34,192.50.109.174,192.83.181.111,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.146.51,193.104.34.69,193.104.35.22,193.104.94.15,193.104.94.56,193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.25,193.106.65.15,193.109.246.210,193.109.246.227,193.109.246.34,193.110.112.228,193.111.49.10,193.124.17.53,193.126.32.99,193.136.40.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (51)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500100; rev:2006;)
alert udp [192.48.184.34,192.50.109.174,192.83.181.111,193.104.106.16,193.104.12.127,193.104.146.41,193.104.146.42,193.104.146.51,193.104.34.69,193.104.35.22,193.104.94.15,193.104.94.56,193.104.94.60,193.105.174.37,193.105.174.53,193.105.174.54,193.105.174.58,193.105.207.105,193.105.207.120,193.105.207.21,193.105.207.25,193.106.65.15,193.109.246.210,193.109.246.227,193.109.246.34,193.110.112.228,193.111.49.10,193.124.17.53,193.126.32.99,193.136.40.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (51)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500101; rev:2006;)
alert tcp [193.137.201.84,193.145.155.227,193.146.210.191,193.147.87.222,193.151.87.175,193.158.118.14,193.164.133.205,193.169.173.12,193.169.188.146,193.169.86.123,193.169.87.118,193.169.87.119,193.169.87.151,193.170.221.94,193.170.238.50,193.171.251.94,193.171.32.6,193.178.153.252,193.179.183.154,193.188.254.252,193.19.77.19,193.19.77.215,193.19.77.29,193.19.77.41,193.19.77.54,193.190.246.200,193.192.48.71,193.194.84.215,193.198.56.131,193.200.173.55] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (52)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500102; rev:2006;)
alert udp [193.137.201.84,193.145.155.227,193.146.210.191,193.147.87.222,193.151.87.175,193.158.118.14,193.164.133.205,193.169.173.12,193.169.188.146,193.169.86.123,193.169.87.118,193.169.87.119,193.169.87.151,193.170.221.94,193.170.238.50,193.171.251.94,193.171.32.6,193.178.153.252,193.179.183.154,193.188.254.252,193.19.77.19,193.19.77.215,193.19.77.29,193.19.77.41,193.19.77.54,193.190.246.200,193.192.48.71,193.194.84.215,193.198.56.131,193.200.173.55] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (52)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500103; rev:2006;)
alert tcp [193.201.198.29,193.201.39.134,193.201.63.3,193.202.110.140,193.203.44.4,193.206.206.52,193.224.76.129,193.225.140.135,193.225.204.51,193.230.191.3,193.231.39.65,193.232.159.1,193.238.129.181,193.239.47.21,193.251.17.135,193.251.17.32,193.251.184.189,193.252.188.149,193.253.101.195,193.253.213.133,193.26.6.16,193.29.79.43,193.34.150.8,193.36.35.45,193.40.102.84,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.42.230.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (53)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500104; rev:2006;)
alert udp [193.201.198.29,193.201.39.134,193.201.63.3,193.202.110.140,193.203.44.4,193.206.206.52,193.224.76.129,193.225.140.135,193.225.204.51,193.230.191.3,193.231.39.65,193.232.159.1,193.238.129.181,193.239.47.21,193.251.17.135,193.251.17.32,193.251.184.189,193.252.188.149,193.253.101.195,193.253.213.133,193.26.6.16,193.29.79.43,193.34.150.8,193.36.35.45,193.40.102.84,193.41.38.101,193.41.38.103,193.41.38.107,193.41.38.108,193.42.230.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (53)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500105; rev:2006;)
alert tcp [193.43.134.58,193.43.92.186,193.47.153.14,193.50.151.71,193.77.156.204,193.92.255.189,193.95.249.103,194.0.252.231,194.106.218.156,194.110.192.70,194.110.67.201,194.110.67.204,194.116.186.202,194.125.236.241,194.126.172.247,194.126.172.90,194.126.173.139,194.144.62.242,194.146.226.126,194.150.118.6,194.150.120.40,194.154.71.66,194.170.32.253,194.170.32.254,194.177.99.235,194.181.152.195,194.186.162.126,194.186.88.37,194.187.74.233,194.19.106.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (54)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500106; rev:2006;)
alert udp [193.43.134.58,193.43.92.186,193.47.153.14,193.50.151.71,193.77.156.204,193.92.255.189,193.95.249.103,194.0.252.231,194.106.218.156,194.110.192.70,194.110.67.201,194.110.67.204,194.116.186.202,194.125.236.241,194.126.172.247,194.126.172.90,194.126.173.139,194.144.62.242,194.146.226.126,194.150.118.6,194.150.120.40,194.154.71.66,194.170.32.253,194.170.32.254,194.177.99.235,194.181.152.195,194.186.162.126,194.186.88.37,194.187.74.233,194.19.106.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (54)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500107; rev:2006;)
alert tcp [194.19.251.162,194.19.96.251,194.190.139.249,194.192.14.175,194.204.8.181,194.213.30.19,194.232.87.2,194.254.210.90,194.28.112.132,194.28.85.215,194.29.226.107,194.30.15.173,194.32.151.185,194.44.240.74,194.50.85.251,194.67.77.115,194.68.140.3,194.69.204.244,194.77.104.169,194.79.250.28,194.79.250.42,194.80.51.2,194.85.37.170,194.85.61.78,194.93.130.10,195.110.213.65,195.112.198.230,195.113.45.3,195.113.57.53,195.113.79.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (55)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500108; rev:2006;)
alert udp [194.19.251.162,194.19.96.251,194.190.139.249,194.192.14.175,194.204.8.181,194.213.30.19,194.232.87.2,194.254.210.90,194.28.112.132,194.28.85.215,194.29.226.107,194.30.15.173,194.32.151.185,194.44.240.74,194.50.85.251,194.67.77.115,194.68.140.3,194.69.204.244,194.77.104.169,194.79.250.28,194.79.250.42,194.80.51.2,194.85.37.170,194.85.61.78,194.93.130.10,195.110.213.65,195.112.198.230,195.113.45.3,195.113.57.53,195.113.79.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (55)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500109; rev:2006;)
alert tcp [195.116.43.50,195.117.224.135,195.13.190.7,195.13.61.58,195.137.30.127,195.138.206.234,195.14.50.8,195.141.79.36,195.142.106.66,195.144.11.175,195.145.57.205,195.146.67.105,195.149.158.137,195.154.158.18,195.154.193.99,195.158.183.102,195.158.60.67,195.159.29.131,195.16.88.85,195.161.148.67,195.170.63.150,195.182.57.143,195.182.57.147,195.186.80.19,195.186.80.20,195.186.81.92,195.187.34.72,195.188.253.21,195.189.182.110,195.189.240.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (56)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500110; rev:2006;)
alert udp [195.116.43.50,195.117.224.135,195.13.190.7,195.13.61.58,195.137.30.127,195.138.206.234,195.14.50.8,195.141.79.36,195.142.106.66,195.144.11.175,195.145.57.205,195.146.67.105,195.149.158.137,195.154.158.18,195.154.193.99,195.158.183.102,195.158.60.67,195.159.29.131,195.16.88.85,195.161.148.67,195.170.63.150,195.182.57.143,195.182.57.147,195.186.80.19,195.186.80.20,195.186.81.92,195.187.34.72,195.188.253.21,195.189.182.110,195.189.240.18] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (56)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500111; rev:2006;)
alert tcp [195.19.250.207,195.191.166.246,195.191.25.160,195.194.72.26,195.199.171.33,195.199.240.108,195.199.249.68,195.2.195.195,195.2.255.106,195.20.15.126,195.20.197.76,195.202.171.81,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251,195.207.16.204,195.207.16.205,195.209.147.131,195.210.28.142,195.210.47.94,195.218.255.30,195.218.31.37,195.22.112.14,195.22.181.106,195.22.6.215,195.225.168.249,195.225.196.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (57)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500112; rev:2006;)
alert udp [195.19.250.207,195.191.166.246,195.191.25.160,195.194.72.26,195.199.171.33,195.199.240.108,195.199.249.68,195.2.195.195,195.2.255.106,195.20.15.126,195.20.197.76,195.202.171.81,195.206.246.200,195.206.246.208,195.206.246.209,195.206.246.216,195.206.246.221,195.206.246.251,195.207.16.204,195.207.16.205,195.209.147.131,195.210.28.142,195.210.47.94,195.218.255.30,195.218.31.37,195.22.112.14,195.22.181.106,195.22.6.215,195.225.168.249,195.225.196.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (57)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500113; rev:2006;)
alert tcp [195.226.182.36,195.228.152.142,195.228.230.92,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.23.114.1,195.23.94.159,195.230.168.94,195.230.5.131,195.235.210.81,195.238.112.214,195.24.238.1,195.24.54.14,195.241.21.227,195.242.161.135,195.242.161.206,195.242.161.44,195.242.161.64,195.242.238.200,195.242.239.90,195.246.242.60,195.246.254.75,195.250.188.225,195.251.213.110,195.251.230.111,195.251.6.234,195.252.127.41] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (58)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500114; rev:2006;)
alert udp [195.226.182.36,195.228.152.142,195.228.230.92,195.229.236.212,195.229.237.38,195.229.242.55,195.229.242.58,195.229.62.157,195.23.114.1,195.23.94.159,195.230.168.94,195.230.5.131,195.235.210.81,195.238.112.214,195.24.238.1,195.24.54.14,195.241.21.227,195.242.161.135,195.242.161.206,195.242.161.44,195.242.161.64,195.242.238.200,195.242.239.90,195.246.242.60,195.246.254.75,195.250.188.225,195.251.213.110,195.251.230.111,195.251.6.234,195.252.127.41] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (58)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500115; rev:2006;)
alert tcp [195.252.46.78,195.26.74.167,195.26.93.250,195.34.105.98,195.34.78.100,195.35.249.114,195.39.19.46,195.41.32.101,195.42.115.213,195.46.161.3,195.49.165.250,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201,195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5,195.5.161.68,195.5.161.72,195.50.173.100,195.50.185.5,195.50.222.83,195.56.111.191] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (59)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500116; rev:2006;)
alert udp [195.252.46.78,195.26.74.167,195.26.93.250,195.34.105.98,195.34.78.100,195.35.249.114,195.39.19.46,195.41.32.101,195.42.115.213,195.46.161.3,195.49.165.250,195.5.161.158,195.5.161.181,195.5.161.186,195.5.161.194,195.5.161.196,195.5.161.200,195.5.161.201,195.5.161.206,195.5.161.223,195.5.161.225,195.5.161.227,195.5.161.228,195.5.161.5,195.5.161.68,195.5.161.72,195.50.173.100,195.50.185.5,195.50.222.83,195.56.111.191] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (59)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500117; rev:2006;)
alert tcp [195.56.146.53,195.56.164.149,195.56.172.204,195.56.207.106,195.56.247.186,195.58.163.10,195.60.70.28,195.62.169.244,195.62.225.134,195.62.70.1,195.64.178.201,195.64.184.15,195.67.7.242,195.69.251.131,195.70.35.225,195.76.85.232,195.78.33.2,195.78.58.6,195.8.39.199,195.88.18.2,195.88.33.102,195.88.51.235,195.90.106.212,195.93.153.33,195.93.180.252,195.96.216.70,195.97.207.188,195.97.219.248,195.98.50.102,196.10.224.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (60)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500118; rev:2006;)
alert udp [195.56.146.53,195.56.164.149,195.56.172.204,195.56.207.106,195.56.247.186,195.58.163.10,195.60.70.28,195.62.169.244,195.62.225.134,195.62.70.1,195.64.178.201,195.64.184.15,195.67.7.242,195.69.251.131,195.70.35.225,195.76.85.232,195.78.33.2,195.78.58.6,195.8.39.199,195.88.18.2,195.88.33.102,195.88.51.235,195.90.106.212,195.93.153.33,195.93.180.252,195.96.216.70,195.97.207.188,195.97.219.248,195.98.50.102,196.10.224.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (60)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500119; rev:2006;)
alert tcp [196.12.36.225,196.15.9.212,196.2.128.19,196.2.70.3,196.20.78.119,196.201.229.138,196.212.52.130,196.217.161.145,196.219.222.226,196.220.63.29,196.25.173.7,196.30.126.178,196.34.92.39,196.35.158.183,196.36.152.129,196.40.23.211,196.40.74.33,196.40.74.39,196.41.2.166,196.41.2.86,196.41.205.3,196.41.3.246,196.41.3.25,196.43.78.226,196.44.161.169,196.44.181.136,196.7.36.166,198.109.219.254,198.144.36.11,198.189.237.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (61)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500120; rev:2006;)
alert udp [196.12.36.225,196.15.9.212,196.2.128.19,196.2.70.3,196.20.78.119,196.201.229.138,196.212.52.130,196.217.161.145,196.219.222.226,196.220.63.29,196.25.173.7,196.30.126.178,196.34.92.39,196.35.158.183,196.36.152.129,196.40.23.211,196.40.74.33,196.40.74.39,196.41.2.166,196.41.2.86,196.41.205.3,196.41.3.246,196.41.3.25,196.43.78.226,196.44.161.169,196.44.181.136,196.7.36.166,198.109.219.254,198.144.36.11,198.189.237.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (61)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500121; rev:2006;)
alert tcp [198.236.40.252,198.60.105.164,199.203.55.226,199.216.244.36,200.100.183.249,200.100.8.48,200.101.171.35,200.104.54.221,200.105.140.238,200.105.232.146,200.105.232.253,200.105.234.210,200.105.241.120,200.107.156.226,200.107.250.9,200.107.41.230,200.107.60.48,200.11.75.102,200.110.19.218,200.111.55.13,200.111.67.80,200.115.218.230,200.115.225.241,200.115.247.99,200.116.22.72,200.117.131.229,200.117.19.3,200.117.234.163,200.119.136.35,200.119.239.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (62)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500122; rev:2006;)
alert udp [198.236.40.252,198.60.105.164,199.203.55.226,199.216.244.36,200.100.183.249,200.100.8.48,200.101.171.35,200.104.54.221,200.105.140.238,200.105.232.146,200.105.232.253,200.105.234.210,200.105.241.120,200.107.156.226,200.107.250.9,200.107.41.230,200.107.60.48,200.11.75.102,200.110.19.218,200.111.55.13,200.111.67.80,200.115.218.230,200.115.225.241,200.115.247.99,200.116.22.72,200.117.131.229,200.117.19.3,200.117.234.163,200.119.136.35,200.119.239.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (62)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500123; rev:2006;)
alert tcp [200.12.20.5,200.122.98.113,200.123.101.83,200.123.110.118,200.124.247.198,200.125.73.33,200.126.80.98,200.126.81.36,200.127.52.19,200.129.136.130,200.129.179.15,200.13.192.210,200.13.254.183,200.131.252.1,200.132.30.9,200.136.27.79,200.136.38.10,200.137.203.6,200.138.220.15,200.139.115.54,200.14.86.12,200.140.181.10,200.140.76.62,200.141.254.194,200.143.16.180,200.143.16.212,200.144.16.10,200.145.208.56,200.145.90.20,200.149.208.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (63)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500124; rev:2006;)
alert udp [200.12.20.5,200.122.98.113,200.123.101.83,200.123.110.118,200.124.247.198,200.125.73.33,200.126.80.98,200.126.81.36,200.127.52.19,200.129.136.130,200.129.179.15,200.13.192.210,200.13.254.183,200.131.252.1,200.132.30.9,200.136.27.79,200.136.38.10,200.137.203.6,200.138.220.15,200.139.115.54,200.14.86.12,200.140.181.10,200.140.76.62,200.141.254.194,200.143.16.180,200.143.16.212,200.144.16.10,200.145.208.56,200.145.90.20,200.149.208.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (63)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500125; rev:2006;)
alert tcp [200.150.14.215,200.150.145.87,200.150.158.164,200.150.38.138,200.150.68.27,200.153.31.227,200.155.10.74,200.155.21.26,200.155.31.200,200.155.31.201,200.157.48.10,200.157.49.130,200.158.165.221,200.160.125.244,200.162.124.49,200.164.110.141,200.165.163.75,200.166.207.242,200.167.76.66,200.17.222.114,200.17.233.37,200.170.150.25,200.171.225.115,200.175.53.231,200.178.146.131,200.179.103.143,200.179.121.1,200.180.215.134,200.180.72.114,200.181.90.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (64)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500126; rev:2006;)
alert udp [200.150.14.215,200.150.145.87,200.150.158.164,200.150.38.138,200.150.68.27,200.153.31.227,200.155.10.74,200.155.21.26,200.155.31.200,200.155.31.201,200.157.48.10,200.157.49.130,200.158.165.221,200.160.125.244,200.162.124.49,200.164.110.141,200.165.163.75,200.166.207.242,200.167.76.66,200.17.222.114,200.17.233.37,200.170.150.25,200.171.225.115,200.175.53.231,200.178.146.131,200.179.103.143,200.179.121.1,200.180.215.134,200.180.72.114,200.181.90.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (64)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500127; rev:2006;)
alert tcp [200.183.227.150,200.19.174.17,200.192.134.146,200.192.134.50,200.192.254.106,200.193.129.172,200.194.206.211,200.195.145.114,200.195.151.85,200.195.192.45,200.195.75.138,200.196.48.17,200.198.179.100,200.199.64.171,200.203.13.222,200.206.107.59,200.206.185.89,200.207.131.118,200.207.80.238,200.208.204.18,200.208.241.126,200.208.241.70,200.209.115.136,200.209.149.74,200.209.156.2,200.21.228.168,200.21.228.182,200.21.7.69,200.21.7.72,200.21.98.121] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (65)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500128; rev:2006;)
alert udp [200.183.227.150,200.19.174.17,200.192.134.146,200.192.134.50,200.192.254.106,200.193.129.172,200.194.206.211,200.195.145.114,200.195.151.85,200.195.192.45,200.195.75.138,200.196.48.17,200.198.179.100,200.199.64.171,200.203.13.222,200.206.107.59,200.206.185.89,200.207.131.118,200.207.80.238,200.208.204.18,200.208.241.126,200.208.241.70,200.209.115.136,200.209.149.74,200.209.156.2,200.21.228.168,200.21.228.182,200.21.7.69,200.21.7.72,200.21.98.121] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (65)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500129; rev:2006;)
alert tcp [200.213.47.155,200.216.236.74,200.219.194.200,200.220.199.8,200.225.198.121,200.225.216.90,200.231.59.9,200.234.197.76,200.235.146.26,200.24.102.242,200.24.196.30,200.24.221.83,200.241.61.130,200.242.107.66,200.242.162.147,200.242.94.133,200.250.147.10,200.251.140.2,200.251.180.34,200.251.56.195,200.253.153.44,200.253.155.72,200.27.104.118,200.27.107.14,200.27.108.155,200.27.203.50,200.27.204.66,200.27.57.10,200.29.104.42,200.29.131.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (66)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500130; rev:2006;)
alert udp [200.213.47.155,200.216.236.74,200.219.194.200,200.220.199.8,200.225.198.121,200.225.216.90,200.231.59.9,200.234.197.76,200.235.146.26,200.24.102.242,200.24.196.30,200.24.221.83,200.241.61.130,200.242.107.66,200.242.162.147,200.242.94.133,200.250.147.10,200.251.140.2,200.251.180.34,200.251.56.195,200.253.153.44,200.253.155.72,200.27.104.118,200.27.107.14,200.27.108.155,200.27.203.50,200.27.204.66,200.27.57.10,200.29.104.42,200.29.131.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (66)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500131; rev:2006;)
alert tcp [200.29.147.34,200.29.147.60,200.29.183.124,200.29.23.98,200.30.189.194,200.30.68.70,200.31.42.3,200.34.142.12,200.35.163.186,200.35.163.197,200.35.86.229,200.36.249.23,200.36.53.9,200.38.69.244,200.40.191.194,200.40.212.6,200.40.82.54,200.41.228.162,200.42.138.162,200.42.211.7,200.45.103.248,200.5.242.33,200.50.100.46,200.50.45.139,200.54.155.138,200.54.180.242,200.54.77.163,200.55.198.67,200.55.198.68,200.55.208.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (67)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500132; rev:2006;)
alert udp [200.29.147.34,200.29.147.60,200.29.183.124,200.29.23.98,200.30.189.194,200.30.68.70,200.31.42.3,200.34.142.12,200.35.163.186,200.35.163.197,200.35.86.229,200.36.249.23,200.36.53.9,200.38.69.244,200.40.191.194,200.40.212.6,200.40.82.54,200.41.228.162,200.42.138.162,200.42.211.7,200.45.103.248,200.5.242.33,200.50.100.46,200.50.45.139,200.54.155.138,200.54.180.242,200.54.77.163,200.55.198.67,200.55.198.68,200.55.208.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (67)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500133; rev:2006;)
alert tcp [200.55.58.242,200.58.199.238,200.59.147.142,200.6.162.31,200.6.189.118,200.6.20.178,200.60.240.95,200.60.93.3,200.61.42.145,200.61.62.27,200.63.98.10,200.68.46.106,200.68.5.94,200.68.69.97,200.68.91.137,200.69.103.60,200.69.114.190,200.69.142.43,200.7.170.250,200.71.191.4,200.71.240.2,200.72.1.94,200.72.252.242,200.72.34.114,200.73.229.226,200.73.4.179,200.73.4.180,200.73.83.184,200.74.216.118,200.74.221.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (68)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500134; rev:2006;)
alert udp [200.55.58.242,200.58.199.238,200.59.147.142,200.6.162.31,200.6.189.118,200.6.20.178,200.60.240.95,200.60.93.3,200.61.42.145,200.61.62.27,200.63.98.10,200.68.46.106,200.68.5.94,200.68.69.97,200.68.91.137,200.69.103.60,200.69.114.190,200.69.142.43,200.7.170.250,200.71.191.4,200.71.240.2,200.72.1.94,200.72.252.242,200.72.34.114,200.73.229.226,200.73.4.179,200.73.4.180,200.73.83.184,200.74.216.118,200.74.221.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (68)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500135; rev:2006;)
alert tcp [200.74.244.94,200.75.23.69,200.75.250.117,200.75.43.152,200.77.234.183,200.79.231.100,200.79.231.130,200.8.96.79,200.80.178.18,200.81.204.39,200.83.124.211,200.83.235.38,200.85.69.70,200.88.114.181,200.89.54.206,200.91.28.133,200.91.76.122,200.93.133.105,200.93.147.19,200.93.192.171,200.93.229.194,200.94.64.134,200.96.89.210,200.99.122.66,200.99.5.66,201.0.181.20,201.0.181.240,201.10.183.111,201.116.227.202,201.116.242.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (69)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500136; rev:2006;)
alert udp [200.74.244.94,200.75.23.69,200.75.250.117,200.75.43.152,200.77.234.183,200.79.231.100,200.79.231.130,200.8.96.79,200.80.178.18,200.81.204.39,200.83.124.211,200.83.235.38,200.85.69.70,200.88.114.181,200.89.54.206,200.91.28.133,200.91.76.122,200.93.133.105,200.93.147.19,200.93.192.171,200.93.229.194,200.94.64.134,200.96.89.210,200.99.122.66,200.99.5.66,201.0.181.20,201.0.181.240,201.10.183.111,201.116.227.202,201.116.242.2] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (69)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500137; rev:2006;)
alert tcp [201.116.47.66,201.12.119.26,201.12.151.38,201.12.28.4,201.12.70.80,201.120.73.244,201.13.172.188,201.13.179.242,201.13.182.221,201.13.201.44,201.13.206.63,201.13.33.109,201.13.63.161,201.13.96.237,201.130.143.155,201.137.0.113,201.14.144.45,201.144.117.98,201.144.254.14,201.149.10.205,201.15.62.241,201.151.224.179,201.155.195.39,201.155.199.135,201.158.74.152,201.16.228.107,201.16.64.14,201.160.131.37,201.160.216.68,201.160.250.97] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (70)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500138; rev:2006;)
alert udp [201.116.47.66,201.12.119.26,201.12.151.38,201.12.28.4,201.12.70.80,201.120.73.244,201.13.172.188,201.13.179.242,201.13.182.221,201.13.201.44,201.13.206.63,201.13.33.109,201.13.63.161,201.13.96.237,201.130.143.155,201.137.0.113,201.14.144.45,201.144.117.98,201.144.254.14,201.149.10.205,201.15.62.241,201.151.224.179,201.155.195.39,201.155.199.135,201.158.74.152,201.16.228.107,201.16.64.14,201.160.131.37,201.160.216.68,201.160.250.97] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (70)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500139; rev:2006;)
alert tcp [201.160.94.241,201.160.94.62,201.161.9.118,201.163.145.204,201.166.2.84,201.166.53.126,201.166.60.222,201.167.64.54,201.17.52.29,201.172.169.141,201.174.65.39,201.19.119.48,201.193.206.93,201.20.1.9,201.20.19.222,201.20.22.138,201.204.122.181,201.21.1.194,201.21.111.96,201.212.134.153,201.212.40.224,201.213.138.186,201.213.221.125,201.213.24.8,201.214.8.68,201.215.186.120,201.217.214.51,201.217.28.86,201.217.51.181,201.218.247.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (71)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500140; rev:2006;)
alert udp [201.160.94.241,201.160.94.62,201.161.9.118,201.163.145.204,201.166.2.84,201.166.53.126,201.166.60.222,201.167.64.54,201.17.52.29,201.172.169.141,201.174.65.39,201.19.119.48,201.193.206.93,201.20.1.9,201.20.19.222,201.20.22.138,201.204.122.181,201.21.1.194,201.21.111.96,201.212.134.153,201.212.40.224,201.213.138.186,201.213.221.125,201.213.24.8,201.214.8.68,201.215.186.120,201.217.214.51,201.217.28.86,201.217.51.181,201.218.247.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (71)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500141; rev:2006;)
alert tcp [201.218.4.162,201.218.5.5,201.218.7.186,201.219.10.133,201.219.132.2,201.219.3.225,201.219.62.229,201.22.7.237,201.222.146.97,201.222.205.129,201.223.201.4,201.223.212.78,201.223.218.68,201.223.221.44,201.223.9.54,201.225.20.244,201.225.226.68,201.227.100.138,201.227.64.53,201.229.205.254,201.23.79.162,201.230.107.115,201.231.111.60,201.232.179.44,201.232.56.52,201.232.91.36,201.232.98.213,201.233.205.23,201.234.124.100,201.234.179.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (72)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500142; rev:2006;)
alert udp [201.218.4.162,201.218.5.5,201.218.7.186,201.219.10.133,201.219.132.2,201.219.3.225,201.219.62.229,201.22.7.237,201.222.146.97,201.222.205.129,201.223.201.4,201.223.212.78,201.223.218.68,201.223.221.44,201.223.9.54,201.225.20.244,201.225.226.68,201.227.100.138,201.227.64.53,201.229.205.254,201.23.79.162,201.230.107.115,201.231.111.60,201.232.179.44,201.232.56.52,201.232.91.36,201.232.98.213,201.233.205.23,201.234.124.100,201.234.179.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (72)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500143; rev:2006;)
alert tcp [201.236.221.70,201.236.223.37,201.236.96.108,201.238.138.133,201.238.198.110,201.238.212.197,201.238.214.203,201.238.221.94,201.238.222.73,201.238.222.83,201.241.57.166,201.244.137.106,201.244.139.129,201.244.34.235,201.244.71.206,201.246.141.91,201.246.59.49,201.249.238.100,201.25.219.162,201.25.50.163,201.250.169.154,201.250.251.150,201.251.210.11,201.251.6.90,201.255.253.67,201.26.15.217,201.26.164.38,201.26.47.142,201.27.154.149,201.27.154.165] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (73)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500144; rev:2006;)
alert udp [201.236.221.70,201.236.223.37,201.236.96.108,201.238.138.133,201.238.198.110,201.238.212.197,201.238.214.203,201.238.221.94,201.238.222.73,201.238.222.83,201.241.57.166,201.244.137.106,201.244.139.129,201.244.34.235,201.244.71.206,201.246.141.91,201.246.59.49,201.249.238.100,201.25.219.162,201.25.50.163,201.250.169.154,201.250.251.150,201.251.210.11,201.251.6.90,201.255.253.67,201.26.15.217,201.26.164.38,201.26.47.142,201.27.154.149,201.27.154.165] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (73)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500145; rev:2006;)
alert tcp [201.27.43.41,201.27.52.178,201.27.77.221,201.27.89.93,201.30.128.114,201.30.32.167,201.33.181.93,201.33.24.105,201.34.255.99,201.36.208.34,201.37.206.126,201.38.138.2,201.40.123.5,201.41.32.194,201.42.162.158,201.42.211.237,201.43.119.82,201.43.133.98,201.43.166.230,201.43.200.101,201.44.174.210,201.46.43.33,201.47.236.218,201.48.87.109,201.48.90.20,201.54.226.85,201.57.207.67,201.58.60.35,201.59.159.53,201.6.106.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (74)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500146; rev:2006;)
alert udp [201.27.43.41,201.27.52.178,201.27.77.221,201.27.89.93,201.30.128.114,201.30.32.167,201.33.181.93,201.33.24.105,201.34.255.99,201.36.208.34,201.37.206.126,201.38.138.2,201.40.123.5,201.41.32.194,201.42.162.158,201.42.211.237,201.43.119.82,201.43.133.98,201.43.166.230,201.43.200.101,201.44.174.210,201.46.43.33,201.47.236.218,201.48.87.109,201.48.90.20,201.54.226.85,201.57.207.67,201.58.60.35,201.59.159.53,201.6.106.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (74)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500147; rev:2006;)
alert tcp [201.6.106.55,201.6.145.203,201.62.188.75,201.63.177.109,201.63.197.75,201.63.34.211,201.65.225.153,201.68.110.116,201.68.127.225,201.68.142.89,201.68.161.96,201.68.168.180,201.68.170.92,201.68.173.100,201.68.212.124,201.68.230.158,201.68.36.76,201.68.48.197,201.68.52.52,201.68.67.23,201.68.95.210,201.71.131.4,201.71.49.10,201.73.187.100,201.76.133.110,201.76.180.102,201.76.22.124,201.77.76.108,201.86.212.189,201.87.129.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (75)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500148; rev:2006;)
alert udp [201.6.106.55,201.6.145.203,201.62.188.75,201.63.177.109,201.63.197.75,201.63.34.211,201.65.225.153,201.68.110.116,201.68.127.225,201.68.142.89,201.68.161.96,201.68.168.180,201.68.170.92,201.68.173.100,201.68.212.124,201.68.230.158,201.68.36.76,201.68.48.197,201.68.52.52,201.68.67.23,201.68.95.210,201.71.131.4,201.71.49.10,201.73.187.100,201.76.133.110,201.76.180.102,201.76.22.124,201.77.76.108,201.86.212.189,201.87.129.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (75)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500149; rev:2006;)
alert tcp [201.90.236.2,201.92.10.196,201.92.215.230,201.92.235.65,201.92.238.170,201.92.68.3,201.92.79.122,201.93.158.222,201.93.197.246,201.93.209.248,201.95.187.72,201.95.19.28,201.95.28.82,201.95.70.253,201.95.70.42,201.95.8.123,201.95.82.58,201.95.92.156,202.100.108.25,202.100.85.17,202.101.116.67,202.101.36.65,202.101.71.22,202.102.108.11,202.102.108.42,202.102.233.29,202.102.95.211,202.103.168.113,202.106.184.130,202.106.185.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (76)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500150; rev:2006;)
alert udp [201.90.236.2,201.92.10.196,201.92.215.230,201.92.235.65,201.92.238.170,201.92.68.3,201.92.79.122,201.93.158.222,201.93.197.246,201.93.209.248,201.95.187.72,201.95.19.28,201.95.28.82,201.95.70.253,201.95.70.42,201.95.8.123,201.95.82.58,201.95.92.156,202.100.108.25,202.100.85.17,202.101.116.67,202.101.36.65,202.101.71.22,202.102.108.11,202.102.108.42,202.102.233.29,202.102.95.211,202.103.168.113,202.106.184.130,202.106.185.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (76)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500151; rev:2006;)
alert tcp [202.107.228.137,202.107.228.179,202.107.233.163,202.107.248.167,202.108.100.196,202.108.25.12,202.108.39.160,202.108.49.89,202.109.114.173,202.109.244.124,202.110.72.106,202.111.175.176,202.116.225.45,202.117.10.254,202.117.3.30,202.120.126.33,202.120.126.34,202.120.143.135,202.123.240.14,202.125.44.214,202.126.44.9,202.127.28.212,202.129.196.60,202.129.32.167,202.129.46.188,202.130.68.18,202.131.64.122,202.133.243.101,202.133.250.203,202.134.0.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (77)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500152; rev:2006;)
alert udp [202.107.228.137,202.107.228.179,202.107.233.163,202.107.248.167,202.108.100.196,202.108.25.12,202.108.39.160,202.108.49.89,202.109.114.173,202.109.244.124,202.110.72.106,202.111.175.176,202.116.225.45,202.117.10.254,202.117.3.30,202.120.126.33,202.120.126.34,202.120.143.135,202.123.240.14,202.125.44.214,202.126.44.9,202.127.28.212,202.129.196.60,202.129.32.167,202.129.46.188,202.130.68.18,202.131.64.122,202.133.243.101,202.133.250.203,202.134.0.11] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (77)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500153; rev:2006;)
alert tcp [202.137.21.100,202.137.26.114,202.137.7.4,202.138.139.165,202.141.128.119,202.141.148.99,202.143.148.162,202.143.150.11,202.143.161.243,202.143.164.43,202.143.72.162,202.146.16.230,202.149.225.245,202.153.189.178,202.153.232.84,202.153.39.73,202.153.43.146,202.155.196.101,202.155.39.70,202.157.182.41,202.157.4.223,202.159.18.194,202.160.120.195,202.162.204.46,202.162.214.106,202.162.220.53,202.163.170.148,202.163.187.41,202.163.72.106,202.165.187.133] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (78)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500154; rev:2006;)
alert udp [202.137.21.100,202.137.26.114,202.137.7.4,202.138.139.165,202.141.128.119,202.141.148.99,202.143.148.162,202.143.150.11,202.143.161.243,202.143.164.43,202.143.72.162,202.146.16.230,202.149.225.245,202.153.189.178,202.153.232.84,202.153.39.73,202.153.43.146,202.155.196.101,202.155.39.70,202.157.182.41,202.157.4.223,202.159.18.194,202.160.120.195,202.162.204.46,202.162.214.106,202.162.220.53,202.163.170.148,202.163.187.41,202.163.72.106,202.165.187.133] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (78)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500155; rev:2006;)
alert tcp [202.169.196.194,202.169.39.92,202.169.76.237,202.170.67.34,202.171.132.146,202.171.135.5,202.171.136.148,202.171.159.19,202.171.65.76,202.172.112.252,202.172.18.120,202.174.106.3,202.177.16.226,202.177.204.11,202.177.25.178,202.177.27.33,202.181.164.194,202.181.164.201,202.181.164.213,202.181.171.2,202.181.176.133,202.181.232.182,202.182.61.30,202.183.164.87,202.183.167.247,202.183.233.75,202.183.234.230,202.186.13.251,202.186.96.122,202.186.96.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (79)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500156; rev:2006;)
alert udp [202.169.196.194,202.169.39.92,202.169.76.237,202.170.67.34,202.171.132.146,202.171.135.5,202.171.136.148,202.171.159.19,202.171.65.76,202.172.112.252,202.172.18.120,202.174.106.3,202.177.16.226,202.177.204.11,202.177.25.178,202.177.27.33,202.181.164.194,202.181.164.201,202.181.164.213,202.181.171.2,202.181.176.133,202.181.232.182,202.182.61.30,202.183.164.87,202.183.167.247,202.183.233.75,202.183.234.230,202.186.13.251,202.186.96.122,202.186.96.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (79)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500157; rev:2006;)
alert tcp [202.187.239.208,202.188.101.221,202.190.180.133,202.190.180.135,202.190.180.137,202.190.180.141,202.194.15.192,202.196.160.16,202.197.54.120,202.201.14.232,202.201.14.252,202.207.192.110,202.208.196.151,202.210.132.55,202.212.80.62,202.213.156.232,202.218.147.35,202.218.214.110,202.218.236.217,202.22.232.137,202.225.50.64,202.229.236.57,202.229.237.90,202.231.34.214,202.232.69.21,202.238.97.4,202.27.83.134,202.28.17.3,202.29.18.240,202.3.217.125] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (80)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500158; rev:2006;)
alert udp [202.187.239.208,202.188.101.221,202.190.180.133,202.190.180.135,202.190.180.137,202.190.180.141,202.194.15.192,202.196.160.16,202.197.54.120,202.201.14.232,202.201.14.252,202.207.192.110,202.208.196.151,202.210.132.55,202.212.80.62,202.213.156.232,202.218.147.35,202.218.214.110,202.218.236.217,202.22.232.137,202.225.50.64,202.229.236.57,202.229.237.90,202.231.34.214,202.232.69.21,202.238.97.4,202.27.83.134,202.28.17.3,202.29.18.240,202.3.217.125] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (80)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500159; rev:2006;)
alert tcp [202.31.224.74,202.33.155.242,202.39.237.178,202.4.112.106,202.40.202.159,202.43.177.78,202.43.35.12,202.43.44.4,202.44.73.18,202.47.224.134,202.53.224.253,202.53.249.243,202.54.158.57,202.54.61.99,202.57.162.130,202.57.42.162,202.59.32.5,202.6.233.22,202.60.56.87,202.60.90.198,202.61.27.219,202.63.106.120,202.63.106.190,202.63.129.108,202.63.138.38,202.63.96.22,202.64.155.152,202.64.191.221,202.64.21.118,202.64.32.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (81)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500160; rev:2006;)
alert udp [202.31.224.74,202.33.155.242,202.39.237.178,202.4.112.106,202.40.202.159,202.43.177.78,202.43.35.12,202.43.44.4,202.44.73.18,202.47.224.134,202.53.224.253,202.53.249.243,202.54.158.57,202.54.61.99,202.57.162.130,202.57.42.162,202.59.32.5,202.6.233.22,202.60.56.87,202.60.90.198,202.61.27.219,202.63.106.120,202.63.106.190,202.63.129.108,202.63.138.38,202.63.96.22,202.64.155.152,202.64.191.221,202.64.21.118,202.64.32.70] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (81)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500161; rev:2006;)
alert tcp [202.65.134.180,202.65.156.36,202.65.195.147,202.65.206.51,202.65.207.91,202.65.211.171,202.65.212.54,202.67.138.75,202.68.160.5,202.69.15.126,202.70.136.97,202.70.36.242,202.71.101.62,202.71.103.140,202.71.136.151,202.71.251.46,202.75.232.89,202.75.6.75,202.75.63.50,202.76.158.24,202.76.232.69,202.78.201.242,202.78.217.110,202.78.230.44,202.79.202.134,202.79.217.218,202.79.217.220,202.82.43.74,202.85.159.235,202.85.222.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (82)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500162; rev:2006;)
alert udp [202.65.134.180,202.65.156.36,202.65.195.147,202.65.206.51,202.65.207.91,202.65.211.171,202.65.212.54,202.67.138.75,202.68.160.5,202.69.15.126,202.70.136.97,202.70.36.242,202.71.101.62,202.71.103.140,202.71.136.151,202.71.251.46,202.75.232.89,202.75.6.75,202.75.63.50,202.76.158.24,202.76.232.69,202.78.201.242,202.78.217.110,202.78.230.44,202.79.202.134,202.79.217.218,202.79.217.220,202.82.43.74,202.85.159.235,202.85.222.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (82)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500163; rev:2006;)
alert tcp [202.85.227.251,202.85.233.141,202.86.49.2,202.87.33.200,202.88.238.170,202.9.101.88,202.90.158.63,202.96.1.26,202.96.155.72,202.96.199.150,202.98.29.234,202.99.172.179,202.99.29.27,202.99.63.4,202.99.82.69,203.101.103.227,203.105.3.85,203.105.3.92,203.105.32.131,203.110.245.250,203.110.81.13,203.113.122.74,203.113.130.203,203.114.102.4,203.114.104.106,203.114.130.56,203.114.219.209,203.114.227.94,203.121.145.38,203.123.189.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (83)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500164; rev:2006;)
alert udp [202.85.227.251,202.85.233.141,202.86.49.2,202.87.33.200,202.88.238.170,202.9.101.88,202.90.158.63,202.96.1.26,202.96.155.72,202.96.199.150,202.98.29.234,202.99.172.179,202.99.29.27,202.99.63.4,202.99.82.69,203.101.103.227,203.105.3.85,203.105.3.92,203.105.32.131,203.110.245.250,203.110.81.13,203.113.122.74,203.113.130.203,203.114.102.4,203.114.104.106,203.114.130.56,203.114.219.209,203.114.227.94,203.121.145.38,203.123.189.44] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (83)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500165; rev:2006;)
alert tcp [203.124.179.193,203.125.100.237,203.126.53.110,203.128.89.14,203.129.203.3,203.129.33.9,203.130.205.73,203.130.242.207,203.131.233.155,203.138.232.157,203.140.215.115,203.141.130.106,203.141.137.25,203.141.142.203,203.141.159.203,203.142.24.145,203.142.65.115,203.142.65.118,203.143.119.196,203.145.207.174,203.146.127.176,203.146.179.155,203.146.215.183,203.146.237.123,203.147.4.68,203.150.221.135,203.150.224.159,203.150.225.30,203.150.228.183,203.150.228.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (84)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500166; rev:2006;)
alert udp [203.124.179.193,203.125.100.237,203.126.53.110,203.128.89.14,203.129.203.3,203.129.33.9,203.130.205.73,203.130.242.207,203.131.233.155,203.138.232.157,203.140.215.115,203.141.130.106,203.141.137.25,203.141.142.203,203.141.159.203,203.142.24.145,203.142.65.115,203.142.65.118,203.143.119.196,203.145.207.174,203.146.127.176,203.146.179.155,203.146.215.183,203.146.237.123,203.147.4.68,203.150.221.135,203.150.224.159,203.150.225.30,203.150.228.183,203.150.228.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (84)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500167; rev:2006;)
alert tcp [203.150.231.42,203.151.217.155,203.152.192.178,203.154.185.11,203.156.246.228,203.157.177.11,203.160.250.91,203.160.56.150,203.162.35.103,203.165.32.201,203.171.239.121,203.171.30.106,203.172.165.68,203.172.178.135,203.172.204.252,203.175.18.113,203.177.89.210,203.183.227.184,203.183.65.185,203.185.50.59,203.187.197.81,203.187.199.126,203.187.208.51,203.187.211.120,203.187.254.66,203.188.255.85,203.194.98.213,203.197.118.95,203.197.126.118,203.198.129.106] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (85)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500168; rev:2006;)
alert udp [203.150.231.42,203.151.217.155,203.152.192.178,203.154.185.11,203.156.246.228,203.157.177.11,203.160.250.91,203.160.56.150,203.162.35.103,203.165.32.201,203.171.239.121,203.171.30.106,203.172.165.68,203.172.178.135,203.172.204.252,203.175.18.113,203.177.89.210,203.183.227.184,203.183.65.185,203.185.50.59,203.187.197.81,203.187.199.126,203.187.208.51,203.187.211.120,203.187.254.66,203.188.255.85,203.194.98.213,203.197.118.95,203.197.126.118,203.198.129.106] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (85)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500169; rev:2006;)
alert tcp [203.199.200.86,203.200.166.34,203.208.66.98,203.211.133.201,203.211.45.142,203.217.144.10,203.217.177.4,203.221.216.190,203.223.131.29,203.223.137.102,203.223.188.152,203.223.32.108,203.229.177.59,203.229.231.153,203.230.9.197,203.231.35.40,203.234.220.187,203.234.75.14,203.235.212.154,203.236.210.210,203.237.66.71,203.240.203.30,203.246.44.35,203.247.177.126,203.248.156.165,203.249.66.138,203.250.140.87,203.250.57.28,203.251.190.135,203.252.182.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (86)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500170; rev:2006;)
alert udp [203.199.200.86,203.200.166.34,203.208.66.98,203.211.133.201,203.211.45.142,203.217.144.10,203.217.177.4,203.221.216.190,203.223.131.29,203.223.137.102,203.223.188.152,203.223.32.108,203.229.177.59,203.229.231.153,203.230.9.197,203.231.35.40,203.234.220.187,203.234.75.14,203.235.212.154,203.236.210.210,203.237.66.71,203.240.203.30,203.246.44.35,203.247.177.126,203.248.156.165,203.249.66.138,203.250.140.87,203.250.57.28,203.251.190.135,203.252.182.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (86)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500171; rev:2006;)
alert tcp [203.254.170.81,203.37.44.130,203.5.69.67,203.59.141.228,203.64.208.172,203.64.208.173,203.64.208.174,203.64.208.175,203.68.102.118,203.68.183.73,203.70.146.109,203.70.177.32,203.71.88.187,203.72.226.78,203.73.76.253,203.75.105.6,203.75.55.135,203.76.98.22,203.79.125.143,203.79.232.35,203.80.162.221,203.81.81.36,203.82.208.173,203.83.112.215,203.84.234.234,203.86.41.25,203.86.48.53,203.86.89.130,203.88.141.163,203.90.136.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (87)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500172; rev:2006;)
alert udp [203.254.170.81,203.37.44.130,203.5.69.67,203.59.141.228,203.64.208.172,203.64.208.173,203.64.208.174,203.64.208.175,203.68.102.118,203.68.183.73,203.70.146.109,203.70.177.32,203.71.88.187,203.72.226.78,203.73.76.253,203.75.105.6,203.75.55.135,203.76.98.22,203.79.125.143,203.79.232.35,203.80.162.221,203.81.81.36,203.82.208.173,203.83.112.215,203.84.234.234,203.86.41.25,203.86.48.53,203.86.89.130,203.88.141.163,203.90.136.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (87)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500173; rev:2006;)
alert tcp [203.92.64.207,203.98.116.54,203.98.181.132,203.98.84.32,204.108.14.127,204.112.158.139,204.12.250.34,204.13.101.60,204.14.0.163,204.14.93.53,204.146.162.62,204.152.194.34,204.152.218.194,204.186.26.126,204.19.134.18,204.232.131.163,204.232.194.89,204.232.202.231,204.238.82.17,204.244.123.8,204.27.52.115,204.51.98.46,204.80.91.4,204.89.131.220,204.92.123.118,205.134.252.251,205.151.201.110,205.178.189.129,205.189.49.48,205.215.177.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (88)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500174; rev:2006;)
alert udp [203.92.64.207,203.98.116.54,203.98.181.132,203.98.84.32,204.108.14.127,204.112.158.139,204.12.250.34,204.13.101.60,204.14.0.163,204.14.93.53,204.146.162.62,204.152.194.34,204.152.218.194,204.186.26.126,204.19.134.18,204.232.131.163,204.232.194.89,204.232.202.231,204.238.82.17,204.244.123.8,204.27.52.115,204.51.98.46,204.80.91.4,204.89.131.220,204.92.123.118,205.134.252.251,205.151.201.110,205.178.189.129,205.189.49.48,205.215.177.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (88)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500175; rev:2006;)
alert tcp [205.234.243.220,205.242.219.108,206.105.213.16,206.107.220.92,206.123.115.55,206.123.72.87,206.125.46.134,206.161.193.98,206.173.123.172,206.180.233.11,206.181.87.206,206.217.198.150,206.225.11.2,206.225.20.122,206.225.20.18,206.225.20.50,206.225.20.58,206.225.20.66,206.225.20.74,206.225.20.90,206.225.20.98,206.225.21.18,206.225.21.50,206.225.21.98,206.225.22.66,206.225.23.7,206.248.137.158,206.248.167.218,206.41.245.9,206.41.91.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (89)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500176; rev:2006;)
alert udp [205.234.243.220,205.242.219.108,206.105.213.16,206.107.220.92,206.123.115.55,206.123.72.87,206.125.46.134,206.161.193.98,206.173.123.172,206.180.233.11,206.181.87.206,206.217.198.150,206.225.11.2,206.225.20.122,206.225.20.18,206.225.20.50,206.225.20.58,206.225.20.66,206.225.20.74,206.225.20.90,206.225.20.98,206.225.21.18,206.225.21.50,206.225.21.98,206.225.22.66,206.225.23.7,206.248.137.158,206.248.167.218,206.41.245.9,206.41.91.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (89)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500177; rev:2006;)
alert tcp [206.51.232.210,206.71.166.57,206.71.87.112,206.74.118.63,206.82.192.203,207.112.121.224,207.118.4.221,207.126.167.55,207.136.202.67,207.171.4.23,207.179.103.60,207.182.140.197,207.182.98.11,207.189.231.12,207.191.191.21,207.210.101.27,207.210.83.143,207.210.83.178,207.211.11.105,207.211.75.102,207.211.75.111,207.241.240.41,207.248.228.226,207.35.172.214,207.47.9.4,207.47.96.254,207.55.247.216,207.58.132.114,207.58.177.96,207.6.56.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (90)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500178; rev:2006;)
alert udp [206.51.232.210,206.71.166.57,206.71.87.112,206.74.118.63,206.82.192.203,207.112.121.224,207.118.4.221,207.126.167.55,207.136.202.67,207.171.4.23,207.179.103.60,207.182.140.197,207.182.98.11,207.189.231.12,207.191.191.21,207.210.101.27,207.210.83.143,207.210.83.178,207.211.11.105,207.211.75.102,207.211.75.111,207.241.240.41,207.248.228.226,207.35.172.214,207.47.9.4,207.47.96.254,207.55.247.216,207.58.132.114,207.58.177.96,207.6.56.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (90)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500179; rev:2006;)
alert tcp [207.61.241.100,207.70.158.87,207.71.245.2,208.100.3.12,208.100.31.49,208.101.19.98,208.101.9.140,208.110.72.86,208.110.86.246,208.111.39.110,208.111.39.248,208.113.57.2,208.116.233.21,208.166.49.194,208.167.229.147,208.17.74.32,208.176.108.155,208.176.232.85,208.177.147.54,208.187.31.122,208.2.135.10,208.254.21.242,208.34.209.240,208.34.84.168,208.4.181.28,208.4.181.30,208.4.80.37,208.42.179.91,208.43.130.232,208.43.255.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (91)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500180; rev:2006;)
alert udp [207.61.241.100,207.70.158.87,207.71.245.2,208.100.3.12,208.100.31.49,208.101.19.98,208.101.9.140,208.110.72.86,208.110.86.246,208.111.39.110,208.111.39.248,208.113.57.2,208.116.233.21,208.166.49.194,208.167.229.147,208.17.74.32,208.176.108.155,208.176.232.85,208.177.147.54,208.187.31.122,208.2.135.10,208.254.21.242,208.34.209.240,208.34.84.168,208.4.181.28,208.4.181.30,208.4.80.37,208.42.179.91,208.43.130.232,208.43.255.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (91)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500181; rev:2006;)
alert tcp [208.64.31.83,208.66.225.50,208.66.43.19,208.67.252.82,208.70.186.150,208.71.129.216,208.71.169.136,208.71.199.71,208.71.89.218,208.73.210.28,208.73.36.18,208.74.160.105,208.74.79.100,208.75.87.48,208.77.80.4,208.78.242.184,208.80.80.250,208.81.124.3,208.82.108.36,208.82.117.89,208.83.124.80,208.83.223.74,208.84.146.88,208.85.4.194,208.86.248.132,208.86.252.15,208.87.1.213,208.87.24.155,208.87.24.158,208.87.24.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (92)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500182; rev:2006;)
alert udp [208.64.31.83,208.66.225.50,208.66.43.19,208.67.252.82,208.70.186.150,208.71.129.216,208.71.169.136,208.71.199.71,208.71.89.218,208.73.210.28,208.73.36.18,208.74.160.105,208.74.79.100,208.75.87.48,208.77.80.4,208.78.242.184,208.80.80.250,208.81.124.3,208.82.108.36,208.82.117.89,208.83.124.80,208.83.223.74,208.84.146.88,208.85.4.194,208.86.248.132,208.86.252.15,208.87.1.213,208.87.24.155,208.87.24.158,208.87.24.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (92)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500183; rev:2006;)
alert tcp [208.87.79.209,208.88.8.209,208.90.176.86,208.92.234.23,208.96.213.149,209.117.137.218,209.123.128.10,209.124.47.27,209.124.50.16,209.134.141.36,209.160.33.15,209.160.40.231,209.160.64.19,209.165.147.53,209.167.43.79,209.169.158.245,209.169.158.246,209.172.34.177,209.172.55.186,209.172.59.131,209.177.229.74,209.19.170.100,209.190.73.87,209.190.93.114,209.200.240.78,209.205.64.112,209.206.227.238,209.210.239.8,209.211.7.1,209.216.203.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (93)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500184; rev:2006;)
alert udp [208.87.79.209,208.88.8.209,208.90.176.86,208.92.234.23,208.96.213.149,209.117.137.218,209.123.128.10,209.124.47.27,209.124.50.16,209.134.141.36,209.160.33.15,209.160.40.231,209.160.64.19,209.165.147.53,209.167.43.79,209.169.158.245,209.169.158.246,209.172.34.177,209.172.55.186,209.172.59.131,209.177.229.74,209.19.170.100,209.190.73.87,209.190.93.114,209.200.240.78,209.205.64.112,209.206.227.238,209.210.239.8,209.211.7.1,209.216.203.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (93)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500185; rev:2006;)
alert tcp [209.216.8.220,209.23.122.243,209.237.226.14,209.241.232.100,209.251.35.176,209.40.205.130,209.45.40.174,209.51.154.50,209.51.195.117,209.58.253.220,209.59.178.53,209.59.216.180,209.59.221.180,209.62.91.98,209.90.108.2,210.0.201.114,210.1.31.83,210.105.102.98,210.107.197.151,210.114.174.50,210.115.47.189,210.116.103.118,210.118.74.155,210.127.209.41,210.127.253.13,210.13.73.30,210.131.96.105,210.135.84.186,210.146.20.42,210.15.238.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (94)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500186; rev:2006;)
alert udp [209.216.8.220,209.23.122.243,209.237.226.14,209.241.232.100,209.251.35.176,209.40.205.130,209.45.40.174,209.51.154.50,209.51.195.117,209.58.253.220,209.59.178.53,209.59.216.180,209.59.221.180,209.62.91.98,209.90.108.2,210.0.201.114,210.1.31.83,210.105.102.98,210.107.197.151,210.114.174.50,210.115.47.189,210.116.103.118,210.118.74.155,210.127.209.41,210.127.253.13,210.13.73.30,210.131.96.105,210.135.84.186,210.146.20.42,210.15.238.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (94)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500187; rev:2006;)
alert tcp [210.155.157.227,210.17.16.105,210.17.246.30,210.171.29.144,210.171.29.78,210.172.0.44,210.174.175.84,210.174.30.209,210.177.57.38,210.187.51.36,210.187.51.38,210.187.51.56,210.188.206.40,210.188.216.91,210.188.236.41,210.188.25.16,210.189.77.55,210.19.202.202,210.194.238.176,210.197.70.164,210.202.206.8,210.202.34.161,210.203.194.156,210.204.32.2,210.205.6.116,210.207.102.149,210.21.220.84,210.21.221.156,210.211.98.57,210.212.168.161] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (95)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500188; rev:2006;)
alert udp [210.155.157.227,210.17.16.105,210.17.246.30,210.171.29.144,210.171.29.78,210.172.0.44,210.174.175.84,210.174.30.209,210.177.57.38,210.187.51.36,210.187.51.38,210.187.51.56,210.188.206.40,210.188.216.91,210.188.236.41,210.188.25.16,210.189.77.55,210.19.202.202,210.194.238.176,210.197.70.164,210.202.206.8,210.202.34.161,210.203.194.156,210.204.32.2,210.205.6.116,210.207.102.149,210.21.220.84,210.21.221.156,210.211.98.57,210.212.168.161] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (95)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500189; rev:2006;)
alert tcp [210.212.216.228,210.213.241.18,210.217.3.66,210.219.173.211,210.22.108.78,210.22.13.45,210.22.188.62,210.225.214.30,210.229.138.244,210.230.186.229,210.233.69.234,210.233.71.116,210.236.94.241,210.240.125.5,210.240.134.144,210.240.188.115,210.240.38.138,210.240.43.2,210.242.175.71,210.245.84.3,210.251.177.171,210.26.48.33,210.27.80.28,210.4.125.176,210.48.149.26,210.5.184.212,210.5.42.233,210.5.43.240,210.50.189.221,210.51.166.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (96)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500190; rev:2006;)
alert udp [210.212.216.228,210.213.241.18,210.217.3.66,210.219.173.211,210.22.108.78,210.22.13.45,210.22.188.62,210.225.214.30,210.229.138.244,210.230.186.229,210.233.69.234,210.233.71.116,210.236.94.241,210.240.125.5,210.240.134.144,210.240.188.115,210.240.38.138,210.240.43.2,210.242.175.71,210.245.84.3,210.251.177.171,210.26.48.33,210.27.80.28,210.4.125.176,210.48.149.26,210.5.184.212,210.5.42.233,210.5.43.240,210.50.189.221,210.51.166.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (96)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500191; rev:2006;)
alert tcp [210.51.17.222,210.51.174.96,210.51.180.212,210.51.184.105,210.51.187.193,210.51.225.185,210.51.47.167,210.51.48.209,210.51.54.140,210.51.57.252,210.57.210.2,210.58.101.232,210.59.110.170,210.59.186.238,210.60.107.12,210.60.63.28,210.66.37.245,210.68.243.46,210.70.118.8,210.70.118.9,210.70.162.20,210.75.18.38,210.75.215.5,210.82.49.53,210.91.8.104,211.10.131.190,211.100.30.157,211.100.61.233,211.103.244.179,211.106.104.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (97)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500192; rev:2006;)
alert udp [210.51.17.222,210.51.174.96,210.51.180.212,210.51.184.105,210.51.187.193,210.51.225.185,210.51.47.167,210.51.48.209,210.51.54.140,210.51.57.252,210.57.210.2,210.58.101.232,210.59.110.170,210.59.186.238,210.60.107.12,210.60.63.28,210.66.37.245,210.68.243.46,210.70.118.8,210.70.118.9,210.70.162.20,210.75.18.38,210.75.215.5,210.82.49.53,210.91.8.104,211.10.131.190,211.100.30.157,211.100.61.233,211.103.244.179,211.106.104.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (97)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500193; rev:2006;)
alert tcp [211.106.179.2,211.107.42.233,211.109.103.121,211.109.179.47,211.110.60.3,211.115.111.119,211.115.125.130,211.116.156.118,211.124.93.32,211.13.127.193,211.138.85.34,211.139.92.253,211.142.248.21,211.144.110.138,211.144.132.46,211.144.136.44,211.144.158.130,211.144.207.44,211.144.95.7,211.147.211.72,211.147.212.2,211.148.1.19,211.151.67.81,211.151.67.82,211.151.79.100,211.151.94.195,211.152.35.61,211.152.55.194,211.154.133.20,211.154.142.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (98)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500194; rev:2006;)
alert udp [211.106.179.2,211.107.42.233,211.109.103.121,211.109.179.47,211.110.60.3,211.115.111.119,211.115.125.130,211.116.156.118,211.124.93.32,211.13.127.193,211.138.85.34,211.139.92.253,211.142.248.21,211.144.110.138,211.144.132.46,211.144.136.44,211.144.158.130,211.144.207.44,211.144.95.7,211.147.211.72,211.147.212.2,211.148.1.19,211.151.67.81,211.151.67.82,211.151.79.100,211.151.94.195,211.152.35.61,211.152.55.194,211.154.133.20,211.154.142.153] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (98)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500195; rev:2006;)
alert tcp [211.154.145.152,211.154.215.103,211.154.215.174,211.154.43.11,211.157.10.183,211.162.68.107,211.167.92.234,211.174.61.80,211.180.64.80,211.191.168.107,211.191.168.223,211.191.168.25,211.191.181.14,211.196.91.53,211.20.132.10,211.20.227.195,211.20.87.171,211.206.120.177,211.206.125.175,211.210.38.112,211.210.38.94,211.214.161.158,211.215.19.229,211.220.146.217,211.220.195.185,211.223.140.23,211.227.76.253,211.232.105.19,211.232.125.166,211.233.38.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (99)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500196; rev:2006;)
alert udp [211.154.145.152,211.154.215.103,211.154.215.174,211.154.43.11,211.157.10.183,211.162.68.107,211.167.92.234,211.174.61.80,211.180.64.80,211.191.168.107,211.191.168.223,211.191.168.25,211.191.181.14,211.196.91.53,211.20.132.10,211.20.227.195,211.20.87.171,211.206.120.177,211.206.125.175,211.210.38.112,211.210.38.94,211.214.161.158,211.215.19.229,211.220.146.217,211.220.195.185,211.223.140.23,211.227.76.253,211.232.105.19,211.232.125.166,211.233.38.86] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (99)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500197; rev:2006;)
alert tcp [211.233.66.45,211.234.119.3,211.234.119.56,211.234.119.8,211.234.122.134,211.235.245.121,211.236.174.172,211.237.24.241,211.237.38.115,211.245.216.181,211.245.23.155,211.25.254.234,211.254.130.116,211.39.132.118,211.40.193.5,211.43.195.170,211.43.222.156,211.44.183.77,211.45.112.20,211.47.189.21,211.62.35.223,211.63.6.91,211.72.160.156,211.72.229.49,211.75.201.244,211.75.66.200,211.75.67.201,211.78.18.90,211.78.87.204,211.86.56.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (100)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500198; rev:2006;)
alert udp [211.233.66.45,211.234.119.3,211.234.119.56,211.234.119.8,211.234.122.134,211.235.245.121,211.236.174.172,211.237.24.241,211.237.38.115,211.245.216.181,211.245.23.155,211.25.254.234,211.254.130.116,211.39.132.118,211.40.193.5,211.43.195.170,211.43.222.156,211.44.183.77,211.45.112.20,211.47.189.21,211.62.35.223,211.63.6.91,211.72.160.156,211.72.229.49,211.75.201.244,211.75.66.200,211.75.67.201,211.78.18.90,211.78.87.204,211.86.56.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (100)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500199; rev:2006;)
alert tcp [211.88.20.15,211.92.40.42,211.94.156.169,211.94.165.232,211.94.189.120,211.98.198.124,212.1.248.30,212.100.49.44,212.101.19.245,212.103.194.188,212.107.137.34,212.111.208.2,212.112.114.130,212.115.192.198,212.117.165.219,212.117.174.163,212.117.180.52,212.117.187.10,212.117.4.235,212.117.9.82,212.12.2.28,212.122.222.13,212.124.175.131,212.126.218.242,212.128.144.98,212.13.195.55,212.130.47.205,212.142.104.137,212.144.118.131,212.146.68.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (101)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500200; rev:2006;)
alert udp [211.88.20.15,211.92.40.42,211.94.156.169,211.94.165.232,211.94.189.120,211.98.198.124,212.1.248.30,212.100.49.44,212.101.19.245,212.103.194.188,212.107.137.34,212.111.208.2,212.112.114.130,212.115.192.198,212.117.165.219,212.117.174.163,212.117.180.52,212.117.187.10,212.117.4.235,212.117.9.82,212.12.2.28,212.122.222.13,212.124.175.131,212.126.218.242,212.128.144.98,212.13.195.55,212.130.47.205,212.142.104.137,212.144.118.131,212.146.68.64] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (101)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500201; rev:2006;)
alert tcp [212.150.123.120,212.150.176.98,212.152.111.117,212.154.211.207,212.156.65.78,212.156.70.146,212.166.231.96,212.166.63.125,212.174.252.40,212.174.253.8,212.175.177.134,212.18.192.18,212.180.58.122,212.182.127.227,212.182.129.59,212.183.164.42,212.186.161.12,212.19.8.189,212.191.90.142,212.192.244.8,212.192.250.207,212.193.230.207,212.199.103.94,212.20.112.2,212.202.124.69,212.202.87.195,212.21.101.201,212.21.20.78,212.21.6.173,212.214.71.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (102)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500202; rev:2006;)
alert udp [212.150.123.120,212.150.176.98,212.152.111.117,212.154.211.207,212.156.65.78,212.156.70.146,212.166.231.96,212.166.63.125,212.174.252.40,212.174.253.8,212.175.177.134,212.18.192.18,212.180.58.122,212.182.127.227,212.182.129.59,212.183.164.42,212.186.161.12,212.19.8.189,212.191.90.142,212.192.244.8,212.192.250.207,212.193.230.207,212.199.103.94,212.20.112.2,212.202.124.69,212.202.87.195,212.21.101.201,212.21.20.78,212.21.6.173,212.214.71.110] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (102)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500203; rev:2006;)
alert tcp [212.225.244.92,212.226.118.12,212.227.88.83,212.230.185.152,212.235.66.229,212.235.82.4,212.24.129.118,212.24.143.60,212.244.27.250,212.244.6.200,212.247.175.67,212.248.18.58,212.25.72.185,212.251.139.217,212.251.177.57,212.252.32.68,212.252.32.69,212.252.32.71,212.28.152.66,212.33.27.26,212.33.72.201,212.33.76.120,212.34.136.33,212.34.138.143,212.34.138.192,212.36.11.13,212.43.245.234,212.45.53.176,212.46.128.9,212.51.216.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (103)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500204; rev:2006;)
alert udp [212.225.244.92,212.226.118.12,212.227.88.83,212.230.185.152,212.235.66.229,212.235.82.4,212.24.129.118,212.24.143.60,212.244.27.250,212.244.6.200,212.247.175.67,212.248.18.58,212.25.72.185,212.251.139.217,212.251.177.57,212.252.32.68,212.252.32.69,212.252.32.71,212.28.152.66,212.33.27.26,212.33.72.201,212.33.76.120,212.34.136.33,212.34.138.143,212.34.138.192,212.36.11.13,212.43.245.234,212.45.53.176,212.46.128.9,212.51.216.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (103)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500205; rev:2006;)
alert tcp [212.52.41.252,212.59.58.3,212.60.66.203,212.61.228.162,212.62.112.140,212.69.195.210,212.69.197.78,212.69.209.232,212.73.128.138,212.73.54.154,212.75.118.218,212.85.152.115,212.86.41.30,212.9.176.110,212.90.163.154,212.91.166.140,212.95.54.216,212.96.47.151,212.96.47.22,212.99.231.69,213.114.174.113,213.128.67.194,213.128.82.135,213.133.101.163,213.144.99.113,213.146.180.253,213.149.138.43,213.150.107.74,213.151.175.136,213.151.89.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (104)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500206; rev:2006;)
alert udp [212.52.41.252,212.59.58.3,212.60.66.203,212.61.228.162,212.62.112.140,212.69.195.210,212.69.197.78,212.69.209.232,212.73.128.138,212.73.54.154,212.75.118.218,212.85.152.115,212.86.41.30,212.9.176.110,212.90.163.154,212.91.166.140,212.95.54.216,212.96.47.151,212.96.47.22,212.99.231.69,213.114.174.113,213.128.67.194,213.128.82.135,213.133.101.163,213.144.99.113,213.146.180.253,213.149.138.43,213.150.107.74,213.151.175.136,213.151.89.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (104)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500207; rev:2006;)
alert tcp [213.155.18.200,213.155.21.88,213.155.24.236,213.16.105.133,213.162.55.40,213.165.79.73,213.167.17.68,213.171.53.19,213.172.36.130,213.175.203.74,213.176.138.2,213.178.224.168,213.179.142.117,213.180.77.102,213.180.77.213,213.180.84.248,213.180.84.51,213.180.89.204,213.180.92.170,213.184.192.82,213.186.33.87,213.187.77.6,213.188.200.44,213.188.35.29,213.192.6.30,213.192.60.113,213.193.231.204,213.193.236.201,213.202.225.90,213.203.203.48] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (105)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500208; rev:2006;)
alert udp [213.155.18.200,213.155.21.88,213.155.24.236,213.16.105.133,213.162.55.40,213.165.79.73,213.167.17.68,213.171.53.19,213.172.36.130,213.175.203.74,213.176.138.2,213.178.224.168,213.179.142.117,213.180.77.102,213.180.77.213,213.180.84.248,213.180.84.51,213.180.89.204,213.180.92.170,213.184.192.82,213.186.33.87,213.187.77.6,213.188.200.44,213.188.35.29,213.192.6.30,213.192.60.113,213.193.231.204,213.193.236.201,213.202.225.90,213.203.203.48] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (105)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500209; rev:2006;)
alert tcp [213.203.230.24,213.207.93.121,213.210.87.237,213.218.114.91,213.218.140.64,213.218.142.201,213.223.38.100,213.228.144.24,213.228.226.54,213.232.110.183,213.232.24.66,213.239.193.50,213.239.204.177,213.239.206.205,213.239.206.72,213.239.210.169,213.239.211.196,213.239.211.39,213.239.211.56,213.239.213.81,213.239.216.153,213.239.216.190,213.239.217.226,213.239.219.117,213.240.244.17,213.242.100.252,213.242.253.15,213.246.39.170,213.248.53.114,213.248.70.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (106)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500210; rev:2006;)
alert udp [213.203.230.24,213.207.93.121,213.210.87.237,213.218.114.91,213.218.140.64,213.218.142.201,213.223.38.100,213.228.144.24,213.228.226.54,213.232.110.183,213.232.24.66,213.239.193.50,213.239.204.177,213.239.206.205,213.239.206.72,213.239.210.169,213.239.211.196,213.239.211.39,213.239.211.56,213.239.213.81,213.239.216.153,213.239.216.190,213.239.217.226,213.239.219.117,213.240.244.17,213.242.100.252,213.242.253.15,213.246.39.170,213.248.53.114,213.248.70.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (106)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500211; rev:2006;)
alert tcp [213.250.93.231,213.252.174.51,213.29.58.52,213.39.252.98,213.41.232.125,213.5.65.169,213.5.65.200,213.58.172.115,213.6.229.46,213.80.73.45,213.81.135.106,213.82.56.66,213.9.33.32,213.9.98.90,213.92.109.64,213.92.118.207,213.92.12.224,213.96.215.7,213.97.40.36,213.98.87.199,216.1.10.228,216.103.65.60,216.107.124.165,216.109.73.21,216.119.103.32,216.12.207.250,216.120.143.122,216.120.143.68,216.121.5.180,216.127.170.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (107)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500212; rev:2006;)
alert udp [213.250.93.231,213.252.174.51,213.29.58.52,213.39.252.98,213.41.232.125,213.5.65.169,213.5.65.200,213.58.172.115,213.6.229.46,213.80.73.45,213.81.135.106,213.82.56.66,213.9.33.32,213.9.98.90,213.92.109.64,213.92.118.207,213.92.12.224,213.96.215.7,213.97.40.36,213.98.87.199,216.1.10.228,216.103.65.60,216.107.124.165,216.109.73.21,216.119.103.32,216.12.207.250,216.120.143.122,216.120.143.68,216.121.5.180,216.127.170.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (107)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500213; rev:2006;)
alert tcp [216.131.94.80,216.131.95.80,216.139.181.67,216.14.115.44,216.14.80.253,216.155.138.85,216.155.154.171,216.167.179.37,216.167.238.32,216.174.107.215,216.18.67.5,216.187.185.98,216.187.95.134,216.191.201.228,216.205.103.46,216.206.242.200,216.208.135.135,216.218.207.155,216.24.163.135,216.240.180.195,216.245.198.210,216.246.5.2,216.248.6.194,216.250.243.62,216.37.12.227,216.40.33.31,216.45.55.77,216.46.131.246,216.55.143.239,216.55.164.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (108)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500214; rev:2006;)
alert udp [216.131.94.80,216.131.95.80,216.139.181.67,216.14.115.44,216.14.80.253,216.155.138.85,216.155.154.171,216.167.179.37,216.167.238.32,216.174.107.215,216.18.67.5,216.187.185.98,216.187.95.134,216.191.201.228,216.205.103.46,216.206.242.200,216.208.135.135,216.218.207.155,216.24.163.135,216.240.180.195,216.245.198.210,216.246.5.2,216.248.6.194,216.250.243.62,216.37.12.227,216.40.33.31,216.45.55.77,216.46.131.246,216.55.143.239,216.55.164.20] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (108)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500215; rev:2006;)
alert tcp [216.58.80.54,216.64.171.55,216.74.165.140,216.75.15.121,216.8.160.137,216.83.51.180,216.86.207.27,217.11.253.210,217.11.60.66,217.112.118.194,217.112.135.3,217.113.129.100,217.113.131.204,217.113.138.17,217.114.210.190,217.114.215.199,217.114.215.218,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.115.192.144,217.115.199.215,217.116.8.238,217.117.213.26,217.117.28.119,217.117.28.152,217.117.28.85,217.118.181.118,217.119.124.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (109)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500216; rev:2006;)
alert udp [216.58.80.54,216.64.171.55,216.74.165.140,216.75.15.121,216.8.160.137,216.83.51.180,216.86.207.27,217.11.253.210,217.11.60.66,217.112.118.194,217.112.135.3,217.113.129.100,217.113.131.204,217.113.138.17,217.114.210.190,217.114.215.199,217.114.215.218,217.114.227.73,217.114.233.66,217.114.234.24,217.114.239.19,217.115.192.144,217.115.199.215,217.116.8.238,217.117.213.26,217.117.28.119,217.117.28.152,217.117.28.85,217.118.181.118,217.119.124.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (109)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500217; rev:2006;)
alert tcp [217.119.124.50,217.120.19.249,217.127.105.46,217.127.157.42,217.127.167.90,217.127.71.155,217.128.219.207,217.128.229.129,217.13.196.152,217.131.3.37,217.132.65.9,217.133.85.112,217.139.134.107,217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.147.44.187,217.148.84.181,217.149.245.166,217.15.117.102,217.15.25.94,217.151.118.19,217.151.135.192,217.151.135.77,217.153.165.58,217.16.28.65] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (110)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500218; rev:2006;)
alert udp [217.119.124.50,217.120.19.249,217.127.105.46,217.127.157.42,217.127.167.90,217.127.71.155,217.128.219.207,217.128.229.129,217.13.196.152,217.131.3.37,217.132.65.9,217.133.85.112,217.139.134.107,217.144.193.198,217.144.202.238,217.144.205.110,217.144.208.27,217.144.217.140,217.144.218.158,217.144.220.5,217.147.44.187,217.148.84.181,217.149.245.166,217.15.117.102,217.15.25.94,217.151.118.19,217.151.135.192,217.151.135.77,217.153.165.58,217.16.28.65] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (110)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500219; rev:2006;)
alert tcp [217.16.83.178,217.160.129.160,217.160.171.207,217.160.220.218,217.160.222.101,217.162.117.185,217.162.204.57,217.162.224.124,217.162.34.74,217.162.35.92,217.162.54.59,217.165.236.245,217.165.6.27,217.165.94.34,217.166.58.100,217.169.15.53,217.170.1.185,217.170.16.140,217.171.129.66,217.173.26.248,217.174.103.232,217.174.104.187,217.174.253.116,217.175.10.207,217.175.33.42,217.175.43.165,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (111)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500220; rev:2006;)
alert udp [217.16.83.178,217.160.129.160,217.160.171.207,217.160.220.218,217.160.222.101,217.162.117.185,217.162.204.57,217.162.224.124,217.162.34.74,217.162.35.92,217.162.54.59,217.165.236.245,217.165.6.27,217.165.94.34,217.166.58.100,217.169.15.53,217.170.1.185,217.170.16.140,217.171.129.66,217.173.26.248,217.174.103.232,217.174.104.187,217.174.253.116,217.175.10.207,217.175.33.42,217.175.43.165,217.185.108.183,217.19.121.205,217.19.126.245,217.19.22.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (111)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500221; rev:2006;)
alert tcp [217.19.227.201,217.194.170.66,217.195.17.3,217.196.160.50,217.196.166.138,217.196.213.103,217.197.241.56,217.197.249.50,217.198.115.18,217.198.210.230,217.20.127.43,217.20.171.136,217.20.47.86,217.201.107.239,217.201.14.23,217.201.158.226,217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.207.217.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (112)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500222; rev:2006;)
alert udp [217.19.227.201,217.194.170.66,217.195.17.3,217.196.160.50,217.196.166.138,217.196.213.103,217.197.241.56,217.197.249.50,217.198.115.18,217.198.210.230,217.20.127.43,217.20.171.136,217.20.47.86,217.201.107.239,217.201.14.23,217.201.158.226,217.201.58.214,217.201.79.147,217.201.98.12,217.202.124.240,217.202.145.35,217.202.164.206,217.202.214.116,217.202.62.169,217.202.98.211,217.203.149.26,217.203.20.81,217.203.221.190,217.203.235.143,217.207.217.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (112)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500223; rev:2006;)
alert tcp [217.216.65.110,217.216.65.8,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.83.174,217.218.98.254,217.219.115.151,217.219.211.85,217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.23.133.80,217.231.230.238,217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.24.125.134,217.24.176.242,217.24.180.220,217.24.240.102,217.24.240.68,217.243.191.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (113)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500224; rev:2006;)
alert udp [217.216.65.110,217.216.65.8,217.217.153.114,217.217.166.76,217.217.167.95,217.217.178.137,217.217.83.174,217.218.98.254,217.219.115.151,217.219.211.85,217.226.140.234,217.226.90.186,217.227.1.27,217.227.14.145,217.228.107.218,217.23.133.80,217.231.230.238,217.233.189.22,217.233.71.86,217.234.209.94,217.235.186.79,217.235.239.217,217.238.10.219,217.238.91.82,217.24.125.134,217.24.176.242,217.24.180.220,217.24.240.102,217.24.240.68,217.243.191.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (113)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500225; rev:2006;)
alert tcp [217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.227.130,217.253.184.197,217.255.212.221,217.27.212.129,217.29.93.66,217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.56.105.26,217.63.66.133,217.64.173.227,217.64.25.111,217.64.28.55,217.64.29.234,217.65.100.16,217.67.22.144,217.68.171.13,217.68.173.23,217.69.83.51,217.7.135.194,217.70.51.79,217.71.167.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (114)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500226; rev:2006;)
alert udp [217.247.243.232,217.248.247.2,217.249.31.190,217.249.59.29,217.25.123.74,217.25.227.130,217.253.184.197,217.255.212.221,217.27.212.129,217.29.93.66,217.31.180.226,217.31.36.121,217.43.224.127,217.43.4.252,217.44.103.249,217.5.199.171,217.56.105.26,217.63.66.133,217.64.173.227,217.64.25.111,217.64.28.55,217.64.29.234,217.65.100.16,217.67.22.144,217.68.171.13,217.68.173.23,217.69.83.51,217.7.135.194,217.70.51.79,217.71.167.229] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (114)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500227; rev:2006;)
alert tcp [217.72.154.52,217.72.249.198,217.76.92.24,217.78.8.20,217.79.93.196,217.8.188.2,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166,217.83.103.152,217.85.179.191,217.87.201.186,217.87.97.1,217.91.102.84,217.91.63.216,217.92.52.205,217.92.59.216,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.165.73,218.0.1.3,218.1.69.241,218.101.6.204,218.104.207.110,218.106.246.202,218.106.246.65,218.108.0.77] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (115)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500228; rev:2006;)
alert udp [217.72.154.52,217.72.249.198,217.76.92.24,217.78.8.20,217.79.93.196,217.8.188.2,217.8.92.193,217.8.95.155,217.80.255.251,217.82.191.166,217.83.103.152,217.85.179.191,217.87.201.186,217.87.97.1,217.91.102.84,217.91.63.216,217.92.52.205,217.92.59.216,217.93.100.25,217.93.101.176,217.93.91.128,217.94.56.158,217.97.165.73,218.0.1.3,218.1.69.241,218.101.6.204,218.104.207.110,218.106.246.202,218.106.246.65,218.108.0.77] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (115)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500229; rev:2006;)
alert tcp [218.108.234.208,218.108.235.86,218.12.198.70,218.14.203.205,218.145.128.230,218.145.31.251,218.145.31.34,218.147.58.44,218.149.128.214,218.150.78.29,218.16.122.239,218.163.177.245,218.163.92.217,218.169.81.77,218.17.181.162,218.18.106.185,218.18.9.155,218.188.27.232,218.189.173.47,218.189.189.51,218.19.140.4,218.2.129.43,218.201.150.75,218.201.150.78,218.203.185.125,218.204.249.120,218.204.36.114,218.206.170.134,218.206.224.134,218.206.27.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (116)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500230; rev:2006;)
alert udp [218.108.234.208,218.108.235.86,218.12.198.70,218.14.203.205,218.145.128.230,218.145.31.251,218.145.31.34,218.147.58.44,218.149.128.214,218.150.78.29,218.16.122.239,218.163.177.245,218.163.92.217,218.169.81.77,218.17.181.162,218.18.106.185,218.18.9.155,218.188.27.232,218.189.173.47,218.189.189.51,218.19.140.4,218.2.129.43,218.201.150.75,218.201.150.78,218.203.185.125,218.204.249.120,218.204.36.114,218.206.170.134,218.206.224.134,218.206.27.13] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (116)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500231; rev:2006;)
alert tcp [218.208.209.94,218.21.240.105,218.211.150.249,218.214.38.94,218.216.75.100,218.219.70.110,218.22.180.182,218.22.21.11,218.220.3.31,218.220.66.211,218.222.16.112,218.223.38.134,218.225.67.152,218.228.151.225,218.233.89.221,218.234.17.98,218.234.21.57,218.236.58.165,218.237.65.13,218.239.45.146,218.240.28.46,218.240.28.7,218.240.40.25,218.240.43.149,218.241.138.231,218.241.139.67,218.241.154.152,218.241.157.30,218.241.158.18,218.241.173.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (117)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500232; rev:2006;)
alert udp [218.208.209.94,218.21.240.105,218.211.150.249,218.214.38.94,218.216.75.100,218.219.70.110,218.22.180.182,218.22.21.11,218.220.3.31,218.220.66.211,218.222.16.112,218.223.38.134,218.225.67.152,218.228.151.225,218.233.89.221,218.234.17.98,218.234.21.57,218.236.58.165,218.237.65.13,218.239.45.146,218.240.28.46,218.240.28.7,218.240.40.25,218.240.43.149,218.241.138.231,218.241.139.67,218.241.154.152,218.241.157.30,218.241.158.18,218.241.173.8] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (117)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500233; rev:2006;)
alert tcp [218.241.181.132,218.241.86.190,218.242.7.2,218.244.176.35,218.246.34.174,218.248.21.170,218.248.42.133,218.25.89.40,218.25.99.135,218.251.29.144,218.251.32.117,218.254.156.192,218.26.117.113,218.27.6.188,218.28.221.103,218.29.86.86,218.29.97.144,218.29.97.209,218.3.166.194,218.30.91.203,218.38.136.38,218.38.16.66,218.38.19.252,218.38.28.135,218.38.54.157,218.4.157.178,218.4.205.201,218.41.60.118,218.43.197.215,218.44.119.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (118)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500234; rev:2006;)
alert udp [218.241.181.132,218.241.86.190,218.242.7.2,218.244.176.35,218.246.34.174,218.248.21.170,218.248.42.133,218.25.89.40,218.25.99.135,218.251.29.144,218.251.32.117,218.254.156.192,218.26.117.113,218.27.6.188,218.28.221.103,218.29.86.86,218.29.97.144,218.29.97.209,218.3.166.194,218.30.91.203,218.38.136.38,218.38.16.66,218.38.19.252,218.38.28.135,218.38.54.157,218.4.157.178,218.4.205.201,218.41.60.118,218.43.197.215,218.44.119.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (118)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500235; rev:2006;)
alert tcp [218.44.36.109,218.45.55.220,218.47.238.108,218.5.4.246,218.5.64.100,218.50.190.60,218.52.60.54,218.55.227.178,218.56.32.108,218.6.15.29,218.6.16.133,218.60.1.95,218.60.8.84,218.63.241.157,218.64.215.239,218.64.5.131,218.64.53.176,218.65.110.180,218.69.106.52,218.69.248.24,218.70.66.187,218.75.22.139,218.75.79.18,218.75.79.19,218.76.215.174,218.78.209.253,218.8.82.99,218.80.193.59,218.83.160.76,218.90.174.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (119)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500236; rev:2006;)
alert udp [218.44.36.109,218.45.55.220,218.47.238.108,218.5.4.246,218.5.64.100,218.50.190.60,218.52.60.54,218.55.227.178,218.56.32.108,218.6.15.29,218.6.16.133,218.60.1.95,218.60.8.84,218.63.241.157,218.64.215.239,218.64.5.131,218.64.53.176,218.65.110.180,218.69.106.52,218.69.248.24,218.70.66.187,218.75.22.139,218.75.79.18,218.75.79.19,218.76.215.174,218.78.209.253,218.8.82.99,218.80.193.59,218.83.160.76,218.90.174.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (119)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500237; rev:2006;)
alert tcp [218.90.183.190,218.91.236.82,218.93.122.136,218.93.18.163,218.93.205.118,218.93.205.205,218.93.248.112,218.93.9.237,218.94.11.45,218.97.194.94,219.101.42.89,219.106.249.115,219.110.175.102,219.111.16.42,219.115.27.120,219.117.221.218,219.117.230.241,219.117.236.182,219.117.237.180,219.117.244.212,219.117.245.243,219.121.30.157,219.122.209.251,219.122.229.172,219.122.9.173,219.133.59.40,219.134.65.105,219.136.242.243,219.139.243.236,219.140.173.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (120)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500238; rev:2006;)
alert udp [218.90.183.190,218.91.236.82,218.93.122.136,218.93.18.163,218.93.205.118,218.93.205.205,218.93.248.112,218.93.9.237,218.94.11.45,218.97.194.94,219.101.42.89,219.106.249.115,219.110.175.102,219.111.16.42,219.115.27.120,219.117.221.218,219.117.230.241,219.117.236.182,219.117.237.180,219.117.244.212,219.117.245.243,219.121.30.157,219.122.209.251,219.122.229.172,219.122.9.173,219.133.59.40,219.134.65.105,219.136.242.243,219.139.243.236,219.140.173.216] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (120)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500239; rev:2006;)
alert tcp [219.140.177.101,219.142.121.43,219.142.69.203,219.143.116.159,219.143.208.17,219.143.33.158,219.143.35.173,219.143.38.232,219.143.38.233,219.143.46.242,219.147.134.22,219.147.255.179,219.147.9.114,219.148.33.144,219.148.34.95,219.149.43.254,219.150.144.58,219.154.210.118,219.154.210.76,219.159.77.90,219.160.25.50,219.160.250.95,219.165.195.56,219.166.142.132,219.166.26.133,219.166.8.45,219.218.160.80,219.228.15.34,219.232.227.216,219.232.228.121] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (121)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500240; rev:2006;)
alert udp [219.140.177.101,219.142.121.43,219.142.69.203,219.143.116.159,219.143.208.17,219.143.33.158,219.143.35.173,219.143.38.232,219.143.38.233,219.143.46.242,219.147.134.22,219.147.255.179,219.147.9.114,219.148.33.144,219.148.34.95,219.149.43.254,219.150.144.58,219.154.210.118,219.154.210.76,219.159.77.90,219.160.25.50,219.160.250.95,219.165.195.56,219.166.142.132,219.166.26.133,219.166.8.45,219.218.160.80,219.228.15.34,219.232.227.216,219.232.228.121] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (121)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500241; rev:2006;)
alert tcp [219.232.237.151,219.232.241.42,219.234.133.138,219.235.4.123,219.237.201.88,219.238.129.26,219.238.147.45,219.240.39.213,219.254.35.191,219.35.76.15,219.75.212.179,219.80.33.54,219.83.125.246,219.84.115.12,219.84.229.5,219.84.99.80,219.85.138.20,219.85.169.121,219.86.132.86,219.87.129.92,219.87.151.158,219.87.179.18,219.90.118.135,219.90.119.155,219.90.119.182,219.91.108.158,219.91.136.37,219.91.242.82,219.94.132.153,219.94.144.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (122)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500242; rev:2006;)
alert udp [219.232.237.151,219.232.241.42,219.234.133.138,219.235.4.123,219.237.201.88,219.238.129.26,219.238.147.45,219.240.39.213,219.254.35.191,219.35.76.15,219.75.212.179,219.80.33.54,219.83.125.246,219.84.115.12,219.84.229.5,219.84.99.80,219.85.138.20,219.85.169.121,219.86.132.86,219.87.129.92,219.87.151.158,219.87.179.18,219.90.118.135,219.90.119.155,219.90.119.182,219.91.108.158,219.91.136.37,219.91.242.82,219.94.132.153,219.94.144.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (122)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500243; rev:2006;)
alert tcp [219.94.148.202,219.94.148.63,219.94.153.142,219.94.165.41,219.94.166.33,219.94.167.152,219.94.167.66,219.94.168.208,219.94.175.207,219.94.181.177,219.94.181.42,219.94.181.75,219.94.190.167,219.94.190.27,219.94.190.51,219.94.191.198,219.94.193.216,219.94.197.158,219.94.198.155,219.94.198.156,219.95.235.58,219.96.53.213,219.99.107.58,219.99.218.113,220.104.188.195,220.104.3.136,220.110.162.178,220.110.181.132,220.110.181.133,220.110.194.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (123)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500244; rev:2006;)
alert udp [219.94.148.202,219.94.148.63,219.94.153.142,219.94.165.41,219.94.166.33,219.94.167.152,219.94.167.66,219.94.168.208,219.94.175.207,219.94.181.177,219.94.181.42,219.94.181.75,219.94.190.167,219.94.190.27,219.94.190.51,219.94.191.198,219.94.193.216,219.94.197.158,219.94.198.155,219.94.198.156,219.95.235.58,219.96.53.213,219.99.107.58,219.99.218.113,220.104.188.195,220.104.3.136,220.110.162.178,220.110.181.132,220.110.181.133,220.110.194.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (123)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500245; rev:2006;)
alert tcp [220.110.39.156,220.110.70.50,220.128.226.226,220.128.243.17,220.128.98.96,220.130.135.209,220.130.189.142,220.130.192.251,220.130.208.174,220.130.208.243,220.130.79.104,220.133.116.210,220.133.136.182,220.134.195.125,220.135.52.214,220.135.73.67,220.135.81.45,220.140.65.146,220.146.16.250,220.150.116.196,220.150.128.105,220.150.151.213,220.156.230.163,220.157.225.74,220.162.241.11,220.163.11.27,220.163.124.202,220.165.28.67,220.165.4.26,220.167.166.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (124)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500246; rev:2006;)
alert udp [220.110.39.156,220.110.70.50,220.128.226.226,220.128.243.17,220.128.98.96,220.130.135.209,220.130.189.142,220.130.192.251,220.130.208.174,220.130.208.243,220.130.79.104,220.133.116.210,220.133.136.182,220.134.195.125,220.135.52.214,220.135.73.67,220.135.81.45,220.140.65.146,220.146.16.250,220.150.116.196,220.150.128.105,220.150.151.213,220.156.230.163,220.157.225.74,220.162.241.11,220.163.11.27,220.163.124.202,220.165.28.67,220.165.4.26,220.167.166.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (124)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500247; rev:2006;)
alert tcp [220.168.198.195,220.173.136.52,220.178.16.99,220.181.19.118,220.181.53.231,220.181.53.236,220.181.53.244,220.181.53.245,220.181.87.83,220.182.3.22,220.182.50.84,220.189.219.19,220.191.224.27,220.194.47.84,220.194.62.71,220.213.166.1,220.213.166.180,220.220.148.211,220.220.149.164,220.221.175.39,220.225.126.182,220.225.196.107,220.225.215.165,220.225.225.228,220.225.237.174,220.225.242.181,220.225.247.166,220.225.48.227,220.225.80.135,220.226.204.57] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (125)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500248; rev:2006;)
alert udp [220.168.198.195,220.173.136.52,220.178.16.99,220.181.19.118,220.181.53.231,220.181.53.236,220.181.53.244,220.181.53.245,220.181.87.83,220.182.3.22,220.182.50.84,220.189.219.19,220.191.224.27,220.194.47.84,220.194.62.71,220.213.166.1,220.213.166.180,220.220.148.211,220.220.149.164,220.221.175.39,220.225.126.182,220.225.196.107,220.225.215.165,220.225.225.228,220.225.237.174,220.225.242.181,220.225.247.166,220.225.48.227,220.225.80.135,220.226.204.57] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (125)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500249; rev:2006;)
alert tcp [220.226.4.44,220.227.236.77,220.227.52.98,220.227.54.149,220.227.54.157,220.228.153.76,220.229.218.74,220.229.40.241,220.232.130.218,220.232.237.32,220.232.237.38,220.233.235.231,220.233.253.114,220.241.138.210,220.241.34.149,220.245.16.149,220.247.214.179,220.247.221.27,220.247.223.54,220.247.224.52,220.248.195.27,220.248.224.162,220.248.225.91,220.248.4.202,220.255.7.223,220.255.7.227,220.66.7.248,220.67.151.7,220.68.100.248,220.68.21.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (126)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500250; rev:2006;)
alert udp [220.226.4.44,220.227.236.77,220.227.52.98,220.227.54.149,220.227.54.157,220.228.153.76,220.229.218.74,220.229.40.241,220.232.130.218,220.232.237.32,220.232.237.38,220.233.235.231,220.233.253.114,220.241.138.210,220.241.34.149,220.245.16.149,220.247.214.179,220.247.221.27,220.247.223.54,220.247.224.52,220.248.195.27,220.248.224.162,220.248.225.91,220.248.4.202,220.255.7.223,220.255.7.227,220.66.7.248,220.67.151.7,220.68.100.248,220.68.21.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (126)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500251; rev:2006;)
alert tcp [220.70.2.137,220.73.163.48,221.0.194.203,221.10.252.223,221.11.1.82,221.11.4.10,221.116.142.90,221.118.137.163,221.120.107.203,221.121.130.10,221.122.104.46,221.122.122.71,221.122.79.40,221.122.79.61,221.128.66.192,221.131.83.196,221.133.91.21,221.139.49.73,221.141.2.13,221.143.20.186,221.143.23.34,221.143.23.40,221.147.245.7,221.179.186.91,221.181.1.155,221.184.161.176,221.186.214.232,221.186.214.237,221.187.166.65,221.188.141.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (127)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500252; rev:2006;)
alert udp [220.70.2.137,220.73.163.48,221.0.194.203,221.10.252.223,221.11.1.82,221.11.4.10,221.116.142.90,221.118.137.163,221.120.107.203,221.121.130.10,221.122.104.46,221.122.122.71,221.122.79.40,221.122.79.61,221.128.66.192,221.131.83.196,221.133.91.21,221.139.49.73,221.141.2.13,221.143.20.186,221.143.23.34,221.143.23.40,221.147.245.7,221.179.186.91,221.181.1.155,221.184.161.176,221.186.214.232,221.186.214.237,221.187.166.65,221.188.141.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (127)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500253; rev:2006;)
alert tcp [221.188.238.229,221.189.133.225,221.191.105.193,221.191.210.29,221.191.231.95,221.192.133.1,221.194.37.91,221.199.11.148,221.204.246.54,221.208.180.12,221.208.194.208,221.210.182.190,221.214.16.178,221.224.81.194,221.230.131.234,221.236.13.113,221.238.21.59,221.239.60.110,221.242.0.194,221.247.58.251,221.3.153.20,221.4.179.226,221.4.242.180,221.7.40.47,221.8.19.76,221.8.67.43,221.8.71.48,221.87.0.46,222.103.197.5,222.112.183.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (128)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500254; rev:2006;)
alert udp [221.188.238.229,221.189.133.225,221.191.105.193,221.191.210.29,221.191.231.95,221.192.133.1,221.194.37.91,221.199.11.148,221.204.246.54,221.208.180.12,221.208.194.208,221.210.182.190,221.214.16.178,221.224.81.194,221.230.131.234,221.236.13.113,221.238.21.59,221.239.60.110,221.242.0.194,221.247.58.251,221.3.153.20,221.4.179.226,221.4.242.180,221.7.40.47,221.8.19.76,221.8.67.43,221.8.71.48,221.87.0.46,222.103.197.5,222.112.183.173] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (128)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500255; rev:2006;)
alert tcp [222.117.124.136,222.122.163.116,222.122.45.30,222.122.46.143,222.122.47.47,222.124.1.66,222.124.193.12,222.124.197.180,222.14.157.122,222.149.126.224,222.150.10.15,222.150.42.30,222.151.218.104,222.158.214.180,222.159.244.128,222.161.58.83,222.165.133.208,222.168.33.114,222.168.5.236,222.169.224.226,222.169.224.67,222.177.24.35,222.184.232.14,222.185.254.132,222.185.254.18,222.186.26.170,222.186.36.238,222.188.10.59,222.19.138.18,222.190.124.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (129)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500256; rev:2006;)
alert udp [222.117.124.136,222.122.163.116,222.122.45.30,222.122.46.143,222.122.47.47,222.124.1.66,222.124.193.12,222.124.197.180,222.14.157.122,222.149.126.224,222.150.10.15,222.150.42.30,222.151.218.104,222.158.214.180,222.159.244.128,222.161.58.83,222.165.133.208,222.168.33.114,222.168.5.236,222.169.224.226,222.169.224.67,222.177.24.35,222.184.232.14,222.185.254.132,222.185.254.18,222.186.26.170,222.186.36.238,222.188.10.59,222.19.138.18,222.190.124.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (129)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500257; rev:2006;)
alert tcp [222.209.209.25,222.218.124.110,222.221.2.210,222.222.32.174,222.231.24.69,222.231.62.40,222.231.63.126,222.236.44.32,222.236.46.241,222.236.46.250,222.236.47.191,222.236.47.79,222.236.47.89,222.237.153.209,222.237.78.139,222.237.78.163,222.237.78.89,222.239.223.72,222.239.78.149,222.240.205.137,222.243.128.2,222.247.48.186,222.247.54.20,222.247.90.41,222.255.236.141,222.255.237.6,222.255.28.246,222.3.249.242,222.33.176.78,222.35.140.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (130)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500258; rev:2006;)
alert udp [222.209.209.25,222.218.124.110,222.221.2.210,222.222.32.174,222.231.24.69,222.231.62.40,222.231.63.126,222.236.44.32,222.236.46.241,222.236.46.250,222.236.47.191,222.236.47.79,222.236.47.89,222.237.153.209,222.237.78.139,222.237.78.163,222.237.78.89,222.239.223.72,222.239.78.149,222.240.205.137,222.243.128.2,222.247.48.186,222.247.54.20,222.247.90.41,222.255.236.141,222.255.237.6,222.255.28.246,222.3.249.242,222.33.176.78,222.35.140.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (130)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500259; rev:2006;)
alert tcp [222.35.143.202,222.35.143.97,222.35.2.94,222.35.33.35,222.35.62.137,222.35.92.44,222.38.2.245,222.45.235.77,222.66.156.194,222.68.223.234,222.73.161.149,222.73.165.93,222.73.228.7,222.73.249.156,222.73.42.16,222.73.57.15,222.73.57.42,222.73.93.143,222.78.251.54,222.87.204.3,222.89.136.149,222.91.160.63,222.91.97.74,222.92.105.182,222.92.117.250,222.96.156.160,222.96.25.5,222.97.189.49,24.100.103.15,24.103.144.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (131)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500260; rev:2006;)
alert udp [222.35.143.202,222.35.143.97,222.35.2.94,222.35.33.35,222.35.62.137,222.35.92.44,222.38.2.245,222.45.235.77,222.66.156.194,222.68.223.234,222.73.161.149,222.73.165.93,222.73.228.7,222.73.249.156,222.73.42.16,222.73.57.15,222.73.57.42,222.73.93.143,222.78.251.54,222.87.204.3,222.89.136.149,222.91.160.63,222.91.97.74,222.92.105.182,222.92.117.250,222.96.156.160,222.96.25.5,222.97.189.49,24.100.103.15,24.103.144.3] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (131)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500261; rev:2006;)
alert tcp [24.106.244.110,24.107.114.22,24.107.14.9,24.123.0.68,24.123.191.79,24.144.11.60,24.148.96.50,24.154.184.34,24.158.16.2,24.16.184.156,24.173.95.196,24.176.128.137,24.181.93.165,24.197.24.44,24.201.102.199,24.211.198.181,24.222.234.201,24.225.3.230,24.232.170.65,24.244.160.6,24.249.77.55,24.254.195.22,24.42.36.253,24.73.254.90,24.79.134.240,24.8.190.39,24.82.6.69,24.90.50.244,24.96.32.14,24.97.8.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (132)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500262; rev:2006;)
alert udp [24.106.244.110,24.107.114.22,24.107.14.9,24.123.0.68,24.123.191.79,24.144.11.60,24.148.96.50,24.154.184.34,24.158.16.2,24.16.184.156,24.173.95.196,24.176.128.137,24.181.93.165,24.197.24.44,24.201.102.199,24.211.198.181,24.222.234.201,24.225.3.230,24.232.170.65,24.244.160.6,24.249.77.55,24.254.195.22,24.42.36.253,24.73.254.90,24.79.134.240,24.8.190.39,24.82.6.69,24.90.50.244,24.96.32.14,24.97.8.227] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (132)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500263; rev:2006;)
alert tcp [24.99.44.164,38.102.157.33,38.106.70.69,38.108.46.5,38.117.84.70,38.97.225.166,38.98.228.48,38.99.186.51,38.99.90.226,41.132.144.196,41.138.0.17,41.138.0.26,41.140.113.192,41.201.218.217,41.201.65.242,41.204.193.156,41.204.218.60,41.216.192.116,41.220.130.82,41.220.239.251,41.221.150.26,41.223.209.59,41.249.110.33,41.250.165.156,41.254.33.118,41.72.137.212,41.78.28.49,41.78.76.3,58.0.21.137,58.1.236.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (133)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500264; rev:2006;)
alert udp [24.99.44.164,38.102.157.33,38.106.70.69,38.108.46.5,38.117.84.70,38.97.225.166,38.98.228.48,38.99.186.51,38.99.90.226,41.132.144.196,41.138.0.17,41.138.0.26,41.140.113.192,41.201.218.217,41.201.65.242,41.204.193.156,41.204.218.60,41.216.192.116,41.220.130.82,41.220.239.251,41.221.150.26,41.223.209.59,41.249.110.33,41.250.165.156,41.254.33.118,41.72.137.212,41.78.28.49,41.78.76.3,58.0.21.137,58.1.236.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (133)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500265; rev:2006;)
alert tcp [58.121.89.235,58.137.157.40,58.137.207.5,58.137.214.33,58.147.4.9,58.147.69.70,58.158.161.236,58.16.246.115,58.17.163.103,58.177.202.245,58.177.228.178,58.177.245.31,58.180.159.112,58.180.17.52,58.180.58.214,58.184.88.2,58.184.88.3,58.185.56.218,58.190.8.28,58.211.1.163,58.211.16.95,58.211.230.21,58.213.165.158,58.215.78.118,58.216.158.155,58.216.213.178,58.221.34.18,58.221.41.86,58.222.200.226,58.223.143.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (134)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500266; rev:2006;)
alert udp [58.121.89.235,58.137.157.40,58.137.207.5,58.137.214.33,58.147.4.9,58.147.69.70,58.158.161.236,58.16.246.115,58.17.163.103,58.177.202.245,58.177.228.178,58.177.245.31,58.180.159.112,58.180.17.52,58.180.58.214,58.184.88.2,58.184.88.3,58.185.56.218,58.190.8.28,58.211.1.163,58.211.16.95,58.211.230.21,58.213.165.158,58.215.78.118,58.216.158.155,58.216.213.178,58.221.34.18,58.221.41.86,58.222.200.226,58.223.143.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (134)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500267; rev:2006;)
alert tcp [58.223.251.212,58.224.170.148,58.23.64.233,58.241.12.41,58.248.189.155,58.248.253.171,58.251.136.100,58.251.147.177,58.26.37.226,58.26.42.151,58.27.48.180,58.30.143.198,58.30.143.201,58.30.226.49,58.30.231.146,58.39.145.121,58.40.18.81,58.49.104.164,58.59.7.51,58.6.7.103,58.60.10.10,58.64.139.59,58.64.164.231,58.68.108.110,58.68.140.25,58.68.69.70,58.68.97.164,58.7.0.171,58.81.201.126,58.83.134.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (135)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500268; rev:2006;)
alert udp [58.223.251.212,58.224.170.148,58.23.64.233,58.241.12.41,58.248.189.155,58.248.253.171,58.251.136.100,58.251.147.177,58.26.37.226,58.26.42.151,58.27.48.180,58.30.143.198,58.30.143.201,58.30.226.49,58.30.231.146,58.39.145.121,58.40.18.81,58.49.104.164,58.59.7.51,58.6.7.103,58.60.10.10,58.64.139.59,58.64.164.231,58.68.108.110,58.68.140.25,58.68.69.70,58.68.97.164,58.7.0.171,58.81.201.126,58.83.134.152] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (135)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500269; rev:2006;)
alert tcp [58.85.109.65,58.86.31.98,58.86.38.33,58.86.43.69,58.89.32.85,58.91.188.163,58.96.68.93,59.106.11.43,59.106.25.161,59.106.37.32,59.106.88.230,59.106.89.201,59.108.116.67,59.108.120.163,59.108.76.164,59.108.85.75,59.120.0.172,59.120.119.49,59.120.167.142,59.120.217.111,59.120.223.102,59.120.228.158,59.120.241.21,59.120.72.252,59.120.73.7,59.120.77.205,59.124.114.238,59.124.126.161,59.124.204.55,59.124.214.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (136)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500270; rev:2006;)
alert udp [58.85.109.65,58.86.31.98,58.86.38.33,58.86.43.69,58.89.32.85,58.91.188.163,58.96.68.93,59.106.11.43,59.106.25.161,59.106.37.32,59.106.88.230,59.106.89.201,59.108.116.67,59.108.120.163,59.108.76.164,59.108.85.75,59.120.0.172,59.120.119.49,59.120.167.142,59.120.217.111,59.120.223.102,59.120.228.158,59.120.241.21,59.120.72.252,59.120.73.7,59.120.77.205,59.124.114.238,59.124.126.161,59.124.204.55,59.124.214.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (136)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500271; rev:2006;)
alert tcp [59.124.29.182,59.124.69.49,59.124.71.115,59.125.155.70,59.125.183.76,59.125.184.250,59.125.185.89,59.125.227.173,59.125.251.118,59.125.50.27,59.125.61.139,59.125.61.196,59.125.74.50,59.126.12.182,59.133.219.169,59.148.231.88,59.15.38.3,59.151.119.180,59.151.17.200,59.161.82.27,59.166.3.34,59.176.129.222,59.188.52.117,59.19.109.115,59.19.109.45,59.190.130.239,59.190.164.160,59.25.185.119,59.33.46.67,59.36.98.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (137)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500272; rev:2006;)
alert udp [59.124.29.182,59.124.69.49,59.124.71.115,59.125.155.70,59.125.183.76,59.125.184.250,59.125.185.89,59.125.227.173,59.125.251.118,59.125.50.27,59.125.61.139,59.125.61.196,59.125.74.50,59.126.12.182,59.133.219.169,59.148.231.88,59.15.38.3,59.151.119.180,59.151.17.200,59.161.82.27,59.166.3.34,59.176.129.222,59.188.52.117,59.19.109.115,59.19.109.45,59.190.130.239,59.190.164.160,59.25.185.119,59.33.46.67,59.36.98.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (137)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500273; rev:2006;)
alert tcp [59.37.54.52,59.42.210.215,59.45.63.189,59.49.14.12,59.50.113.241,59.53.91.121,59.53.91.130,59.53.91.187,59.53.91.188,59.53.91.195,59.53.92.220,59.55.142.10,59.58.163.75,59.84.82.137,59.90.140.171,59.92.243.114,59.92.68.95,59.93.166.84,59.93.210.206,59.93.49.49,59.94.180.226,59.94.254.97,59.94.68.57,59.95.49.83,59.95.54.29,59.99.1.114,59.99.144.178,59.99.16.39,59.99.18.22,59.99.18.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (138)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500274; rev:2006;)
alert udp [59.37.54.52,59.42.210.215,59.45.63.189,59.49.14.12,59.50.113.241,59.53.91.121,59.53.91.130,59.53.91.187,59.53.91.188,59.53.91.195,59.53.92.220,59.55.142.10,59.58.163.75,59.84.82.137,59.90.140.171,59.92.243.114,59.92.68.95,59.93.166.84,59.93.210.206,59.93.49.49,59.94.180.226,59.94.254.97,59.94.68.57,59.95.49.83,59.95.54.29,59.99.1.114,59.99.144.178,59.99.16.39,59.99.18.22,59.99.18.226] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (138)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500275; rev:2006;)
alert tcp [59.99.18.42,59.99.57.157,59.99.59.12,60.10.132.42,60.12.194.130,60.12.233.54,60.13.129.139,60.13.142.62,60.171.75.147,60.175.70.131,60.190.31.214,60.191.121.170,60.191.187.227,60.191.187.228,60.191.187.234,60.191.187.246,60.195.250.54,60.196.143.134,60.208.113.131,60.21.216.14,60.212.42.11,60.216.104.82,60.216.89.30,60.217.234.142,60.221.255.145,60.224.34.145,60.229.250.221,60.234.24.94,60.234.40.218,60.234.73.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (139)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500276; rev:2006;)
alert udp [59.99.18.42,59.99.57.157,59.99.59.12,60.10.132.42,60.12.194.130,60.12.233.54,60.13.129.139,60.13.142.62,60.171.75.147,60.175.70.131,60.190.31.214,60.191.121.170,60.191.187.227,60.191.187.228,60.191.187.234,60.191.187.246,60.195.250.54,60.196.143.134,60.208.113.131,60.21.216.14,60.212.42.11,60.216.104.82,60.216.89.30,60.217.234.142,60.221.255.145,60.224.34.145,60.229.250.221,60.234.24.94,60.234.40.218,60.234.73.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (139)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500277; rev:2006;)
alert tcp [60.234.73.210,60.236.155.234,60.237.58.218,60.238.241.68,60.240.108.134,60.242.167.253,60.248.112.2,60.248.131.12,60.248.158.23,60.248.175.30,60.248.192.136,60.248.223.95,60.248.43.193,60.248.43.195,60.248.84.111,60.249.111.175,60.249.116.30,60.249.14.157,60.249.14.160,60.249.143.81,60.249.168.50,60.249.19.38,60.249.197.25,60.249.222.176,60.249.223.180,60.249.223.63,60.249.24.30,60.249.241.48,60.249.41.210,60.249.84.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (140)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500278; rev:2006;)
alert udp [60.234.73.210,60.236.155.234,60.237.58.218,60.238.241.68,60.240.108.134,60.242.167.253,60.248.112.2,60.248.131.12,60.248.158.23,60.248.175.30,60.248.192.136,60.248.223.95,60.248.43.193,60.248.43.195,60.248.84.111,60.249.111.175,60.249.116.30,60.249.14.157,60.249.14.160,60.249.143.81,60.249.168.50,60.249.19.38,60.249.197.25,60.249.222.176,60.249.223.180,60.249.223.63,60.249.24.30,60.249.241.48,60.249.41.210,60.249.84.115] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (140)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500279; rev:2006;)
alert tcp [60.249.91.8,60.249.94.40,60.249.95.169,60.250.164.162,60.250.164.177,60.250.193.212,60.250.200.59,60.250.206.165,60.250.33.188,60.250.72.198,60.251.101.45,60.251.200.98,60.251.255.130,60.251.40.30,60.251.55.173,60.251.61.161,60.251.68.219,60.251.83.106,60.253.101.245,60.28.101.10,60.28.185.137,60.28.205.240,60.28.81.251,60.29.236.126,60.29.252.148,60.29.80.50,60.30.32.26,60.31.211.5,60.32.212.233,60.32.214.106] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (141)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500280; rev:2006;)
alert udp [60.249.91.8,60.249.94.40,60.249.95.169,60.250.164.162,60.250.164.177,60.250.193.212,60.250.200.59,60.250.206.165,60.250.33.188,60.250.72.198,60.251.101.45,60.251.200.98,60.251.255.130,60.251.40.30,60.251.55.173,60.251.61.161,60.251.68.219,60.251.83.106,60.253.101.245,60.28.101.10,60.28.185.137,60.28.205.240,60.28.81.251,60.29.236.126,60.29.252.148,60.29.80.50,60.30.32.26,60.31.211.5,60.32.212.233,60.32.214.106] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (141)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500281; rev:2006;)
alert tcp [60.32.64.234,60.32.81.102,60.38.220.9,60.40.86.239,60.49.153.153,60.51.181.253,60.52.193.3,60.56.119.234,60.56.229.55,61.100.4.28,61.100.4.52,61.100.4.56,61.100.5.136,61.106.159.40,61.109.250.148,61.109.255.33,61.111.18.12,61.111.18.20,61.114.230.34,61.115.196.201,61.115.196.205,61.115.213.18,61.115.229.120,61.119.174.109,61.12.7.236,61.12.8.195,61.120.141.18,61.125.76.89,61.127.56.14,61.128.121.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (142)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500282; rev:2006;)
alert udp [60.32.64.234,60.32.81.102,60.38.220.9,60.40.86.239,60.49.153.153,60.51.181.253,60.52.193.3,60.56.119.234,60.56.229.55,61.100.4.28,61.100.4.52,61.100.4.56,61.100.5.136,61.106.159.40,61.109.250.148,61.109.255.33,61.111.18.12,61.111.18.20,61.114.230.34,61.115.196.201,61.115.196.205,61.115.213.18,61.115.229.120,61.119.174.109,61.12.7.236,61.12.8.195,61.120.141.18,61.125.76.89,61.127.56.14,61.128.121.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (142)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500283; rev:2006;)
alert tcp [61.128.122.13,61.129.112.168,61.129.32.100,61.129.64.137,61.129.86.186,61.132.87.130,61.132.90.43,61.133.208.210,61.133.63.11,61.135.134.109,61.135.151.38,61.135.181.186,61.135.206.21,61.135.214.212,61.135.214.235,61.136.150.238,61.136.93.30,61.138.6.83,61.139.33.205,61.142.80.222,61.143.251.219,61.143.62.3,61.143.62.4,61.144.123.18,61.145.119.60,61.145.123.26,61.145.127.13,61.145.164.225,61.147.107.16,61.147.124.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (143)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500284; rev:2006;)
alert udp [61.128.122.13,61.129.112.168,61.129.32.100,61.129.64.137,61.129.86.186,61.132.87.130,61.132.90.43,61.133.208.210,61.133.63.11,61.135.134.109,61.135.151.38,61.135.181.186,61.135.206.21,61.135.214.212,61.135.214.235,61.136.150.238,61.136.93.30,61.138.6.83,61.139.33.205,61.142.80.222,61.143.251.219,61.143.62.3,61.143.62.4,61.144.123.18,61.145.119.60,61.145.123.26,61.145.127.13,61.145.164.225,61.147.107.16,61.147.124.10] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (143)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500285; rev:2006;)
alert tcp [61.147.69.97,61.147.75.61,61.148.61.26,61.150.72.170,61.151.246.140,61.152.223.171,61.152.96.116,61.153.216.101,61.153.224.178,61.153.83.93,61.154.127.212,61.155.169.146,61.155.169.148,61.155.218.66,61.155.41.149,61.158.105.121,61.158.105.211,61.158.105.212,61.158.205.224,61.16.240.36,61.160.83.12,61.161.141.3,61.163.253.199,61.163.78.132,61.164.102.52,61.164.12.152,61.164.128.164,61.164.159.13,61.164.159.164,61.164.38.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (144)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500286; rev:2006;)
alert udp [61.147.69.97,61.147.75.61,61.148.61.26,61.150.72.170,61.151.246.140,61.152.223.171,61.152.96.116,61.153.216.101,61.153.224.178,61.153.83.93,61.154.127.212,61.155.169.146,61.155.169.148,61.155.218.66,61.155.41.149,61.158.105.121,61.158.105.211,61.158.105.212,61.158.205.224,61.16.240.36,61.160.83.12,61.161.141.3,61.163.253.199,61.163.78.132,61.164.102.52,61.164.12.152,61.164.128.164,61.164.159.13,61.164.159.164,61.164.38.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (144)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500287; rev:2006;)
alert tcp [61.164.38.24,61.168.227.12,61.17.164.173,61.17.165.109,61.17.200.247,61.175.198.146,61.177.252.198,61.178.65.75,61.178.71.16,61.181.255.139,61.19.114.179,61.19.117.212,61.19.124.146,61.19.199.171,61.19.244.251,61.19.244.254,61.19.246.92,61.19.252.180,61.19.254.13,61.19.255.12,61.19.71.68,61.19.78.41,61.190.131.2,61.190.196.225,61.190.37.56,61.191.206.6,61.194.24.197,61.196.101.165,61.196.211.163,61.207.167.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (145)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500288; rev:2006;)
alert udp [61.164.38.24,61.168.227.12,61.17.164.173,61.17.165.109,61.17.200.247,61.175.198.146,61.177.252.198,61.178.65.75,61.178.71.16,61.181.255.139,61.19.114.179,61.19.117.212,61.19.124.146,61.19.199.171,61.19.244.251,61.19.244.254,61.19.246.92,61.19.252.180,61.19.254.13,61.19.255.12,61.19.71.68,61.19.78.41,61.190.131.2,61.190.196.225,61.190.37.56,61.191.206.6,61.194.24.197,61.196.101.165,61.196.211.163,61.207.167.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (145)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500289; rev:2006;)
alert tcp [61.213.71.166,61.214.70.41,61.218.36.21,61.219.127.138,61.219.177.162,61.219.20.179,61.219.56.227,61.219.74.110,61.220.139.2,61.220.23.211,61.221.104.182,61.221.120.53,61.221.176.144,61.221.57.118,61.221.60.94,61.221.87.83,61.222.142.158,61.222.145.236,61.228.73.151,61.233.76.137,61.238.158.39,61.247.170.98,61.250.81.24,61.30.102.4,61.30.11.166,61.31.161.31,61.31.28.32,61.32.246.9,61.37.139.103,61.4.189.151] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (146)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500290; rev:2006;)
alert udp [61.213.71.166,61.214.70.41,61.218.36.21,61.219.127.138,61.219.177.162,61.219.20.179,61.219.56.227,61.219.74.110,61.220.139.2,61.220.23.211,61.221.104.182,61.221.120.53,61.221.176.144,61.221.57.118,61.221.60.94,61.221.87.83,61.222.142.158,61.222.145.236,61.228.73.151,61.233.76.137,61.238.158.39,61.247.170.98,61.250.81.24,61.30.102.4,61.30.11.166,61.31.161.31,61.31.28.32,61.32.246.9,61.37.139.103,61.4.189.151] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (146)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500291; rev:2006;)
alert tcp [61.4.190.206,61.4.190.207,61.4.82.11,61.4.82.170,61.4.82.18,61.4.82.210,61.41.172.10,61.41.172.20,61.41.172.79,61.41.172.80,61.41.173.212,61.41.173.214,61.41.173.215,61.41.173.216,61.41.173.3,61.41.173.8,61.41.173.9,61.46.154.27,61.49.48.36,61.49.51.158,61.49.60.47,61.49.60.48,61.54.82.251,61.58.45.101,61.59.36.69,61.6.163.30,61.6.35.34,61.61.132.10,61.62.86.142,61.63.33.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (147)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500292; rev:2006;)
alert udp [61.4.190.206,61.4.190.207,61.4.82.11,61.4.82.170,61.4.82.18,61.4.82.210,61.41.172.10,61.41.172.20,61.41.172.79,61.41.172.80,61.41.173.212,61.41.173.214,61.41.173.215,61.41.173.216,61.41.173.3,61.41.173.8,61.41.173.9,61.46.154.27,61.49.48.36,61.49.51.158,61.49.60.47,61.49.60.48,61.54.82.251,61.58.45.101,61.59.36.69,61.6.163.30,61.6.35.34,61.61.132.10,61.62.86.142,61.63.33.210] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (147)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500293; rev:2006;)
alert tcp [61.63.60.123,61.64.127.185,61.66.192.2,61.67.130.119,61.67.14.249,61.7.158.116,61.7.213.123,61.7.213.15,61.7.252.66,61.7.253.244,61.72.254.251,61.74.232.138,61.78.72.242,61.84.218.123,61.9.80.21,61.90.198.172,61.91.120.51,61.91.121.26,61.91.83.150,62.0.6.36,62.109.21.67,62.112.206.93,62.128.133.240,62.128.148.137,62.129.179.220,62.129.243.122,62.129.243.58,62.129.50.35,62.129.50.49,62.133.190.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (148)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500294; rev:2006;)
alert udp [61.63.60.123,61.64.127.185,61.66.192.2,61.67.130.119,61.67.14.249,61.7.158.116,61.7.213.123,61.7.213.15,61.7.252.66,61.7.253.244,61.72.254.251,61.74.232.138,61.78.72.242,61.84.218.123,61.9.80.21,61.90.198.172,61.91.120.51,61.91.121.26,61.91.83.150,62.0.6.36,62.109.21.67,62.112.206.93,62.128.133.240,62.128.148.137,62.129.179.220,62.129.243.122,62.129.243.58,62.129.50.35,62.129.50.49,62.133.190.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (148)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500295; rev:2006;)
alert tcp [62.134.42.17,62.141.33.225,62.141.42.32,62.141.50.254,62.141.58.173,62.141.58.188,62.141.58.189,62.141.58.41,62.146.64.99,62.146.94.237,62.147.181.18,62.149.14.211,62.149.204.178,62.149.206.235,62.149.209.224,62.149.218.129,62.149.220.65,62.149.225.250,62.149.23.239,62.149.237.31,62.149.242.182,62.149.247.42,62.154.187.180,62.167.233.202,62.182.62.55,62.182.70.182,62.183.250.199,62.193.226.206,62.193.226.36,62.193.237.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (149)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500296; rev:2006;)
alert udp [62.134.42.17,62.141.33.225,62.141.42.32,62.141.50.254,62.141.58.173,62.141.58.188,62.141.58.189,62.141.58.41,62.146.64.99,62.146.94.237,62.147.181.18,62.149.14.211,62.149.204.178,62.149.206.235,62.149.209.224,62.149.218.129,62.149.220.65,62.149.225.250,62.149.23.239,62.149.237.31,62.149.242.182,62.149.247.42,62.154.187.180,62.167.233.202,62.182.62.55,62.182.70.182,62.183.250.199,62.193.226.206,62.193.226.36,62.193.237.53] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (149)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500297; rev:2006;)
alert tcp [62.194.114.222,62.20.7.138,62.206.198.90,62.211.67.251,62.212.10.34,62.212.9.114,62.213.201.230,62.215.158.153,62.215.188.50,62.217.244.108,62.219.14.51,62.225.114.2,62.231.244.219,62.238.249.48,62.240.68.98,62.241.5.86,62.245.187.36,62.25.53.153,62.255.192.75,62.28.113.229,62.28.21.153,62.28.4.109,62.28.78.74,62.39.95.130,62.43.193.163,62.48.51.28,62.48.69.70,62.48.69.82,62.57.191.168,62.57.232.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (150)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500298; rev:2006;)
alert udp [62.194.114.222,62.20.7.138,62.206.198.90,62.211.67.251,62.212.10.34,62.212.9.114,62.213.201.230,62.215.158.153,62.215.188.50,62.217.244.108,62.219.14.51,62.225.114.2,62.231.244.219,62.238.249.48,62.240.68.98,62.241.5.86,62.245.187.36,62.25.53.153,62.255.192.75,62.28.113.229,62.28.21.153,62.28.4.109,62.28.78.74,62.39.95.130,62.43.193.163,62.48.51.28,62.48.69.70,62.48.69.82,62.57.191.168,62.57.232.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (150)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500299; rev:2006;)
alert tcp [62.75.148.55,62.75.149.100,62.75.150.91,62.75.156.42,62.75.162.234,62.75.208.239,62.75.210.34,62.75.211.35,62.75.248.128,62.75.248.154,62.77.53.58,62.80.28.49,62.81.133.30,62.81.185.194,62.82.27.26,62.87.160.66,62.93.239.57,62.93.76.149,62.97.120.155,62.99.205.196,63.111.11.24,63.111.9.170,63.119.11.119,63.134.253.218,63.138.156.205,63.147.61.29,63.148.117.4,63.150.5.15,63.151.109.189,63.193.182.184] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (151)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500300; rev:2006;)
alert udp [62.75.148.55,62.75.149.100,62.75.150.91,62.75.156.42,62.75.162.234,62.75.208.239,62.75.210.34,62.75.211.35,62.75.248.128,62.75.248.154,62.77.53.58,62.80.28.49,62.81.133.30,62.81.185.194,62.82.27.26,62.87.160.66,62.93.239.57,62.93.76.149,62.97.120.155,62.99.205.196,63.111.11.24,63.111.9.170,63.119.11.119,63.134.253.218,63.138.156.205,63.147.61.29,63.148.117.4,63.150.5.15,63.151.109.189,63.193.182.184] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (151)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500301; rev:2006;)
alert tcp [63.193.73.148,63.223.106.64,63.231.68.55,63.231.92.18,63.232.28.5,63.240.200.72,63.245.19.154,63.246.23.232,63.252.82.125,63.255.109.11,63.255.88.6,63.73.227.239,63.82.7.23,63.82.7.25,63.88.42.24,64.105.5.41,64.105.92.18,64.106.210.110,64.118.84.94,64.118.87.10,64.118.89.180,64.120.180.218,64.120.201.240,64.120.227.154,64.120.41.210,64.120.80.51,64.122.241.35,64.128.174.3,64.128.190.41,64.131.70.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (152)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500302; rev:2006;)
alert udp [63.193.73.148,63.223.106.64,63.231.68.55,63.231.92.18,63.232.28.5,63.240.200.72,63.245.19.154,63.246.23.232,63.252.82.125,63.255.109.11,63.255.88.6,63.73.227.239,63.82.7.23,63.82.7.25,63.88.42.24,64.105.5.41,64.105.92.18,64.106.210.110,64.118.84.94,64.118.87.10,64.118.89.180,64.120.180.218,64.120.201.240,64.120.227.154,64.120.41.210,64.120.80.51,64.122.241.35,64.128.174.3,64.128.190.41,64.131.70.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (152)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500303; rev:2006;)
alert tcp [64.15.159.169,64.15.159.171,64.150.187.80,64.151.225.19,64.151.89.172,64.17.232.106,64.17.232.108,64.17.232.94,64.18.194.51,64.183.34.77,64.186.129.142,64.186.131.206,64.186.135.207,64.190.167.84,64.191.26.135,64.191.79.21,64.191.99.150,64.20.62.51,64.20.69.223,64.210.151.186,64.22.82.135,64.233.167.99,64.237.43.54,64.244.59.61,64.246.188.4,64.26.180.119,64.27.13.16,64.27.6.5,64.34.149.37,64.34.164.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (153)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500304; rev:2006;)
alert udp [64.15.159.169,64.15.159.171,64.150.187.80,64.151.225.19,64.151.89.172,64.17.232.106,64.17.232.108,64.17.232.94,64.18.194.51,64.183.34.77,64.186.129.142,64.186.131.206,64.186.135.207,64.190.167.84,64.191.26.135,64.191.79.21,64.191.99.150,64.20.62.51,64.20.69.223,64.210.151.186,64.22.82.135,64.233.167.99,64.237.43.54,64.244.59.61,64.246.188.4,64.26.180.119,64.27.13.16,64.27.6.5,64.34.149.37,64.34.164.69] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (153)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500305; rev:2006;)
alert tcp [64.34.170.47,64.34.176.35,64.34.178.166,64.34.179.222,64.34.205.46,64.34.39.105,64.38.69.167,64.40.123.31,64.40.69.178,64.5.219.168,64.59.82.56,64.62.175.66,64.62.181.43,64.69.35.43,64.69.38.145,64.69.41.8,64.69.81.4,64.70.19.33,64.71.155.113,64.74.140.25,64.74.223.36,64.79.79.227,64.85.170.57,64.85.170.98,64.86.88.144,64.87.1.152,64.89.72.86,64.90.182.185,64.95.64.197,65.100.230.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (154)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500306; rev:2006;)
alert udp [64.34.170.47,64.34.176.35,64.34.178.166,64.34.179.222,64.34.205.46,64.34.39.105,64.38.69.167,64.40.123.31,64.40.69.178,64.5.219.168,64.59.82.56,64.62.175.66,64.62.181.43,64.69.35.43,64.69.38.145,64.69.41.8,64.69.81.4,64.70.19.33,64.71.155.113,64.74.140.25,64.74.223.36,64.79.79.227,64.85.170.57,64.85.170.98,64.86.88.144,64.87.1.152,64.89.72.86,64.90.182.185,64.95.64.197,65.100.230.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (154)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500307; rev:2006;)
alert tcp [65.102.235.205,65.103.138.169,65.107.118.194,65.111.165.7,65.111.168.84,65.111.180.119,65.111.184.207,65.111.38.205,65.119.31.194,65.123.143.50,65.170.133.65,65.18.172.222,65.18.174.155,65.19.178.213,65.190.60.207,65.23.129.126,65.23.153.34,65.23.158.13,65.23.158.34,65.240.70.98,65.29.120.148,65.32.57.210,65.38.221.194,65.38.91.225,65.39.174.4,65.39.248.216,65.39.71.90,65.41.114.7,65.44.224.10,65.49.37.36] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (155)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500308; rev:2006;)
alert udp [65.102.235.205,65.103.138.169,65.107.118.194,65.111.165.7,65.111.168.84,65.111.180.119,65.111.184.207,65.111.38.205,65.119.31.194,65.123.143.50,65.170.133.65,65.18.172.222,65.18.174.155,65.19.178.213,65.190.60.207,65.23.129.126,65.23.153.34,65.23.158.13,65.23.158.34,65.240.70.98,65.29.120.148,65.32.57.210,65.38.221.194,65.38.91.225,65.39.174.4,65.39.248.216,65.39.71.90,65.41.114.7,65.44.224.10,65.49.37.36] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (155)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500309; rev:2006;)
alert tcp [65.82.14.175,65.82.69.7,65.89.46.195,65.98.52.172,65.99.194.159,65.99.209.89,66.101.193.138,66.101.197.202,66.11.150.104,66.117.2.2,66.117.66.18,66.128.53.189,66.128.59.200,66.133.64.110,66.133.64.111,66.135.32.248,66.135.33.37,66.135.37.211,66.135.48.23,66.135.59.11,66.135.59.232,66.147.134.181,66.152.191.103,66.152.92.56,66.159.18.9,66.159.205.105,66.159.90.65,66.17.23.100,66.175.122.93,66.180.163.187] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (156)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500310; rev:2006;)
alert udp [65.82.14.175,65.82.69.7,65.89.46.195,65.98.52.172,65.99.194.159,65.99.209.89,66.101.193.138,66.101.197.202,66.11.150.104,66.117.2.2,66.117.66.18,66.128.53.189,66.128.59.200,66.133.64.110,66.133.64.111,66.135.32.248,66.135.33.37,66.135.37.211,66.135.48.23,66.135.59.11,66.135.59.232,66.147.134.181,66.152.191.103,66.152.92.56,66.159.18.9,66.159.205.105,66.159.90.65,66.17.23.100,66.175.122.93,66.180.163.187] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (156)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500311; rev:2006;)
alert tcp [66.183.17.184,66.185.167.115,66.188.49.147,66.197.141.21,66.197.234.21,66.197.240.53,66.197.250.230,66.198.244.11,66.206.114.114,66.212.18.184,66.212.18.210,66.212.19.56,66.214.226.200,66.219.22.133,66.220.0.250,66.225.7.120,66.228.208.17,66.230.162.226,66.232.146.221,66.232.147.77,66.239.207.58,66.239.237.202,66.240.199.11,66.240.199.69,66.240.208.68,66.240.52.5,66.243.243.120,66.244.150.176,66.248.143.34,66.249.160.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (157)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500312; rev:2006;)
alert udp [66.183.17.184,66.185.167.115,66.188.49.147,66.197.141.21,66.197.234.21,66.197.240.53,66.197.250.230,66.198.244.11,66.206.114.114,66.212.18.184,66.212.18.210,66.212.19.56,66.214.226.200,66.219.22.133,66.220.0.250,66.225.7.120,66.228.208.17,66.230.162.226,66.232.146.221,66.232.147.77,66.239.207.58,66.239.237.202,66.240.199.11,66.240.199.69,66.240.208.68,66.240.52.5,66.243.243.120,66.244.150.176,66.248.143.34,66.249.160.170] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (157)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500313; rev:2006;)
alert tcp [66.250.40.5,66.254.228.118,66.31.185.58,66.40.10.12,66.45.171.42,66.45.230.101,66.45.233.242,66.46.196.237,66.48.71.42,66.49.221.145,66.55.144.165,66.55.145.36,66.55.150.212,66.6.216.244,66.60.72.32,66.63.191.167,66.64.127.82,66.65.5.154,66.7.149.243,66.7.204.160,66.7.221.26,66.71.182.11,66.71.246.164,66.71.250.89,66.71.252.47,66.71.252.68,66.78.21.172,66.78.31.186,66.79.162.213,66.79.163.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (158)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500314; rev:2006;)
alert udp [66.250.40.5,66.254.228.118,66.31.185.58,66.40.10.12,66.45.171.42,66.45.230.101,66.45.233.242,66.46.196.237,66.48.71.42,66.49.221.145,66.55.144.165,66.55.145.36,66.55.150.212,66.6.216.244,66.60.72.32,66.63.191.167,66.64.127.82,66.65.5.154,66.7.149.243,66.7.204.160,66.7.221.26,66.71.182.11,66.71.246.164,66.71.250.89,66.71.252.47,66.71.252.68,66.78.21.172,66.78.31.186,66.79.162.213,66.79.163.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (158)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500315; rev:2006;)
alert tcp [66.93.30.146,66.96.146.81,66.96.146.90,66.96.16.32,66.96.223.2,66.96.238.245,66.96.241.140,67.101.115.108,67.106.82.228,67.106.82.233,67.109.65.37,67.118.41.164,67.131.250.129,67.133.102.2,67.136.161.154,67.137.54.45,67.148.10.162,67.18.208.53,67.18.208.7,67.181.140.60,67.186.211.219,67.19.188.234,67.19.22.138,67.19.230.170,67.19.29.250,67.19.46.186,67.19.98.138,67.190.88.207,67.191.50.233,67.192.132.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (159)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500316; rev:2006;)
alert udp [66.93.30.146,66.96.146.81,66.96.146.90,66.96.16.32,66.96.223.2,66.96.238.245,66.96.241.140,67.101.115.108,67.106.82.228,67.106.82.233,67.109.65.37,67.118.41.164,67.131.250.129,67.133.102.2,67.136.161.154,67.137.54.45,67.148.10.162,67.18.208.53,67.18.208.7,67.181.140.60,67.186.211.219,67.19.188.234,67.19.22.138,67.19.230.170,67.19.29.250,67.19.46.186,67.19.98.138,67.190.88.207,67.191.50.233,67.192.132.242] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (159)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500317; rev:2006;)
alert tcp [67.192.162.12,67.192.234.10,67.202.104.158,67.202.108.110,67.202.38.77,67.202.73.94,67.202.84.98,67.202.87.55,67.205.102.209,67.205.103.24,67.205.107.152,67.205.111.108,67.205.66.228,67.205.89.121,67.206.220.79,67.207.132.52,67.207.194.50,67.207.194.82,67.210.231.188,67.210.244.55,67.211.43.238,67.212.186.186,67.212.189.90,67.212.193.113,67.212.66.226,67.214.161.149,67.215.172.2,67.215.245.145,67.215.246.90,67.221.214.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (160)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500318; rev:2006;)
alert udp [67.192.162.12,67.192.234.10,67.202.104.158,67.202.108.110,67.202.38.77,67.202.73.94,67.202.84.98,67.202.87.55,67.205.102.209,67.205.103.24,67.205.107.152,67.205.111.108,67.205.66.228,67.205.89.121,67.206.220.79,67.207.132.52,67.207.194.50,67.207.194.82,67.210.231.188,67.210.244.55,67.211.43.238,67.212.186.186,67.212.189.90,67.212.193.113,67.212.66.226,67.214.161.149,67.215.172.2,67.215.245.145,67.215.246.90,67.221.214.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (160)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500319; rev:2006;)
alert tcp [67.222.135.196,67.223.238.69,67.227.82.202,67.228.130.45,67.228.137.9,67.228.205.162,67.228.238.204,67.228.94.234,67.23.15.160,67.23.167.138,67.23.167.45,67.23.178.54,67.23.18.42,67.23.188.14,67.23.19.37,67.23.232.21,67.23.236.45,67.23.237.44,67.23.31.232,67.23.35.35,67.23.36.228,67.23.43.38,67.23.46.37,67.23.46.76,67.231.241.130,67.242.197.139,67.34.178.96,67.37.240.189,67.39.95.188,67.43.226.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (161)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500320; rev:2006;)
alert udp [67.222.135.196,67.223.238.69,67.227.82.202,67.228.130.45,67.228.137.9,67.228.205.162,67.228.238.204,67.228.94.234,67.23.15.160,67.23.167.138,67.23.167.45,67.23.178.54,67.23.18.42,67.23.188.14,67.23.19.37,67.23.232.21,67.23.236.45,67.23.237.44,67.23.31.232,67.23.35.35,67.23.36.228,67.23.43.38,67.23.46.37,67.23.46.76,67.231.241.130,67.242.197.139,67.34.178.96,67.37.240.189,67.39.95.188,67.43.226.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (161)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500321; rev:2006;)
alert tcp [67.52.98.213,67.55.171.240,67.59.188.60,67.90.117.219,67.90.194.2,67.90.61.167,68.116.199.231,68.122.21.230,68.142.141.210,68.143.86.154,68.149.186.111,68.15.125.214,68.15.91.138,68.168.208.116,68.168.222.158,68.169.239.80,68.169.42.215,68.169.43.149,68.169.44.161,68.169.44.165,68.169.44.221,68.169.44.222,68.169.45.89,68.169.46.143,68.169.46.253,68.169.46.9,68.174.74.30,68.178.232.100,68.179.86.125,68.180.151.96] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (162)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500322; rev:2006;)
alert udp [67.52.98.213,67.55.171.240,67.59.188.60,67.90.117.219,67.90.194.2,67.90.61.167,68.116.199.231,68.122.21.230,68.142.141.210,68.143.86.154,68.149.186.111,68.15.125.214,68.15.91.138,68.168.208.116,68.168.222.158,68.169.239.80,68.169.42.215,68.169.43.149,68.169.44.161,68.169.44.165,68.169.44.221,68.169.44.222,68.169.45.89,68.169.46.143,68.169.46.253,68.169.46.9,68.174.74.30,68.178.232.100,68.179.86.125,68.180.151.96] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (162)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500323; rev:2006;)
alert tcp [68.183.230.70,68.190.22.250,68.197.160.106,68.208.187.66,68.233.235.38,68.234.15.46,68.234.221.102,68.236.181.133,68.59.219.117,68.62.57.15,68.72.235.250,68.75.40.72,68.83.9.40,68.90.69.202,68.92.9.83,69.10.51.202,69.105.225.55,69.113.114.107,69.12.215.34,69.120.2.123,69.144.244.163,69.147.175.180,69.161.142.177,69.162.125.77,69.162.71.20,69.163.153.121,69.164.192.243,69.164.193.70,69.164.198.43,69.164.199.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (163)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500324; rev:2006;)
alert udp [68.183.230.70,68.190.22.250,68.197.160.106,68.208.187.66,68.233.235.38,68.234.15.46,68.234.221.102,68.236.181.133,68.59.219.117,68.62.57.15,68.72.235.250,68.75.40.72,68.83.9.40,68.90.69.202,68.92.9.83,69.10.51.202,69.105.225.55,69.113.114.107,69.12.215.34,69.120.2.123,69.144.244.163,69.147.175.180,69.161.142.177,69.162.125.77,69.162.71.20,69.163.153.121,69.164.192.243,69.164.193.70,69.164.198.43,69.164.199.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (163)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500325; rev:2006;)
alert tcp [69.164.199.225,69.164.215.223,69.167.177.160,69.168.54.68,69.169.145.90,69.169.183.21,69.170.135.92,69.174.242.21,69.174.245.148,69.174.246.16,69.174.246.162,69.175.108.234,69.175.111.238,69.175.112.27,69.175.122.178,69.175.35.138,69.175.6.102,69.175.87.66,69.175.99.42,69.197.137.226,69.197.6.65,69.198.160.190,69.199.219.57,69.20.239.58,69.208.138.109,69.231.158.6,69.233.234.226,69.235.236.171,69.235.30.151,69.235.42.93] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (164)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500326; rev:2006;)
alert udp [69.164.199.225,69.164.215.223,69.167.177.160,69.168.54.68,69.169.145.90,69.169.183.21,69.170.135.92,69.174.242.21,69.174.245.148,69.174.246.16,69.174.246.162,69.175.108.234,69.175.111.238,69.175.112.27,69.175.122.178,69.175.35.138,69.175.6.102,69.175.87.66,69.175.99.42,69.197.137.226,69.197.6.65,69.198.160.190,69.199.219.57,69.20.239.58,69.208.138.109,69.231.158.6,69.233.234.226,69.235.236.171,69.235.30.151,69.235.42.93] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (164)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500327; rev:2006;)
alert tcp [69.245.36.36,69.246.129.20,69.27.107.236,69.27.98.4,69.28.134.114,69.3.228.36,69.30.218.72,69.30.25.44,69.36.10.215,69.36.11.160,69.36.11.169,69.36.13.85,69.36.15.218,69.36.2.88,69.36.3.131,69.36.3.80,69.36.3.9,69.36.8.43,69.36.9.2,69.38.139.76,69.42.69.6,69.42.89.214,69.43.136.151,69.45.144.59,69.45.144.61,69.46.252.5,69.50.217.210,69.50.217.91,69.55.238.173,69.55.45.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (165)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500328; rev:2006;)
alert udp [69.245.36.36,69.246.129.20,69.27.107.236,69.27.98.4,69.28.134.114,69.3.228.36,69.30.218.72,69.30.25.44,69.36.10.215,69.36.11.160,69.36.11.169,69.36.13.85,69.36.15.218,69.36.2.88,69.36.3.131,69.36.3.80,69.36.3.9,69.36.8.43,69.36.9.2,69.38.139.76,69.42.69.6,69.42.89.214,69.43.136.151,69.45.144.59,69.45.144.61,69.46.252.5,69.50.217.210,69.50.217.91,69.55.238.173,69.55.45.40] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (165)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500329; rev:2006;)
alert tcp [69.55.62.18,69.55.75.184,69.59.177.132,69.60.116.208,69.60.160.149,69.60.21.130,69.60.224.11,69.63.165.98,69.64.147.211,69.64.210.120,69.64.62.50,69.65.40.138,69.65.40.43,69.65.41.75,69.65.42.85,69.7.46.19,69.70.74.242,69.72.183.240,69.73.154.103,69.73.155.139,69.73.170.112,69.73.230.90,69.80.228.12,69.89.15.235,69.89.2.250,69.89.78.36,69.90.188.183,69.90.76.18,69.93.157.18,69.94.110.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (166)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500330; rev:2006;)
alert udp [69.55.62.18,69.55.75.184,69.59.177.132,69.60.116.208,69.60.160.149,69.60.21.130,69.60.224.11,69.63.165.98,69.64.147.211,69.64.210.120,69.64.62.50,69.65.40.138,69.65.40.43,69.65.41.75,69.65.42.85,69.7.46.19,69.70.74.242,69.72.183.240,69.73.154.103,69.73.155.139,69.73.170.112,69.73.230.90,69.80.228.12,69.89.15.235,69.89.2.250,69.89.78.36,69.90.188.183,69.90.76.18,69.93.157.18,69.94.110.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (166)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500331; rev:2006;)
alert tcp [70.103.134.16,70.106.61.246,70.113.36.214,70.130.186.19,70.143.2.137,70.164.40.83,70.169.138.177,70.184.243.102,70.237.193.20,70.28.53.140,70.28.71.70,70.33.143.69,70.33.179.242,70.34.192.69,70.38.38.138,70.38.54.101,70.38.54.102,70.38.54.206,70.38.54.212,70.38.78.211,70.52.212.150,70.66.213.81,70.70.249.57,70.84.196.162,70.84.62.194,70.85.129.101,70.85.31.210,70.85.52.99,70.85.95.170,70.86.103.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (167)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500332; rev:2006;)
alert udp [70.103.134.16,70.106.61.246,70.113.36.214,70.130.186.19,70.143.2.137,70.164.40.83,70.169.138.177,70.184.243.102,70.237.193.20,70.28.53.140,70.28.71.70,70.33.143.69,70.33.179.242,70.34.192.69,70.38.38.138,70.38.54.101,70.38.54.102,70.38.54.206,70.38.54.212,70.38.78.211,70.52.212.150,70.66.213.81,70.70.249.57,70.84.196.162,70.84.62.194,70.85.129.101,70.85.31.210,70.85.52.99,70.85.95.170,70.86.103.194] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (167)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500333; rev:2006;)
alert tcp [70.86.30.226,70.86.44.154,70.86.67.234,70.87.222.248,70.88.166.101,70.91.189.73,71.0.80.118,71.127.77.134,71.137.227.73,71.156.48.210,71.161.55.80,71.176.1.226,71.200.48.91,71.201.148.7,71.205.41.75,71.205.6.46,71.251.120.226,71.42.243.140,71.5.111.90,71.54.72.118,71.56.94.96,71.6.142.25,71.6.150.121,71.6.165.245,71.80.207.153,71.86.225.66,72.10.163.74,72.129.105.189,72.13.197.7,72.14.178.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (168)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500334; rev:2006;)
alert udp [70.86.30.226,70.86.44.154,70.86.67.234,70.87.222.248,70.88.166.101,70.91.189.73,71.0.80.118,71.127.77.134,71.137.227.73,71.156.48.210,71.161.55.80,71.176.1.226,71.200.48.91,71.201.148.7,71.205.41.75,71.205.6.46,71.251.120.226,71.42.243.140,71.5.111.90,71.54.72.118,71.56.94.96,71.6.142.25,71.6.150.121,71.6.165.245,71.80.207.153,71.86.225.66,72.10.163.74,72.129.105.189,72.13.197.7,72.14.178.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (168)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500335; rev:2006;)
alert tcp [72.14.182.109,72.14.182.12,72.14.186.132,72.14.188.99,72.14.207.121,72.16.171.185,72.16.252.90,72.167.165.222,72.172.167.34,72.18.205.114,72.189.243.92,72.22.2.34,72.232.211.10,72.232.219.152,72.232.232.130,72.232.255.162,72.233.32.74,72.233.53.55,72.233.7.165,72.233.89.66,72.240.198.39,72.245.219.51,72.249.1.66,72.249.105.217,72.249.105.96,72.249.126.203,72.249.186.200,72.249.190.165,72.249.37.27,72.249.77.245] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (169)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500336; rev:2006;)
alert udp [72.14.182.109,72.14.182.12,72.14.186.132,72.14.188.99,72.14.207.121,72.16.171.185,72.16.252.90,72.167.165.222,72.172.167.34,72.18.205.114,72.189.243.92,72.22.2.34,72.232.211.10,72.232.219.152,72.232.232.130,72.232.255.162,72.233.32.74,72.233.53.55,72.233.7.165,72.233.89.66,72.240.198.39,72.245.219.51,72.249.1.66,72.249.105.217,72.249.105.96,72.249.126.203,72.249.186.200,72.249.190.165,72.249.37.27,72.249.77.245] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (169)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500337; rev:2006;)
alert tcp [72.249.77.74,72.249.83.84,72.251.195.146,72.26.201.166,72.26.208.66,72.26.224.58,72.29.104.106,72.29.72.189,72.29.89.43,72.3.182.114,72.3.236.120,72.32.125.210,72.34.226.100,72.34.234.40,72.34.244.202,72.34.247.90,72.35.27.41,72.35.75.38,72.44.84.165,72.45.200.18,72.46.129.202,72.46.244.148,72.47.200.226,72.47.209.133,72.51.224.160,72.51.41.34,72.52.128.195,72.52.191.225,72.52.205.189,72.52.208.117] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (170)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500338; rev:2006;)
alert udp [72.249.77.74,72.249.83.84,72.251.195.146,72.26.201.166,72.26.208.66,72.26.224.58,72.29.104.106,72.29.72.189,72.29.89.43,72.3.182.114,72.3.236.120,72.32.125.210,72.34.226.100,72.34.234.40,72.34.244.202,72.34.247.90,72.35.27.41,72.35.75.38,72.44.84.165,72.45.200.18,72.46.129.202,72.46.244.148,72.47.200.226,72.47.209.133,72.51.224.160,72.51.41.34,72.52.128.195,72.52.191.225,72.52.205.189,72.52.208.117] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (170)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500339; rev:2006;)
alert tcp [72.52.220.32,72.52.223.70,72.52.65.205,72.54.123.34,72.55.137.204,72.55.140.199,72.55.140.75,72.55.143.148,72.55.146.176,72.55.148.232,72.55.153.75,72.55.156.171,72.55.156.23,72.55.164.240,72.55.174.109,72.55.174.135,72.55.174.42,72.9.147.163,72.9.245.82,74.113.68.26,74.119.217.170,74.121.180.154,74.121.180.186,74.126.23.81,74.188.28.66,74.200.72.170,74.207.244.247,74.207.247.8,74.207.251.184,74.207.251.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (171)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500340; rev:2006;)
alert udp [72.52.220.32,72.52.223.70,72.52.65.205,72.54.123.34,72.55.137.204,72.55.140.199,72.55.140.75,72.55.143.148,72.55.146.176,72.55.148.232,72.55.153.75,72.55.156.171,72.55.156.23,72.55.164.240,72.55.174.109,72.55.174.135,72.55.174.42,72.9.147.163,72.9.245.82,74.113.68.26,74.119.217.170,74.121.180.154,74.121.180.186,74.126.23.81,74.188.28.66,74.200.72.170,74.207.244.247,74.207.247.8,74.207.251.184,74.207.251.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (171)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500341; rev:2006;)
alert tcp [74.208.123.7,74.208.15.85,74.208.158.83,74.208.170.66,74.208.195.11,74.208.43.218,74.208.44.17,74.213.171.215,74.220.16.51,74.222.1.99,74.50.115.136,74.50.3.108,74.50.49.34,74.50.52.43,74.50.53.198,74.50.99.232,74.52.107.114,74.52.48.66,74.53.203.66,74.54.135.106,74.54.156.73,74.54.222.105,74.54.223.198,74.54.79.25,74.54.82.223,74.54.82.224,74.55.122.6,74.55.14.2,74.55.15.74,74.55.167.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (172)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500342; rev:2006;)
alert udp [74.208.123.7,74.208.15.85,74.208.158.83,74.208.170.66,74.208.195.11,74.208.43.218,74.208.44.17,74.213.171.215,74.220.16.51,74.222.1.99,74.50.115.136,74.50.3.108,74.50.49.34,74.50.52.43,74.50.53.198,74.50.99.232,74.52.107.114,74.52.48.66,74.53.203.66,74.54.135.106,74.54.156.73,74.54.222.105,74.54.223.198,74.54.79.25,74.54.82.223,74.54.82.224,74.55.122.6,74.55.14.2,74.55.15.74,74.55.167.66] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (172)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500343; rev:2006;)
alert tcp [74.55.189.178,74.55.201.138,74.55.22.226,74.55.250.210,74.55.6.60,74.55.71.2,74.62.154.168,74.63.232.46,74.63.252.139,74.63.39.130,74.65.195.239,74.7.153.18,74.82.51.107,74.82.51.130,74.82.51.28,74.85.199.98,74.85.64.154,74.86.147.26,74.86.151.38,74.86.161.138,74.86.181.26,74.86.52.90,74.86.67.250,74.86.84.207,74.86.85.120,74.92.91.97,74.93.189.173,74.94.160.6,74.95.12.13,74.95.46.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (173)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500344; rev:2006;)
alert udp [74.55.189.178,74.55.201.138,74.55.22.226,74.55.250.210,74.55.6.60,74.55.71.2,74.62.154.168,74.63.232.46,74.63.252.139,74.63.39.130,74.65.195.239,74.7.153.18,74.82.51.107,74.82.51.130,74.82.51.28,74.85.199.98,74.85.64.154,74.86.147.26,74.86.151.38,74.86.161.138,74.86.181.26,74.86.52.90,74.86.67.250,74.86.84.207,74.86.85.120,74.92.91.97,74.93.189.173,74.94.160.6,74.95.12.13,74.95.46.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (173)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500345; rev:2006;)
alert tcp [74.95.79.97,75.101.207.163,75.101.229.240,75.103.226.6,75.11.92.225,75.119.217.238,75.125.118.158,75.125.131.34,75.125.140.82,75.125.149.90,75.125.183.194,75.125.217.2,75.125.61.167,75.125.97.18,75.126.137.166,75.126.139.100,75.126.186.101,75.127.110.52,75.127.112.130,75.127.112.18,75.127.72.154,75.127.81.15,75.127.81.29,75.127.97.138,75.127.97.23,75.131.242.118,75.144.254.25,75.147.60.33,75.147.62.198,75.149.205.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (174)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500346; rev:2006;)
alert udp [74.95.79.97,75.101.207.163,75.101.229.240,75.103.226.6,75.11.92.225,75.119.217.238,75.125.118.158,75.125.131.34,75.125.140.82,75.125.149.90,75.125.183.194,75.125.217.2,75.125.61.167,75.125.97.18,75.126.137.166,75.126.139.100,75.126.186.101,75.127.110.52,75.127.112.130,75.127.112.18,75.127.72.154,75.127.81.15,75.127.81.29,75.127.97.138,75.127.97.23,75.131.242.118,75.144.254.25,75.147.60.33,75.147.62.198,75.149.205.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (174)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500347; rev:2006;)
alert tcp [75.149.55.204,75.149.85.71,75.15.199.60,75.151.77.169,75.16.206.104,75.179.23.111,75.22.138.23,75.22.22.148,75.37.127.100,75.45.0.127,75.45.11.77,75.50.108.131,75.53.145.116,75.59.219.22,75.7.82.23,75.83.54.1,76.10.204.100,76.107.49.232,76.11.140.188,76.12.113.228,76.12.116.164,76.12.12.123,76.12.147.199,76.12.28.98,76.12.88.168,76.163.25.140,76.164.45.18,76.180.176.208,76.188.169.250,76.194.93.214] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (175)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500348; rev:2006;)
alert udp [75.149.55.204,75.149.85.71,75.15.199.60,75.151.77.169,75.16.206.104,75.179.23.111,75.22.138.23,75.22.22.148,75.37.127.100,75.45.0.127,75.45.11.77,75.50.108.131,75.53.145.116,75.59.219.22,75.7.82.23,75.83.54.1,76.10.204.100,76.107.49.232,76.11.140.188,76.12.113.228,76.12.116.164,76.12.12.123,76.12.147.199,76.12.28.98,76.12.88.168,76.163.25.140,76.164.45.18,76.180.176.208,76.188.169.250,76.194.93.214] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (175)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500349; rev:2006;)
alert tcp [76.201.177.136,76.21.243.13,76.229.169.181,76.229.207.41,76.241.121.124,76.248.69.52,76.254.236.90,76.73.125.202,76.74.154.104,76.74.218.12,76.74.239.156,76.74.252.170,76.74.253.57,76.76.101.70,76.76.11.73,76.76.18.227,76.76.189.250,76.76.96.188,76.76.99.91,76.79.200.203,76.87.55.81,76.99.115.237,77.103.12.129,77.104.235.139,77.107.221.43,77.109.85.227,77.111.69.213,77.111.89.200,77.120.115.208,77.120.116.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (176)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500350; rev:2006;)
alert udp [76.201.177.136,76.21.243.13,76.229.169.181,76.229.207.41,76.241.121.124,76.248.69.52,76.254.236.90,76.73.125.202,76.74.154.104,76.74.218.12,76.74.239.156,76.74.252.170,76.74.253.57,76.76.101.70,76.76.11.73,76.76.18.227,76.76.189.250,76.76.96.188,76.76.99.91,76.79.200.203,76.87.55.81,76.99.115.237,77.103.12.129,77.104.235.139,77.107.221.43,77.109.85.227,77.111.69.213,77.111.89.200,77.120.115.208,77.120.116.116] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (176)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500351; rev:2006;)
alert tcp [77.120.120.118,77.120.120.71,77.127.6.197,77.162.98.211,77.211.251.221,77.213.225.13,77.221.134.218,77.221.138.234,77.221.140.102,77.221.140.15,77.221.148.74,77.221.148.82,77.221.148.98,77.221.152.106,77.221.157.58,77.221.159.242,77.222.134.90,77.222.142.44,77.222.142.58,77.222.40.206,77.222.43.156,77.222.43.170,77.222.43.19,77.222.43.222,77.222.43.37,77.222.43.44,77.222.43.80,77.222.56.126,77.223.141.49,77.232.225.65] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (177)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500352; rev:2006;)
alert udp [77.120.120.118,77.120.120.71,77.127.6.197,77.162.98.211,77.211.251.221,77.213.225.13,77.221.134.218,77.221.138.234,77.221.140.102,77.221.140.15,77.221.148.74,77.221.148.82,77.221.148.98,77.221.152.106,77.221.157.58,77.221.159.242,77.222.134.90,77.222.142.44,77.222.142.58,77.222.40.206,77.222.43.156,77.222.43.170,77.222.43.19,77.222.43.222,77.222.43.37,77.222.43.44,77.222.43.80,77.222.56.126,77.223.141.49,77.232.225.65] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (177)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500353; rev:2006;)
alert tcp [77.234.201.89,77.235.43.185,77.235.43.217,77.237.85.19,77.239.29.71,77.241.83.105,77.241.83.140,77.241.83.16,77.241.83.161,77.241.83.35,77.241.83.40,77.241.89.68,77.241.91.70,77.242.96.66,77.243.231.114,77.243.235.84,77.244.242.21,77.244.249.12,77.245.145.193,77.245.145.197,77.245.64.114,77.245.78.58,77.246.179.117,77.247.208.35,77.247.235.11,77.249.255.30,77.253.210.2,77.254.168.171,77.29.106.233,77.29.109.150] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (178)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500354; rev:2006;)
alert udp [77.234.201.89,77.235.43.185,77.235.43.217,77.237.85.19,77.239.29.71,77.241.83.105,77.241.83.140,77.241.83.16,77.241.83.161,77.241.83.35,77.241.83.40,77.241.89.68,77.241.91.70,77.242.96.66,77.243.231.114,77.243.235.84,77.244.242.21,77.244.249.12,77.245.145.193,77.245.145.197,77.245.64.114,77.245.78.58,77.246.179.117,77.247.208.35,77.247.235.11,77.249.255.30,77.253.210.2,77.254.168.171,77.29.106.233,77.29.109.150] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (178)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500355; rev:2006;)
alert tcp [77.29.122.4,77.29.28.42,77.37.12.160,77.37.136.14,77.37.163.250,77.37.20.73,77.39.16.122,77.40.244.75,77.41.122.141,77.43.21.70,77.47.185.110,77.48.22.6,77.48.42.5,77.48.63.206,77.68.37.74,77.68.40.108,77.68.56.237,77.68.59.86,77.68.60.22,77.70.78.189,77.74.193.43,77.74.197.4,77.75.34.106,77.76.137.237,77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.172,77.78.248.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (179)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500356; rev:2006;)
alert udp [77.29.122.4,77.29.28.42,77.37.12.160,77.37.136.14,77.37.163.250,77.37.20.73,77.39.16.122,77.40.244.75,77.41.122.141,77.43.21.70,77.47.185.110,77.48.22.6,77.48.42.5,77.48.63.206,77.68.37.74,77.68.40.108,77.68.56.237,77.68.59.86,77.68.60.22,77.70.78.189,77.74.193.43,77.74.197.4,77.75.34.106,77.76.137.237,77.78.193.12,77.78.239.3,77.78.240.115,77.78.240.152,77.78.240.172,77.78.248.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (179)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500357; rev:2006;)
alert tcp [77.78.249.130,77.78.249.30,77.79.115.167,77.79.65.86,77.86.49.191,77.88.66.251,77.89.132.146,77.92.130.236,77.92.143.120,77.92.68.201,77.92.75.135,77.92.77.234,77.92.77.28,77.92.77.38,77.92.93.2,77.93.215.12,77.93.218.67,77.93.222.128,77.93.222.40,77.93.240.42,77.93.254.208,77.94.189.23,77.94.242.118,78.101.160.58,78.102.77.245,78.105.115.76,78.108.138.31,78.108.178.210,78.108.178.231,78.108.178.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (180)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500358; rev:2006;)
alert udp [77.78.249.130,77.78.249.30,77.79.115.167,77.79.65.86,77.86.49.191,77.88.66.251,77.89.132.146,77.92.130.236,77.92.143.120,77.92.68.201,77.92.75.135,77.92.77.234,77.92.77.28,77.92.77.38,77.92.93.2,77.93.215.12,77.93.218.67,77.93.222.128,77.93.222.40,77.93.240.42,77.93.254.208,77.94.189.23,77.94.242.118,78.101.160.58,78.102.77.245,78.105.115.76,78.108.138.31,78.108.178.210,78.108.178.231,78.108.178.46] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (180)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500359; rev:2006;)
alert tcp [78.108.183.101,78.108.88.129,78.108.88.79,78.111.218.178,78.111.236.62,78.111.80.121,78.111.81.226,78.111.99.210,78.128.23.105,78.129.174.227,78.129.199.244,78.134.117.44,78.137.160.36,78.137.168.230,78.138.115.71,78.140.1.71,78.140.143.7,78.140.149.159,78.141.172.140,78.142.157.205,78.142.157.206,78.143.30.2,78.156.48.250,78.159.112.45,78.159.112.66,78.159.121.94,78.225.2.212,78.231.0.100,78.24.219.174,78.24.222.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (181)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500360; rev:2006;)
alert udp [78.108.183.101,78.108.88.129,78.108.88.79,78.111.218.178,78.111.236.62,78.111.80.121,78.111.81.226,78.111.99.210,78.128.23.105,78.129.174.227,78.129.199.244,78.134.117.44,78.137.160.36,78.137.168.230,78.138.115.71,78.140.1.71,78.140.143.7,78.140.149.159,78.141.172.140,78.142.157.205,78.142.157.206,78.143.30.2,78.156.48.250,78.159.112.45,78.159.112.66,78.159.121.94,78.225.2.212,78.231.0.100,78.24.219.174,78.24.222.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (181)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500361; rev:2006;)
alert tcp [78.3.253.176,78.30.209.187,78.30.212.133,78.30.232.112,78.37.83.203,78.39.243.50,78.4.19.170,78.4.40.147,78.40.226.30,78.42.220.112,78.46.100.48,78.46.103.150,78.46.104.150,78.46.104.66,78.46.105.82,78.46.15.219,78.46.32.194,78.46.41.103,78.46.41.50,78.46.41.88,78.46.42.233,78.46.47.171,78.46.71.139,78.46.72.115,78.46.73.2,78.46.80.44,78.46.84.200,78.46.87.108,78.46.87.110,78.46.87.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (182)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500362; rev:2006;)
alert udp [78.3.253.176,78.30.209.187,78.30.212.133,78.30.232.112,78.37.83.203,78.39.243.50,78.4.19.170,78.4.40.147,78.40.226.30,78.42.220.112,78.46.100.48,78.46.103.150,78.46.104.150,78.46.104.66,78.46.105.82,78.46.15.219,78.46.32.194,78.46.41.103,78.46.41.50,78.46.41.88,78.46.42.233,78.46.47.171,78.46.71.139,78.46.72.115,78.46.73.2,78.46.80.44,78.46.84.200,78.46.87.108,78.46.87.110,78.46.87.6] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (182)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500363; rev:2006;)
alert tcp [78.46.90.202,78.46.91.173,78.46.97.112,78.46.99.171,78.47.238.49,78.5.143.241,78.55.108.41,78.56.181.61,78.8.4.208,78.90.16.53,78.90.52.165,79.106.255.56,79.107.100.248,79.107.100.249,79.107.100.250,79.107.100.251,79.107.100.252,79.107.100.253,79.107.100.254,79.110.112.210,79.113.225.22,79.116.208.142,79.117.117.250,79.118.202.106,79.118.207.176,79.118.255.242,79.125.11.68,79.126.21.113,79.132.192.22,79.132.229.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (183)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500364; rev:2006;)
alert udp [78.46.90.202,78.46.91.173,78.46.97.112,78.46.99.171,78.47.238.49,78.5.143.241,78.55.108.41,78.56.181.61,78.8.4.208,78.90.16.53,78.90.52.165,79.106.255.56,79.107.100.248,79.107.100.249,79.107.100.250,79.107.100.251,79.107.100.252,79.107.100.253,79.107.100.254,79.110.112.210,79.113.225.22,79.116.208.142,79.117.117.250,79.118.202.106,79.118.207.176,79.118.255.242,79.125.11.68,79.126.21.113,79.132.192.22,79.132.229.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (183)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500365; rev:2006;)
alert tcp [79.135.152.9,79.136.125.142,79.136.63.149,79.136.98.156,79.138.178.89,79.14.253.188,79.142.112.193,79.148.118.225,79.160.154.42,79.165.184.179,79.171.100.100,79.171.100.106,79.171.18.112,79.171.18.193,79.171.20.190,79.174.64.15,79.174.64.220,79.174.64.226,79.174.64.241,79.174.64.246,79.174.64.252,79.174.65.151,79.174.65.179,79.174.65.26,79.174.65.85,79.174.66.200,79.174.66.229,79.174.66.239,79.174.66.28,79.174.66.79] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (184)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500366; rev:2006;)
alert udp [79.135.152.9,79.136.125.142,79.136.63.149,79.136.98.156,79.138.178.89,79.14.253.188,79.142.112.193,79.148.118.225,79.160.154.42,79.165.184.179,79.171.100.100,79.171.100.106,79.171.18.112,79.171.18.193,79.171.20.190,79.174.64.15,79.174.64.220,79.174.64.226,79.174.64.241,79.174.64.246,79.174.64.252,79.174.65.151,79.174.65.179,79.174.65.26,79.174.65.85,79.174.66.200,79.174.66.229,79.174.66.239,79.174.66.28,79.174.66.79] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (184)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500367; rev:2006;)
alert tcp [79.174.67.102,79.174.67.143,79.174.67.181,79.174.67.28,79.174.78.81,79.174.79.108,79.174.79.112,79.174.79.131,79.174.79.132,79.174.79.136,79.174.79.139,79.174.79.254,79.174.79.32,79.174.79.34,79.174.79.35,79.174.79.36,79.174.79.43,79.174.79.45,79.174.79.68,79.174.79.71,79.174.79.77,79.174.79.84,79.174.79.99,79.18.239.38,79.181.114.83,79.181.122.102,79.181.127.63,79.183.7.117,79.185.199.181,79.186.160.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (185)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500368; rev:2006;)
alert udp [79.174.67.102,79.174.67.143,79.174.67.181,79.174.67.28,79.174.78.81,79.174.79.108,79.174.79.112,79.174.79.131,79.174.79.132,79.174.79.136,79.174.79.139,79.174.79.254,79.174.79.32,79.174.79.34,79.174.79.35,79.174.79.36,79.174.79.43,79.174.79.45,79.174.79.68,79.174.79.71,79.174.79.77,79.174.79.84,79.174.79.99,79.18.239.38,79.181.114.83,79.181.122.102,79.181.127.63,79.183.7.117,79.185.199.181,79.186.160.80] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (185)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500369; rev:2006;)
alert tcp [79.187.8.20,79.189.213.18,79.190.204.138,79.190.28.162,79.190.43.178,79.190.71.234,79.191.24.157,79.25.129.83,79.29.40.63,79.36.220.16,79.38.222.4,79.38.86.58,79.48.78.74,79.5.155.1,79.5.254.204,79.5.97.184,79.54.62.158,79.98.25.189,79.98.27.100,79.98.27.113,79.98.27.196,79.98.27.202,79.98.27.208,79.98.27.219,79.98.27.236,79.98.27.57,79.98.29.208,79.98.29.214,79.98.29.221,8.12.230.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (186)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500370; rev:2006;)
alert udp [79.187.8.20,79.189.213.18,79.190.204.138,79.190.28.162,79.190.43.178,79.190.71.234,79.191.24.157,79.25.129.83,79.29.40.63,79.36.220.16,79.38.222.4,79.38.86.58,79.48.78.74,79.5.155.1,79.5.254.204,79.5.97.184,79.54.62.158,79.98.25.189,79.98.27.100,79.98.27.113,79.98.27.196,79.98.27.202,79.98.27.208,79.98.27.219,79.98.27.236,79.98.27.57,79.98.29.208,79.98.29.214,79.98.29.221,8.12.230.71] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (186)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500371; rev:2006;)
alert tcp [8.2.208.2,8.25.128.141,8.25.128.69,8.25.128.70,8.5.1.36,80.11.56.27,80.112.234.218,80.12.80.125,80.13.106.175,80.13.247.112,80.138.192.223,80.14.98.174,80.146.177.67,80.152.212.6,80.152.229.62,80.153.1.172,80.153.155.40,80.154.42.54,80.160.71.231,80.160.71.235,80.168.88.252,80.168.90.75,80.169.87.101,80.179.155.55,80.179.230.40,80.190.229.210,80.190.243.231,80.190.251.244,80.191.149.83,80.191.161.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (187)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500372; rev:2006;)
alert udp [8.2.208.2,8.25.128.141,8.25.128.69,8.25.128.70,8.5.1.36,80.11.56.27,80.112.234.218,80.12.80.125,80.13.106.175,80.13.247.112,80.138.192.223,80.14.98.174,80.146.177.67,80.152.212.6,80.152.229.62,80.153.1.172,80.153.155.40,80.154.42.54,80.160.71.231,80.160.71.235,80.168.88.252,80.168.90.75,80.169.87.101,80.179.155.55,80.179.230.40,80.190.229.210,80.190.243.231,80.190.251.244,80.191.149.83,80.191.161.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (187)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500373; rev:2006;)
alert tcp [80.191.180.102,80.191.214.7,80.194.247.163,80.196.101.246,80.203.201.46,80.237.157.108,80.237.178.182,80.237.178.187,80.237.178.188,80.237.178.189,80.237.2.177,80.237.209.59,80.240.202.170,80.241.16.33,80.241.245.6,80.242.164.61,80.243.168.145,80.243.212.104,80.244.34.138,80.245.39.142,80.245.39.147,80.245.57.202,80.247.17.29,80.247.210.16,80.248.180.223,80.248.213.168,80.248.71.140,80.249.166.152,80.249.210.2,80.249.239.48] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (188)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500374; rev:2006;)
alert udp [80.191.180.102,80.191.214.7,80.194.247.163,80.196.101.246,80.203.201.46,80.237.157.108,80.237.178.182,80.237.178.187,80.237.178.188,80.237.178.189,80.237.2.177,80.237.209.59,80.240.202.170,80.241.16.33,80.241.245.6,80.242.164.61,80.243.168.145,80.243.212.104,80.244.34.138,80.245.39.142,80.245.39.147,80.245.57.202,80.247.17.29,80.247.210.16,80.248.180.223,80.248.213.168,80.248.71.140,80.249.166.152,80.249.210.2,80.249.239.48] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (188)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500375; rev:2006;)
alert tcp [80.251.250.22,80.254.160.203,80.33.141.151,80.34.120.85,80.35.193.53,80.36.161.34,80.38.118.86,80.38.244.97,80.48.2.2,80.50.231.134,80.51.214.113,80.52.213.251,80.52.244.27,80.53.122.122,80.55.121.5,80.55.186.238,80.59.169.239,80.59.39.81,80.6.22.239,80.64.63.140,80.64.65.45,80.65.230.139,80.68.199.66,80.68.90.63,80.70.208.108,80.70.96.167,80.72.235.105,80.73.192.42,80.74.113.26,80.74.142.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (189)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500376; rev:2006;)
alert udp [80.251.250.22,80.254.160.203,80.33.141.151,80.34.120.85,80.35.193.53,80.36.161.34,80.38.118.86,80.38.244.97,80.48.2.2,80.50.231.134,80.51.214.113,80.52.213.251,80.52.244.27,80.53.122.122,80.55.121.5,80.55.186.238,80.59.169.239,80.59.39.81,80.6.22.239,80.64.63.140,80.64.65.45,80.65.230.139,80.68.199.66,80.68.90.63,80.70.208.108,80.70.96.167,80.72.235.105,80.73.192.42,80.74.113.26,80.74.142.85] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (189)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500377; rev:2006;)
alert tcp [80.74.151.61,80.74.157.211,80.74.99.180,80.77.95.20,80.80.162.130,80.81.115.188,80.81.208.138,80.81.254.168,80.81.254.22,80.81.254.55,80.82.17.136,80.86.167.182,80.86.198.13,80.86.198.70,80.86.92.117,80.87.131.126,80.87.131.154,80.87.131.156,80.87.221.26,80.89.34.187,80.91.191.180,80.91.191.247,80.92.200.196,80.92.90.61,80.93.62.127,80.95.160.6,80.95.160.71,81.0.104.90,81.0.214.212,81.0.228.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (190)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500378; rev:2006;)
alert udp [80.74.151.61,80.74.157.211,80.74.99.180,80.77.95.20,80.80.162.130,80.81.115.188,80.81.208.138,80.81.254.168,80.81.254.22,80.81.254.55,80.82.17.136,80.86.167.182,80.86.198.13,80.86.198.70,80.86.92.117,80.87.131.126,80.87.131.154,80.87.131.156,80.87.221.26,80.89.34.187,80.91.191.180,80.91.191.247,80.92.200.196,80.92.90.61,80.93.62.127,80.95.160.6,80.95.160.71,81.0.104.90,81.0.214.212,81.0.228.182] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (190)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500379; rev:2006;)
alert tcp [81.0.237.125,81.112.238.90,81.13.68.140,81.137.102.251,81.169.132.156,81.169.132.184,81.169.134.15,81.169.152.52,81.169.165.123,81.169.167.181,81.169.181.190,81.171.35.60,81.173.18.172,81.173.18.180,81.173.19.215,81.174.67.3,81.175.61.223,81.176.236.226,81.176.66.98,81.177.33.156,81.18.169.235,81.18.26.61,81.180.127.115,81.180.167.201,81.183.216.186,81.19.118.199,81.19.151.195,81.19.152.142,81.190.44.14,81.193.123.49] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (191)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500380; rev:2006;)
alert udp [81.0.237.125,81.112.238.90,81.13.68.140,81.137.102.251,81.169.132.156,81.169.132.184,81.169.134.15,81.169.152.52,81.169.165.123,81.169.167.181,81.169.181.190,81.171.35.60,81.173.18.172,81.173.18.180,81.173.19.215,81.174.67.3,81.175.61.223,81.176.236.226,81.176.66.98,81.177.33.156,81.18.169.235,81.18.26.61,81.180.127.115,81.180.167.201,81.183.216.186,81.19.118.199,81.19.151.195,81.19.152.142,81.190.44.14,81.193.123.49] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (191)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500381; rev:2006;)
alert tcp [81.196.20.134,81.196.221.186,81.2.198.65,81.20.168.4,81.201.105.107,81.202.109.93,81.202.115.134,81.202.27.206,81.208.11.194,81.208.35.109,81.208.35.84,81.208.62.115,81.215.195.175,81.219.54.77,81.223.155.37,81.23.121.38,81.23.236.73,81.24.147.76,81.24.32.230,81.246.117.138,81.25.120.192,81.252.196.50,81.255.23.154,81.255.91.101,81.27.197.67,81.27.44.248,81.28.96.203,81.28.96.74,81.28.97.18,81.28.97.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (192)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500382; rev:2006;)
alert udp [81.196.20.134,81.196.221.186,81.2.198.65,81.20.168.4,81.201.105.107,81.202.109.93,81.202.115.134,81.202.27.206,81.208.11.194,81.208.35.109,81.208.35.84,81.208.62.115,81.215.195.175,81.219.54.77,81.223.155.37,81.23.121.38,81.23.236.73,81.24.147.76,81.24.32.230,81.246.117.138,81.25.120.192,81.252.196.50,81.255.23.154,81.255.91.101,81.27.197.67,81.27.44.248,81.28.96.203,81.28.96.74,81.28.97.18,81.28.97.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (192)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500383; rev:2006;)
alert tcp [81.28.97.73,81.28.97.84,81.29.146.34,81.29.146.49,81.29.197.196,81.30.151.42,81.30.64.130,81.38.245.237,81.4.76.84,81.47.130.26,81.56.112.105,81.56.201.37,81.56.203.73,81.7.71.182,81.80.40.214,81.82.252.4,81.83.10.210,81.83.12.68,81.83.13.175,81.88.54.234,81.89.103.168,81.89.103.80,81.89.110.57,81.89.48.85,81.89.61.38,81.95.98.210,82.103.128.121,82.104.144.82,82.112.192.102,82.113.106.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (193)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500384; rev:2006;)
alert udp [81.28.97.73,81.28.97.84,81.29.146.34,81.29.146.49,81.29.197.196,81.30.151.42,81.30.64.130,81.38.245.237,81.4.76.84,81.47.130.26,81.56.112.105,81.56.201.37,81.56.203.73,81.7.71.182,81.80.40.214,81.82.252.4,81.83.10.210,81.83.12.68,81.83.13.175,81.88.54.234,81.89.103.168,81.89.103.80,81.89.110.57,81.89.48.85,81.89.61.38,81.95.98.210,82.103.128.121,82.104.144.82,82.112.192.102,82.113.106.207] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (193)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500385; rev:2006;)
alert tcp [82.113.121.103,82.113.121.99,82.113.153.100,82.113.49.38,82.114.175.37,82.114.224.205,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250,82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.116.192.114,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.225.62,82.127.114.250,82.127.66.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (194)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500386; rev:2006;)
alert udp [82.113.121.103,82.113.121.99,82.113.153.100,82.113.49.38,82.114.175.37,82.114.224.205,82.114.233.187,82.114.253.152,82.115.10.164,82.115.10.95,82.115.16.148,82.115.16.250,82.115.19.152,82.115.24.167,82.115.24.250,82.115.30.46,82.115.83.59,82.115.85.131,82.115.92.158,82.116.192.114,82.117.108.9,82.117.108.91,82.117.118.116,82.117.118.93,82.117.126.163,82.117.59.148,82.117.63.209,82.119.225.62,82.127.114.250,82.127.66.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (194)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500387; rev:2006;)
alert tcp [82.128.245.136,82.128.253.201,82.130.119.4,82.130.177.254,82.131.192.212,82.132.26.234,82.135.139.6,82.135.231.145,82.135.231.21,82.135.41.2,82.135.69.69,82.135.88.150,82.139.23.190,82.139.71.187,82.140.153.153,82.142.126.251,82.146.46.133,82.147.175.55,82.148.23.83,82.148.29.250,82.148.31.212,82.152.59.9,82.154.248.147,82.155.0.78,82.155.51.55,82.158.128.129,82.160.135.13,82.177.18.212,82.179.71.52,82.187.110.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (195)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500388; rev:2006;)
alert udp [82.128.245.136,82.128.253.201,82.130.119.4,82.130.177.254,82.131.192.212,82.132.26.234,82.135.139.6,82.135.231.145,82.135.231.21,82.135.41.2,82.135.69.69,82.135.88.150,82.139.23.190,82.139.71.187,82.140.153.153,82.142.126.251,82.146.46.133,82.147.175.55,82.148.23.83,82.148.29.250,82.148.31.212,82.152.59.9,82.154.248.147,82.155.0.78,82.155.51.55,82.158.128.129,82.160.135.13,82.177.18.212,82.179.71.52,82.187.110.74] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (195)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500389; rev:2006;)
alert tcp [82.192.81.236,82.193.234.212,82.197.153.201,82.198.126.7,82.200.214.21,82.200.29.94,82.204.31.223,82.207.102.11,82.207.113.150,82.207.238.78,82.208.10.183,82.210.130.234,82.210.31.12,82.212.69.12,82.221.32.6,82.224.119.156,82.224.245.110,82.224.34.103,82.225.233.120,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.126.154,82.228.150.242,82.228.44.201] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (196)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500390; rev:2006;)
alert udp [82.192.81.236,82.193.234.212,82.197.153.201,82.198.126.7,82.200.214.21,82.200.29.94,82.204.31.223,82.207.102.11,82.207.113.150,82.207.238.78,82.208.10.183,82.210.130.234,82.210.31.12,82.212.69.12,82.221.32.6,82.224.119.156,82.224.245.110,82.224.34.103,82.225.233.120,82.225.6.76,82.226.110.12,82.226.123.77,82.226.131.161,82.226.41.107,82.226.5.71,82.226.50.142,82.227.75.75,82.228.126.154,82.228.150.242,82.228.44.201] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (196)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500391; rev:2006;)
alert tcp [82.229.122.192,82.229.227.1,82.230.149.95,82.230.207.7,82.230.42.230,82.231.151.134,82.231.21.217,82.231.69.123,82.231.75.20,82.232.13.212,82.232.183.109,82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.152.62,82.233.167.2,82.234.161.15,82.234.79.36,82.235.113.121,82.235.119.25,82.235.127.164,82.235.96.131,82.236.11.160,82.237.17.189,82.237.170.208,82.237.191.169,82.237.28.34,82.237.48.196,82.238.133.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (197)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500392; rev:2006;)
alert udp [82.229.122.192,82.229.227.1,82.230.149.95,82.230.207.7,82.230.42.230,82.231.151.134,82.231.21.217,82.231.69.123,82.231.75.20,82.232.13.212,82.232.183.109,82.232.194.237,82.232.37.163,82.232.99.218,82.233.140.134,82.233.152.62,82.233.167.2,82.234.161.15,82.234.79.36,82.235.113.121,82.235.119.25,82.235.127.164,82.235.96.131,82.236.11.160,82.237.17.189,82.237.170.208,82.237.191.169,82.237.28.34,82.237.48.196,82.238.133.192] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (197)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500393; rev:2006;)
alert tcp [82.238.210.201,82.238.226.103,82.238.37.41,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.243.43.232,82.244.221.227,82.244.231.46,82.244.58.88,82.245.156.195,82.245.173.106,82.245.237.84,82.245.72.57,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.124.59,82.247.195.164,82.247.200.74,82.248.211.212,82.250.101.249,82.250.160.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (198)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500394; rev:2006;)
alert udp [82.238.210.201,82.238.226.103,82.238.37.41,82.239.189.88,82.239.200.42,82.239.230.132,82.239.62.119,82.240.70.67,82.241.129.163,82.241.200.4,82.242.236.170,82.243.103.51,82.243.43.232,82.244.221.227,82.244.231.46,82.244.58.88,82.245.156.195,82.245.173.106,82.245.237.84,82.245.72.57,82.246.0.11,82.246.157.76,82.246.63.91,82.246.81.219,82.247.124.59,82.247.195.164,82.247.200.74,82.248.211.212,82.250.101.249,82.250.160.218] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (198)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500395; rev:2006;)
alert tcp [82.250.211.183,82.251.124.13,82.251.125.61,82.251.232.13,82.251.249.60,82.252.156.220,82.254.248.225,82.255.113.164,82.39.212.129,82.49.189.156,82.51.145.80,82.53.174.211,82.57.29.206,82.60.67.225,82.64.130.152,82.64.185.164,82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.65.66.39,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.70.177.150,82.76.165.29,82.77.216.130,82.77.232.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (199)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500396; rev:2006;)
alert udp [82.250.211.183,82.251.124.13,82.251.125.61,82.251.232.13,82.251.249.60,82.252.156.220,82.254.248.225,82.255.113.164,82.39.212.129,82.49.189.156,82.51.145.80,82.53.174.211,82.57.29.206,82.60.67.225,82.64.130.152,82.64.185.164,82.64.242.241,82.64.85.19,82.65.36.57,82.65.40.18,82.65.66.39,82.66.123.243,82.66.144.95,82.66.170.103,82.66.252.221,82.66.58.134,82.70.177.150,82.76.165.29,82.77.216.130,82.77.232.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (199)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500397; rev:2006;)
alert tcp [82.78.195.122,82.79.151.15,82.82.135.179,82.82.224.124,82.83.248.238,82.83.91.13,82.85.90.87,82.88.1.187,82.95.224.38,82.97.15.139,82.98.86.167,83.10.222.194,83.101.24.213,83.103.127.122,83.103.127.243,83.103.171.23,83.11.161.211,83.11.63.105,83.11.72.49,83.12.134.162,83.12.155.202,83.12.243.234,83.12.251.154,83.12.75.42,83.13.162.26,83.13.220.122,83.135.140.37,83.137.130.146,83.137.145.150,83.137.193.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (200)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500398; rev:2006;)
alert udp [82.78.195.122,82.79.151.15,82.82.135.179,82.82.224.124,82.83.248.238,82.83.91.13,82.85.90.87,82.88.1.187,82.95.224.38,82.97.15.139,82.98.86.167,83.10.222.194,83.101.24.213,83.103.127.122,83.103.127.243,83.103.171.23,83.11.161.211,83.11.63.105,83.11.72.49,83.12.134.162,83.12.155.202,83.12.243.234,83.12.251.154,83.12.75.42,83.13.162.26,83.13.220.122,83.135.140.37,83.137.130.146,83.137.145.150,83.137.193.200] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (200)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500399; rev:2006;)
alert tcp [83.137.249.128,83.138.135.122,83.138.141.138,83.14.53.114,83.140.191.168,83.142.208.44,83.143.217.206,83.145.103.208,83.149.226.52,83.149.70.53,83.149.72.198,83.149.74.6,83.149.85.116,83.149.95.160,83.15.19.141,83.15.19.142,83.15.211.170,83.15.59.243,83.150.121.253,83.150.156.127,83.151.29.133,83.151.31.26,83.16.178.250,83.16.227.242,83.167.238.123,83.168.238.5,83.169.0.250,83.17.156.90,83.170.112.218,83.170.112.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (201)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500400; rev:2006;)
alert udp [83.137.249.128,83.138.135.122,83.138.141.138,83.14.53.114,83.140.191.168,83.142.208.44,83.143.217.206,83.145.103.208,83.149.226.52,83.149.70.53,83.149.72.198,83.149.74.6,83.149.85.116,83.149.95.160,83.15.19.141,83.15.19.142,83.15.211.170,83.15.59.243,83.150.121.253,83.150.156.127,83.151.29.133,83.151.31.26,83.16.178.250,83.16.227.242,83.167.238.123,83.168.238.5,83.169.0.250,83.17.156.90,83.170.112.218,83.170.112.250] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (201)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500401; rev:2006;)
alert tcp [83.170.113.138,83.170.115.110,83.170.115.84,83.170.83.204,83.170.85.139,83.170.85.180,83.170.85.61,83.170.88.210,83.172.144.47,83.175.70.17,83.18.168.58,83.18.59.178,83.19.20.250,83.2.224.2,83.2.40.7,83.2.81.91,83.202.204.151,83.21.35.18,83.211.51.122,83.211.93.140,83.212.127.238,83.216.149.245,83.216.43.201,83.221.34.4,83.222.110.209,83.222.127.70,83.222.130.10,83.226.186.238,83.227.154.200,83.227.73.193] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (202)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500402; rev:2006;)
alert udp [83.170.113.138,83.170.115.110,83.170.115.84,83.170.83.204,83.170.85.139,83.170.85.180,83.170.85.61,83.170.88.210,83.172.144.47,83.175.70.17,83.18.168.58,83.18.59.178,83.19.20.250,83.2.224.2,83.2.40.7,83.2.81.91,83.202.204.151,83.21.35.18,83.211.51.122,83.211.93.140,83.212.127.238,83.216.149.245,83.216.43.201,83.221.34.4,83.222.110.209,83.222.127.70,83.222.130.10,83.226.186.238,83.227.154.200,83.227.73.193] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (202)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500403; rev:2006;)
alert tcp [83.227.77.160,83.228.37.12,83.231.61.8,83.233.149.162,83.233.246.237,83.236.192.11,83.238.187.53,83.240.163.234,83.243.42.8,83.245.202.137,83.245.63.121,83.25.194.58,83.25.238.126,83.254.58.189,83.26.63.46,83.27.118.250,83.28.24.71,83.29.239.140,83.29.247.1,83.29.54.31,83.30.159.109,83.31.86.172,83.31.96.1,83.42.61.86,83.5.125.138,83.59.151.24,83.6.113.143,83.6.208.127,83.64.6.117,83.8.216.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (203)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500404; rev:2006;)
alert udp [83.227.77.160,83.228.37.12,83.231.61.8,83.233.149.162,83.233.246.237,83.236.192.11,83.238.187.53,83.240.163.234,83.243.42.8,83.245.202.137,83.245.63.121,83.25.194.58,83.25.238.126,83.254.58.189,83.26.63.46,83.27.118.250,83.28.24.71,83.29.239.140,83.29.247.1,83.29.54.31,83.30.159.109,83.31.86.172,83.31.96.1,83.42.61.86,83.5.125.138,83.59.151.24,83.6.113.143,83.6.208.127,83.64.6.117,83.8.216.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (203)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500405; rev:2006;)
alert tcp [83.87.224.30,83.88.199.75,83.9.18.229,83.9.34.211,83.96.235.40,83.97.161.213,83.98.128.109,83.98.150.51,84.10.156.60,84.104.240.14,84.106.83.73,84.109.63.225,84.115.85.207,84.120.248.233,84.120.61.39,84.123.185.81,84.123.39.91,84.124.106.11,84.124.11.117,84.124.27.36,84.124.75.143,84.126.112.181,84.127.197.48,84.15.40.80,84.158.68.249,84.16.226.87,84.16.230.120,84.16.250.152,84.16.75.103,84.19.186.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (204)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500406; rev:2006;)
alert udp [83.87.224.30,83.88.199.75,83.9.18.229,83.9.34.211,83.96.235.40,83.97.161.213,83.98.128.109,83.98.150.51,84.10.156.60,84.104.240.14,84.106.83.73,84.109.63.225,84.115.85.207,84.120.248.233,84.120.61.39,84.123.185.81,84.123.39.91,84.124.106.11,84.124.11.117,84.124.27.36,84.124.75.143,84.126.112.181,84.127.197.48,84.15.40.80,84.158.68.249,84.16.226.87,84.16.230.120,84.16.250.152,84.16.75.103,84.19.186.146] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (204)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500407; rev:2006;)
alert tcp [84.2.35.53,84.20.10.36,84.200.231.12,84.205.160.1,84.234.16.87,84.242.134.203,84.243.234.20,84.244.149.142,84.244.73.50,84.245.188.71,84.246.224.155,84.246.247.122,84.253.134.114,84.253.142.220,84.253.34.33,84.255.213.22,84.255.228.20,84.33.201.12,84.37.19.125,84.38.64.159,84.38.65.217,84.38.66.212,84.38.66.215,84.38.66.242,84.38.67.120,84.38.67.250,84.38.67.40,84.48.55.139,84.50.28.14,84.51.251.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (205)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500408; rev:2006;)
alert udp [84.2.35.53,84.20.10.36,84.200.231.12,84.205.160.1,84.234.16.87,84.242.134.203,84.243.234.20,84.244.149.142,84.244.73.50,84.245.188.71,84.246.224.155,84.246.247.122,84.253.134.114,84.253.142.220,84.253.34.33,84.255.213.22,84.255.228.20,84.33.201.12,84.37.19.125,84.38.64.159,84.38.65.217,84.38.66.212,84.38.66.215,84.38.66.242,84.38.67.120,84.38.67.250,84.38.67.40,84.48.55.139,84.50.28.14,84.51.251.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (205)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500409; rev:2006;)
alert tcp [84.52.115.188,84.52.71.84,84.52.98.134,84.55.14.29,84.55.151.154,84.62.75.20,84.73.233.110,84.75.116.84,84.79.69.222,84.89.61.97,84.95.241.157,85.10.192.231,85.10.193.185,85.10.193.241,85.10.194.176,85.10.195.252,85.10.199.101,85.10.199.203,85.10.201.236,85.10.202.3,85.10.203.208,85.10.227.71,85.105.205.167,85.11.33.12,85.112.126.15,85.112.126.8,85.114.130.162,85.114.130.247,85.114.132.96,85.114.133.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (206)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500410; rev:2006;)
alert udp [84.52.115.188,84.52.71.84,84.52.98.134,84.55.14.29,84.55.151.154,84.62.75.20,84.73.233.110,84.75.116.84,84.79.69.222,84.89.61.97,84.95.241.157,85.10.192.231,85.10.193.185,85.10.193.241,85.10.194.176,85.10.195.252,85.10.199.101,85.10.199.203,85.10.201.236,85.10.202.3,85.10.203.208,85.10.227.71,85.105.205.167,85.11.33.12,85.112.126.15,85.112.126.8,85.114.130.162,85.114.130.247,85.114.132.96,85.114.133.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (206)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500411; rev:2006;)
alert tcp [85.114.141.22,85.114.143.39,85.114.143.43,85.114.181.162,85.118.160.24,85.119.157.52,85.119.158.47,85.12.17.157,85.12.24.87,85.12.24.89,85.12.33.10,85.12.33.24,85.12.43.219,85.120.224.59,85.124.142.46,85.124.148.170,85.125.151.19,85.125.237.82,85.125.80.181,85.125.86.111,85.125.96.226,85.130.233.79,85.131.217.8,85.131.247.251,85.14.138.236,85.14.178.21,85.14.84.234,85.152.90.240,85.155.145.33,85.158.254.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (207)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500412; rev:2006;)
alert udp [85.114.141.22,85.114.143.39,85.114.143.43,85.114.181.162,85.118.160.24,85.119.157.52,85.119.158.47,85.12.17.157,85.12.24.87,85.12.24.89,85.12.33.10,85.12.33.24,85.12.43.219,85.120.224.59,85.124.142.46,85.124.148.170,85.125.151.19,85.125.237.82,85.125.80.181,85.125.86.111,85.125.96.226,85.130.233.79,85.131.217.8,85.131.247.251,85.14.138.236,85.14.178.21,85.14.84.234,85.152.90.240,85.155.145.33,85.158.254.155] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (207)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500413; rev:2006;)
alert tcp [85.17.10.189,85.17.138.39,85.17.138.8,85.17.148.201,85.17.154.86,85.17.183.147,85.17.19.205,85.17.211.12,85.17.212.11,85.17.250.240,85.17.36.108,85.17.59.138,85.17.90.77,85.17.92.134,85.17.92.141,85.17.92.35,85.17.92.9,85.17.94.5,85.18.107.165,85.18.135.252,85.18.163.174,85.18.73.187,85.180.119.53,85.186.255.54,85.187.47.253,85.190.44.176,85.193.59.43,85.199.179.22,85.201.160.202,85.207.237.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (208)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500414; rev:2006;)
alert udp [85.17.10.189,85.17.138.39,85.17.138.8,85.17.148.201,85.17.154.86,85.17.183.147,85.17.19.205,85.17.211.12,85.17.212.11,85.17.250.240,85.17.36.108,85.17.59.138,85.17.90.77,85.17.92.134,85.17.92.141,85.17.92.35,85.17.92.9,85.17.94.5,85.18.107.165,85.18.135.252,85.18.163.174,85.18.73.187,85.180.119.53,85.186.255.54,85.187.47.253,85.190.44.176,85.193.59.43,85.199.179.22,85.201.160.202,85.207.237.33] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (208)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500415; rev:2006;)
alert tcp [85.214.120.54,85.214.131.133,85.214.133.151,85.214.133.190,85.214.32.175,85.214.38.111,85.214.44.68,85.214.52.197,85.214.56.75,85.214.63.64,85.214.84.157,85.214.84.59,85.214.86.188,85.214.90.220,85.218.152.241,85.219.184.129,85.219.198.221,85.219.236.100,85.219.6.116,85.221.23.4,85.223.51.11,85.224.185.84,85.225.108.193,85.225.112.56,85.225.134.179,85.228.159.175,85.231.30.180,85.233.69.40,85.234.133.114,85.234.190.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (209)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500416; rev:2006;)
alert udp [85.214.120.54,85.214.131.133,85.214.133.151,85.214.133.190,85.214.32.175,85.214.38.111,85.214.44.68,85.214.52.197,85.214.56.75,85.214.63.64,85.214.84.157,85.214.84.59,85.214.86.188,85.214.90.220,85.218.152.241,85.219.184.129,85.219.198.221,85.219.236.100,85.219.6.116,85.221.23.4,85.223.51.11,85.224.185.84,85.225.108.193,85.225.112.56,85.225.134.179,85.228.159.175,85.231.30.180,85.233.69.40,85.234.133.114,85.234.190.52] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (209)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500417; rev:2006;)
alert tcp [85.239.208.226,85.24.138.219,85.24.165.206,85.24.184.118,85.249.223.151,85.25.124.189,85.25.135.189,85.25.141.122,85.25.52.49,85.255.194.163,85.31.107.14,85.31.187.32,85.37.38.220,85.67.214.76,85.77.237.200,85.92.137.214,85.92.138.206,85.92.139.133,85.92.139.192,85.92.139.194,85.92.144.102,85.92.146.193,85.93.146.154,85.94.160.143,86.101.228.141,86.110.192.77,86.110.67.42,86.110.96.29,86.111.244.181,86.111.245.183] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (210)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500418; rev:2006;)
alert udp [85.239.208.226,85.24.138.219,85.24.165.206,85.24.184.118,85.249.223.151,85.25.124.189,85.25.135.189,85.25.141.122,85.25.52.49,85.255.194.163,85.31.107.14,85.31.187.32,85.37.38.220,85.67.214.76,85.77.237.200,85.92.137.214,85.92.138.206,85.92.139.133,85.92.139.192,85.92.139.194,85.92.144.102,85.92.146.193,85.93.146.154,85.94.160.143,86.101.228.141,86.110.192.77,86.110.67.42,86.110.96.29,86.111.244.181,86.111.245.183] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (210)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500419; rev:2006;)
alert tcp [86.111.97.31,86.121.214.49,86.125.25.163,86.168.14.36,86.34.137.186,86.34.187.82,86.39.131.92,86.39.146.3,86.39.165.192,86.47.226.61,86.53.239.179,86.55.177.93,86.55.211.116,86.55.211.117,86.55.236.254,86.57.246.138,86.59.29.53,86.64.222.3,86.64.248.252,86.66.20.21,86.9.79.253,87.1.33.237,87.101.232.106,87.101.50.7,87.101.50.8,87.105.248.5,87.106.102.76,87.106.189.180,87.106.212.112,87.106.241.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (211)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500420; rev:2006;)
alert udp [86.111.97.31,86.121.214.49,86.125.25.163,86.168.14.36,86.34.137.186,86.34.187.82,86.39.131.92,86.39.146.3,86.39.165.192,86.47.226.61,86.53.239.179,86.55.177.93,86.55.211.116,86.55.211.117,86.55.236.254,86.57.246.138,86.59.29.53,86.64.222.3,86.64.248.252,86.66.20.21,86.9.79.253,87.1.33.237,87.101.232.106,87.101.50.7,87.101.50.8,87.105.248.5,87.106.102.76,87.106.189.180,87.106.212.112,87.106.241.9] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (211)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500421; rev:2006;)
alert tcp [87.106.254.55,87.106.4.125,87.106.5.82,87.106.59.162,87.106.65.83,87.106.86.155,87.106.99.106,87.107.20.5,87.107.20.8,87.110.220.5,87.117.200.206,87.117.205.9,87.118.100.7,87.118.104.89,87.118.106.243,87.118.112.236,87.118.112.46,87.118.112.71,87.118.114.243,87.118.116.95,87.118.123.94,87.118.203.43,87.118.82.57,87.118.84.17,87.118.87.217,87.118.88.109,87.118.88.74,87.118.90.222,87.118.94.137,87.118.98.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (212)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500422; rev:2006;)
alert udp [87.106.254.55,87.106.4.125,87.106.5.82,87.106.59.162,87.106.65.83,87.106.86.155,87.106.99.106,87.107.20.5,87.107.20.8,87.110.220.5,87.117.200.206,87.117.205.9,87.118.100.7,87.118.104.89,87.118.106.243,87.118.112.236,87.118.112.46,87.118.112.71,87.118.114.243,87.118.116.95,87.118.123.94,87.118.203.43,87.118.82.57,87.118.84.17,87.118.87.217,87.118.88.109,87.118.88.74,87.118.90.222,87.118.94.137,87.118.98.95] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (212)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500423; rev:2006;)
alert tcp [87.119.198.20,87.120.152.223,87.121.27.115,87.139.22.199,87.14.165.32,87.16.124.231,87.163.205.161,87.19.76.183,87.19.94.66,87.193.138.136,87.193.142.242,87.194.159.100,87.194.19.132,87.194.36.1,87.200.105.98,87.204.217.2,87.204.23.215,87.205.149.152,87.216.176.66,87.225.128.25,87.226.12.92,87.229.30.113,87.230.103.91,87.230.56.40,87.230.78.232,87.230.83.81,87.230.85.194,87.230.92.134,87.233.156.163,87.234.44.208] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (213)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500424; rev:2006;)
alert udp [87.119.198.20,87.120.152.223,87.121.27.115,87.139.22.199,87.14.165.32,87.16.124.231,87.163.205.161,87.19.76.183,87.19.94.66,87.193.138.136,87.193.142.242,87.194.159.100,87.194.19.132,87.194.36.1,87.200.105.98,87.204.217.2,87.204.23.215,87.205.149.152,87.216.176.66,87.225.128.25,87.226.12.92,87.229.30.113,87.230.103.91,87.230.56.40,87.230.78.232,87.230.83.81,87.230.85.194,87.230.92.134,87.233.156.163,87.234.44.208] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (213)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500425; rev:2006;)
alert tcp [87.236.232.109,87.236.232.111,87.236.232.18,87.237.106.195,87.237.184.108,87.237.56.233,87.238.75.118,87.24.9.163,87.240.72.77,87.242.73.96,87.242.98.199,87.244.206.3,87.246.53.11,87.249.108.9,87.3.146.251,87.3.32.99,87.5.220.171,87.54.134.250,87.56.181.14,87.56.252.158,87.60.133.149,87.63.36.152,87.69.12.66,87.86.238.221,87.96.215.3,87.96.215.6,87.97.30.25,87.97.96.79,87.98.253.89,88.100.93.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (214)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500426; rev:2006;)
alert udp [87.236.232.109,87.236.232.111,87.236.232.18,87.237.106.195,87.237.184.108,87.237.56.233,87.238.75.118,87.24.9.163,87.240.72.77,87.242.73.96,87.242.98.199,87.244.206.3,87.246.53.11,87.249.108.9,87.3.146.251,87.3.32.99,87.5.220.171,87.54.134.250,87.56.181.14,87.56.252.158,87.60.133.149,87.63.36.152,87.69.12.66,87.86.238.221,87.96.215.3,87.96.215.6,87.97.30.25,87.97.96.79,87.98.253.89,88.100.93.160] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (214)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500427; rev:2006;)
alert tcp [88.107.10.169,88.132.58.248,88.146.173.4,88.146.86.72,88.149.195.30,88.149.202.196,88.151.97.150,88.156.100.248,88.156.239.181,88.159.160.228,88.159.8.164,88.159.82.234,88.160.116.150,88.167.176.20,88.169.214.123,88.177.160.128,88.177.173.231,88.178.4.175,88.190.11.166,88.190.12.164,88.191.102.156,88.191.104.156,88.191.119.141,88.191.124.211,88.191.14.154,88.191.16.115,88.191.17.209,88.191.18.98,88.191.23.69,88.191.24.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (215)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500428; rev:2006;)
alert udp [88.107.10.169,88.132.58.248,88.146.173.4,88.146.86.72,88.149.195.30,88.149.202.196,88.151.97.150,88.156.100.248,88.156.239.181,88.159.160.228,88.159.8.164,88.159.82.234,88.160.116.150,88.167.176.20,88.169.214.123,88.177.160.128,88.177.173.231,88.178.4.175,88.190.11.166,88.190.12.164,88.191.102.156,88.191.104.156,88.191.119.141,88.191.124.211,88.191.14.154,88.191.16.115,88.191.17.209,88.191.18.98,88.191.23.69,88.191.24.39] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (215)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500429; rev:2006;)
alert tcp [88.191.30.24,88.191.37.200,88.191.38.208,88.191.50.140,88.191.63.231,88.191.68.82,88.191.71.10,88.191.73.174,88.191.73.232,88.191.77.125,88.191.77.215,88.191.79.37,88.191.83.8,88.191.92.122,88.191.92.243,88.191.93.244,88.191.94.204,88.191.94.244,88.191.94.64,88.191.95.217,88.198.13.233,88.198.14.155,88.198.14.53,88.198.204.12,88.198.25.138,88.198.250.165,88.198.28.14,88.198.32.114,88.198.33.104,88.198.33.87] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (216)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500430; rev:2006;)
alert udp [88.191.30.24,88.191.37.200,88.191.38.208,88.191.50.140,88.191.63.231,88.191.68.82,88.191.71.10,88.191.73.174,88.191.73.232,88.191.77.125,88.191.77.215,88.191.79.37,88.191.83.8,88.191.92.122,88.191.92.243,88.191.93.244,88.191.94.204,88.191.94.244,88.191.94.64,88.191.95.217,88.198.13.233,88.198.14.155,88.198.14.53,88.198.204.12,88.198.25.138,88.198.250.165,88.198.28.14,88.198.32.114,88.198.33.104,88.198.33.87] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (216)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500431; rev:2006;)
alert tcp [88.198.34.250,88.198.36.163,88.198.36.85,88.198.41.243,88.198.48.140,88.198.48.209,88.198.48.240,88.198.50.108,88.198.50.120,88.198.52.99,88.198.57.75,88.198.60.15,88.198.62.11,88.198.62.40,88.198.62.5,88.198.66.13,88.198.68.52,88.198.9.220,88.199.84.3,88.203.200.26,88.204.168.251,88.208.201.226,88.208.207.86,88.208.208.242,88.208.219.97,88.208.232.36,88.208.236.192,88.209.212.139,88.209.222.233,88.209.249.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (217)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500432; rev:2006;)
alert udp [88.198.34.250,88.198.36.163,88.198.36.85,88.198.41.243,88.198.48.140,88.198.48.209,88.198.48.240,88.198.50.108,88.198.50.120,88.198.52.99,88.198.57.75,88.198.60.15,88.198.62.11,88.198.62.40,88.198.62.5,88.198.66.13,88.198.68.52,88.198.9.220,88.199.84.3,88.203.200.26,88.204.168.251,88.208.201.226,88.208.207.86,88.208.208.242,88.208.219.97,88.208.232.36,88.208.236.192,88.209.212.139,88.209.222.233,88.209.249.225] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (217)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500433; rev:2006;)
alert tcp [88.212.3.2,88.214.193.108,88.214.193.116,88.214.193.141,88.214.193.216,88.214.193.35,88.214.193.74,88.214.194.28,88.214.205.18,88.222.116.19,88.233.9.252,88.245.103.84,88.248.153.142,88.248.50.13,88.255.131.82,88.255.225.103,88.255.239.62,88.26.176.95,88.26.206.74,88.41.48.170,88.44.214.142,88.46.90.90,88.49.255.210,88.55.61.35,88.56.189.226,88.69.182.109,88.80.0.102,88.80.6.178,88.81.165.2,88.84.137.198] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (218)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500434; rev:2006;)
alert udp [88.212.3.2,88.214.193.108,88.214.193.116,88.214.193.141,88.214.193.216,88.214.193.35,88.214.193.74,88.214.194.28,88.214.205.18,88.222.116.19,88.233.9.252,88.245.103.84,88.248.153.142,88.248.50.13,88.255.131.82,88.255.225.103,88.255.239.62,88.26.176.95,88.26.206.74,88.41.48.170,88.44.214.142,88.46.90.90,88.49.255.210,88.55.61.35,88.56.189.226,88.69.182.109,88.80.0.102,88.80.6.178,88.81.165.2,88.84.137.198] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (218)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500435; rev:2006;)
alert tcp [88.84.137.199,88.84.142.88,88.84.148.186,88.84.150.180,88.84.156.220,88.84.156.45,88.85.87.30,88.86.121.209,88.87.36.102,89.105.196.150,89.105.197.203,89.107.226.2,89.108.119.163,89.108.120.191,89.108.125.14,89.108.68.81,89.108.70.16,89.108.70.215,89.108.70.247,89.108.70.47,89.108.71.28,89.108.71.32,89.108.79.104,89.108.79.107,89.108.79.147,89.108.79.69,89.109.15.188,89.110.128.15,89.110.132.213,89.111.103.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (219)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500436; rev:2006;)
alert udp [88.84.137.199,88.84.142.88,88.84.148.186,88.84.150.180,88.84.156.220,88.84.156.45,88.85.87.30,88.86.121.209,88.87.36.102,89.105.196.150,89.105.197.203,89.107.226.2,89.108.119.163,89.108.120.191,89.108.125.14,89.108.68.81,89.108.70.16,89.108.70.215,89.108.70.247,89.108.70.47,89.108.71.28,89.108.71.32,89.108.79.104,89.108.79.107,89.108.79.147,89.108.79.69,89.109.15.188,89.110.128.15,89.110.132.213,89.111.103.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (219)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500437; rev:2006;)
alert tcp [89.111.184.202,89.111.184.93,89.111.185.100,89.111.185.102,89.111.185.106,89.111.185.125,89.111.185.181,89.111.185.190,89.111.185.43,89.111.185.77,89.111.189.5,89.111.189.8,89.113.247.109,89.115.178.75,89.116.50.113,89.117.4.29,89.120.99.187,89.121.248.205,89.122.154.234,89.128.183.23,89.133.17.148,89.137.242.138,89.138.4.202,89.139.96.93,89.143.128.171,89.143.69.8,89.145.96.166,89.145.97.25,89.146.153.9,89.146.18.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (220)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500438; rev:2006;)
alert udp [89.111.184.202,89.111.184.93,89.111.185.100,89.111.185.102,89.111.185.106,89.111.185.125,89.111.185.181,89.111.185.190,89.111.185.43,89.111.185.77,89.111.189.5,89.111.189.8,89.113.247.109,89.115.178.75,89.116.50.113,89.117.4.29,89.120.99.187,89.121.248.205,89.122.154.234,89.128.183.23,89.133.17.148,89.137.242.138,89.138.4.202,89.139.96.93,89.143.128.171,89.143.69.8,89.145.96.166,89.145.97.25,89.146.153.9,89.146.18.19] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (220)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500439; rev:2006;)
alert tcp [89.147.84.239,89.149.242.113,89.149.242.191,89.149.242.192,89.149.242.25,89.149.244.54,89.150.203.80,89.151.125.148,89.151.173.75,89.151.191.154,89.152.176.32,89.163.145.213,89.165.14.230,89.165.40.10,89.166.186.184,89.166.50.106,89.167.84.169,89.169.103.223,89.169.108.167,89.169.137.216,89.169.147.159,89.171.112.124,89.171.114.142,89.171.55.120,89.173.30.176,89.174.119.240,89.174.182.94,89.178.101.253,89.178.12.185,89.178.135.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (221)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500440; rev:2006;)
alert udp [89.147.84.239,89.149.242.113,89.149.242.191,89.149.242.192,89.149.242.25,89.149.244.54,89.150.203.80,89.151.125.148,89.151.173.75,89.151.191.154,89.152.176.32,89.163.145.213,89.165.14.230,89.165.40.10,89.166.186.184,89.166.50.106,89.167.84.169,89.169.103.223,89.169.108.167,89.169.137.216,89.169.147.159,89.171.112.124,89.171.114.142,89.171.55.120,89.173.30.176,89.174.119.240,89.174.182.94,89.178.101.253,89.178.12.185,89.178.135.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (221)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500441; rev:2006;)
alert tcp [89.178.14.204,89.178.236.223,89.178.27.43,89.18.16.68,89.18.189.170,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.185.193.116,89.185.210.155,89.185.229.22,89.185.245.160,89.186.103.148,89.187.135.26,89.187.41.6,89.188.107.42,89.19.20.2,89.19.29.60,89.19.5.196,89.19.5.234,89.19.8.250,89.191.224.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (222)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500442; rev:2006;)
alert udp [89.178.14.204,89.178.236.223,89.178.27.43,89.18.16.68,89.18.189.170,89.18.21.233,89.18.57.29,89.180.188.204,89.180.232.185,89.180.75.248,89.181.31.5,89.181.73.45,89.181.90.128,89.183.74.183,89.183.75.97,89.183.81.156,89.185.193.116,89.185.210.155,89.185.229.22,89.185.245.160,89.186.103.148,89.187.135.26,89.187.41.6,89.188.107.42,89.19.20.2,89.19.29.60,89.19.5.196,89.19.5.234,89.19.8.250,89.191.224.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (222)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500443; rev:2006;)
alert tcp [89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.20.140.7,89.200.169.79,89.200.171.46,89.201.210.64,89.202.203.114,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.100,89.208.146.181,89.208.146.193,89.208.155.66,89.21.55.190,89.210.180.128,89.214.76.185,89.214.88.63,89.214.99.96] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (223)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500444; rev:2006;)
alert udp [89.195.0.143,89.195.131.203,89.195.134.46,89.195.148.193,89.195.166.235,89.195.5.148,89.195.74.47,89.195.91.206,89.20.140.7,89.200.169.79,89.200.171.46,89.201.210.64,89.202.203.114,89.204.178.197,89.204.184.117,89.204.196.129,89.204.196.42,89.204.205.185,89.204.206.115,89.204.227.171,89.204.250.169,89.208.146.100,89.208.146.181,89.208.146.193,89.208.155.66,89.21.55.190,89.210.180.128,89.214.76.185,89.214.88.63,89.214.99.96] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (223)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500445; rev:2006;)
alert tcp [89.216.53.66,89.216.66.206,89.216.66.94,89.216.72.25,89.218.135.53,89.218.6.246,89.221.240.169,89.221.240.183,89.223.52.194,89.231.53.175,89.235.161.242,89.235.197.18,89.235.214.180,89.238.0.106,89.238.219.250,89.239.78.232,89.240.38.7,89.244.174.91,89.244.233.46,89.245.84.130,89.246.178.22,89.246.199.43,89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78,89.247.40.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (224)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500446; rev:2006;)
alert udp [89.216.53.66,89.216.66.206,89.216.66.94,89.216.72.25,89.218.135.53,89.218.6.246,89.221.240.169,89.221.240.183,89.223.52.194,89.231.53.175,89.235.161.242,89.235.197.18,89.235.214.180,89.238.0.106,89.238.219.250,89.239.78.232,89.240.38.7,89.244.174.91,89.244.233.46,89.245.84.130,89.246.178.22,89.246.199.43,89.246.56.24,89.246.60.157,89.247.113.28,89.247.115.21,89.247.155.119,89.247.158.190,89.247.160.78,89.247.40.22] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (224)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500447; rev:2006;)
alert tcp [89.247.57.254,89.248.169.110,89.248.174.30,89.248.248.51,89.248.82.93,89.248.86.114,89.249.3.203,89.250.112.130,89.250.112.244,89.250.114.102,89.250.190.12,89.250.195.254,89.250.29.8,89.251.128.55,89.252.8.2,89.253.155.27,89.253.238.249,89.254.129.58,89.28.4.60,89.29.116.98,89.3.83.180,89.31.144.172,89.31.144.208,89.32.94.94,89.33.140.53,89.33.145.137,89.35.137.58,89.36.206.81,89.36.6.252,89.36.86.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (225)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500448; rev:2006;)
alert udp [89.247.57.254,89.248.169.110,89.248.174.30,89.248.248.51,89.248.82.93,89.248.86.114,89.249.3.203,89.250.112.130,89.250.112.244,89.250.114.102,89.250.190.12,89.250.195.254,89.250.29.8,89.251.128.55,89.252.8.2,89.253.155.27,89.253.238.249,89.254.129.58,89.28.4.60,89.29.116.98,89.3.83.180,89.31.144.172,89.31.144.208,89.32.94.94,89.33.140.53,89.33.145.137,89.35.137.58,89.36.206.81,89.36.6.252,89.36.86.188] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (225)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500449; rev:2006;)
alert tcp [89.37.45.230,89.39.166.1,89.40.252.3,89.42.158.187,89.42.180.137,89.42.182.64,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.164.119,89.45.3.45,89.46.122.20,89.46.128.254,89.46.198.193,89.46.98.131,89.47.214.127,89.47.238.9,89.96.212.247,89.97.198.3,89.97.217.118,89.97.22.193,89.97.249.87,89.97.5.4,90.15.224.213,90.150.233.8,90.156.145.71,90.156.158.49,90.156.159.204,90.156.159.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (226)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500450; rev:2006;)
alert udp [89.37.45.230,89.39.166.1,89.40.252.3,89.42.158.187,89.42.180.137,89.42.182.64,89.43.210.94,89.43.213.77,89.43.219.232,89.43.59.135,89.45.164.119,89.45.3.45,89.46.122.20,89.46.128.254,89.46.198.193,89.46.98.131,89.47.214.127,89.47.238.9,89.96.212.247,89.97.198.3,89.97.217.118,89.97.22.193,89.97.249.87,89.97.5.4,90.15.224.213,90.150.233.8,90.156.145.71,90.156.158.49,90.156.159.204,90.156.159.54] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (226)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500451; rev:2006;)
alert tcp [90.156.208.65,90.156.210.185,90.156.210.62,90.156.211.175,90.156.211.178,90.156.211.243,90.156.212.31,90.169.64.92,90.177.104.183,90.178.78.98,90.182.90.186,90.183.101.182,90.183.9.150,90.184.84.152,90.186.58.207,90.190.106.15,90.191.231.113,90.220.11.19,90.231.213.27,90.52.1.156,91.0.246.6,91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.11.67.146,91.112.85.26,91.113.148.11,91.113.24.23,91.113.248.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (227)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500452; rev:2006;)
alert udp [90.156.208.65,90.156.210.185,90.156.210.62,90.156.211.175,90.156.211.178,90.156.211.243,90.156.212.31,90.169.64.92,90.177.104.183,90.178.78.98,90.182.90.186,90.183.101.182,90.183.9.150,90.184.84.152,90.186.58.207,90.190.106.15,90.191.231.113,90.220.11.19,90.231.213.27,90.52.1.156,91.0.246.6,91.1.214.82,91.1.253.208,91.10.198.181,91.10.222.138,91.11.67.146,91.112.85.26,91.113.148.11,91.113.24.23,91.113.248.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (227)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500453; rev:2006;)
alert tcp [91.113.26.222,91.115.111.242,91.117.107.226,91.117.124.26,91.12.54.167,91.12.70.189,91.12.84.193,91.121.147.142,91.121.221.90,91.121.221.94,91.121.75.81,91.121.81.192,91.121.94.24,91.121.96.212,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137,91.126.223.43,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98,91.138.22.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (228)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500454; rev:2006;)
alert udp [91.113.26.222,91.115.111.242,91.117.107.226,91.117.124.26,91.12.54.167,91.12.70.189,91.12.84.193,91.121.147.142,91.121.221.90,91.121.221.94,91.121.75.81,91.121.81.192,91.121.94.24,91.121.96.212,91.123.212.212,91.123.214.96,91.123.25.163,91.124.5.223,91.124.69.139,91.124.88.129,91.124.95.137,91.126.223.43,91.127.237.94,91.127.245.179,91.13.87.216,91.13.95.160,91.134.11.128,91.138.120.229,91.138.122.98,91.138.22.82] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (228)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500455; rev:2006;)
alert tcp [91.139.185.134,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254,91.142.242.60,91.143.105.39,91.143.222.122,91.144.96.197,91.145.5.73,91.146.161.20,91.148.91.50,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203,91.152.138.220,91.152.222.73,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84,91.154.239.93,91.154.244.162] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (229)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500456; rev:2006;)
alert udp [91.139.185.134,91.14.104.192,91.141.1.184,91.141.120.208,91.141.30.33,91.141.32.102,91.141.40.55,91.141.64.254,91.142.242.60,91.143.105.39,91.143.222.122,91.144.96.197,91.145.5.73,91.146.161.20,91.148.91.50,91.149.37.71,91.149.41.241,91.15.108.4,91.15.229.8,91.15.235.213,91.15.63.203,91.152.138.220,91.152.222.73,91.154.104.187,91.154.13.171,91.154.131.21,91.154.215.27,91.154.233.84,91.154.239.93,91.154.244.162] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (229)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500457; rev:2006;)
alert tcp [91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45,91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.183.58.190,91.184.4.139,91.184.56.166,91.185.8.152,91.186.1.160,91.188.122.89,91.188.124.144,91.188.59.197,91.188.59.50,91.188.60.179,91.189.113.11,91.189.121.30,91.189.70.73,91.189.82.183,91.189.82.225,91.19.59.86,91.190.224.160,91.190.227.82,91.191.20.122,91.191.54.125] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (230)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500458; rev:2006;)
alert udp [91.155.179.239,91.155.44.163,91.155.98.25,91.156.135.50,91.156.8.45,91.156.9.142,91.16.101.19,91.16.239.106,91.16.54.63,91.16.93.28,91.183.58.190,91.184.4.139,91.184.56.166,91.185.8.152,91.186.1.160,91.188.122.89,91.188.124.144,91.188.59.197,91.188.59.50,91.188.60.179,91.189.113.11,91.189.121.30,91.189.70.73,91.189.82.183,91.189.82.225,91.19.59.86,91.190.224.160,91.190.227.82,91.191.20.122,91.191.54.125] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (230)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500459; rev:2006;)
alert tcp [91.192.170.230,91.192.79.139,91.193.204.136,91.193.64.7,91.193.77.130,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24,91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31,91.194.0.32,91.194.0.33,91.194.0.40,91.194.0.5,91.194.177.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (231)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500460; rev:2006;)
alert udp [91.192.170.230,91.192.79.139,91.193.204.136,91.193.64.7,91.193.77.130,91.194.0.101,91.194.0.102,91.194.0.107,91.194.0.109,91.194.0.12,91.194.0.155,91.194.0.160,91.194.0.166,91.194.0.200,91.194.0.21,91.194.0.22,91.194.0.220,91.194.0.222,91.194.0.223,91.194.0.23,91.194.0.24,91.194.0.25,91.194.0.29,91.194.0.30,91.194.0.31,91.194.0.32,91.194.0.33,91.194.0.40,91.194.0.5,91.194.177.211] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (231)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500461; rev:2006;)
alert tcp [91.194.75.146,91.194.75.147,91.195.214.12,91.195.60.238,91.196.107.83,91.196.115.52,91.196.53.104,91.197.129.102,91.197.129.117,91.197.129.205,91.197.129.24,91.198.105.78,91.198.106.196,91.198.127.68,91.199.198.21,91.199.4.242,91.2.179.21,91.200.41.72,91.201.253.125,91.201.52.136,91.202.161.134,91.203.132.163,91.203.170.38,91.203.216.57,91.204.161.90,91.205.173.108,91.205.188.15,91.205.43.184,91.205.62.178,91.205.74.7] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (232)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500462; rev:2006;)
alert udp [91.194.75.146,91.194.75.147,91.195.214.12,91.195.60.238,91.196.107.83,91.196.115.52,91.196.53.104,91.197.129.102,91.197.129.117,91.197.129.205,91.197.129.24,91.198.105.78,91.198.106.196,91.198.127.68,91.199.198.21,91.199.4.242,91.2.179.21,91.200.41.72,91.201.253.125,91.201.52.136,91.202.161.134,91.203.132.163,91.203.170.38,91.203.216.57,91.204.161.90,91.205.173.108,91.205.188.15,91.205.43.184,91.205.62.178,91.205.74.7] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (232)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500463; rev:2006;)
alert tcp [91.206.30.52,91.206.30.54,91.206.30.56,91.206.42.26,91.206.42.34,91.207.102.26,91.207.103.32,91.207.220.74,91.207.230.32,91.207.5.234,91.207.99.20,91.208.142.21,91.209.238.28,91.209.90.203,91.21.80.93,91.210.129.40,91.210.151.102,91.210.181.90,91.210.193.19,91.210.194.222,91.210.58.48,91.211.100.138,91.211.117.144,91.211.119.176,91.211.19.68,91.211.245.63,91.212.143.15,91.212.198.173,91.212.213.3,91.212.219.136] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (233)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500464; rev:2006;)
alert udp [91.206.30.52,91.206.30.54,91.206.30.56,91.206.42.26,91.206.42.34,91.207.102.26,91.207.103.32,91.207.220.74,91.207.230.32,91.207.5.234,91.207.99.20,91.208.142.21,91.209.238.28,91.209.90.203,91.21.80.93,91.210.129.40,91.210.151.102,91.210.181.90,91.210.193.19,91.210.194.222,91.210.58.48,91.211.100.138,91.211.117.144,91.211.119.176,91.211.19.68,91.211.245.63,91.212.143.15,91.212.198.173,91.212.213.3,91.212.219.136] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (233)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500465; rev:2006;)
alert tcp [91.212.220.30,91.212.41.14,91.213.117.195,91.213.117.80,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.214.168.67,91.214.45.188,91.215.218.38,91.215.243.162,91.216.141.144,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80,91.218.228.15,91.218.38.161,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136,91.3.110.104,91.33.236.34,91.33.77.248] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (234)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500466; rev:2006;)
alert udp [91.212.220.30,91.212.41.14,91.213.117.195,91.213.117.80,91.213.174.10,91.213.174.107,91.213.174.115,91.213.174.19,91.213.174.220,91.213.174.6,91.213.174.9,91.214.168.67,91.214.45.188,91.215.218.38,91.215.243.162,91.216.141.144,91.216.215.100,91.216.215.66,91.216.215.71,91.216.215.77,91.216.215.80,91.218.228.15,91.218.38.161,91.22.67.90,91.22.93.221,91.23.97.191,91.3.106.136,91.3.110.104,91.33.236.34,91.33.77.248] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (234)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500467; rev:2006;)
alert tcp [91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164,91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202,91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254,91.39.157.201,91.39.165.96,91.39.166.90] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (235)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500468; rev:2006;)
alert udp [91.34.185.224,91.35.111.84,91.35.127.178,91.35.99.93,91.36.180.155,91.36.194.90,91.36.212.81,91.36.254.108,91.37.106.164,91.37.111.207,91.37.112.20,91.37.118.8,91.37.119.28,91.37.123.166,91.37.199.127,91.37.216.58,91.37.224.82,91.37.253.135,91.37.70.129,91.37.71.87,91.38.118.202,91.38.14.249,91.38.53.70,91.38.64.58,91.38.68.169,91.38.71.177,91.38.89.254,91.39.157.201,91.39.165.96,91.39.166.90] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (235)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500469; rev:2006;)
alert tcp [91.39.19.100,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138,91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246,91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186,91.62.127.134,91.62.80.76,91.62.84.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (236)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500470; rev:2006;)
alert udp [91.39.19.100,91.39.33.250,91.39.50.129,91.4.120.188,91.40.106.212,91.40.196.236,91.40.226.138,91.40.237.56,91.40.247.79,91.40.61.146,91.42.202.209,91.42.237.35,91.44.202.241,91.44.202.73,91.44.239.244,91.45.102.108,91.49.121.55,91.49.95.130,91.5.200.86,91.50.242.101,91.52.214.246,91.52.248.128,91.52.254.113,91.54.68.9,91.54.79.125,91.58.122.72,91.60.115.186,91.62.127.134,91.62.80.76,91.62.84.139] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (236)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500471; rev:2006;)
alert tcp [91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.75.175.88,91.82.251.7,91.83.14.177,91.83.156.191,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.9.189.147,91.9.190.121,91.9.201.200,91.9.228.204,91.90.51.6,91.91.206.40,91.91.206.77,91.95.222.47,91.99.98.150,92.103.187.108,92.104.186.251,92.126.140.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (237)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500472; rev:2006;)
alert udp [91.62.88.7,91.63.107.137,91.63.112.174,91.64.232.212,91.7.108.202,91.7.92.10,91.75.175.88,91.82.251.7,91.83.14.177,91.83.156.191,91.84.180.127,91.86.242.194,91.87.146.15,91.87.146.29,91.87.148.173,91.87.156.51,91.87.158.232,91.89.228.210,91.9.189.147,91.9.190.121,91.9.201.200,91.9.228.204,91.90.51.6,91.91.206.40,91.91.206.77,91.95.222.47,91.99.98.150,92.103.187.108,92.104.186.251,92.126.140.138] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (237)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500473; rev:2006;)
alert tcp [92.128.94.192,92.198.14.157,92.224.136.204,92.240.234.34,92.240.68.153,92.241.190.191,92.242.121.254,92.242.223.210,92.243.113.90,92.243.26.100,92.243.4.63,92.243.5.22,92.243.5.253,92.243.6.25,92.243.75.90,92.243.78.110,92.243.8.203,92.243.8.94,92.243.84.123,92.243.84.17,92.243.84.22,92.243.84.44,92.243.84.82,92.245.96.228,92.247.13.254,92.249.212.38,92.36.17.13,92.36.181.165,92.36.80.91,92.37.241.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (238)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500474; rev:2006;)
alert udp [92.128.94.192,92.198.14.157,92.224.136.204,92.240.234.34,92.240.68.153,92.241.190.191,92.242.121.254,92.242.223.210,92.243.113.90,92.243.26.100,92.243.4.63,92.243.5.22,92.243.5.253,92.243.6.25,92.243.75.90,92.243.78.110,92.243.8.203,92.243.8.94,92.243.84.123,92.243.84.17,92.243.84.22,92.243.84.44,92.243.84.82,92.245.96.228,92.247.13.254,92.249.212.38,92.36.17.13,92.36.181.165,92.36.80.91,92.37.241.58] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (238)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500475; rev:2006;)
alert tcp [92.38.229.94,92.38.233.26,92.42.250.227,92.46.135.121,92.46.212.223,92.46.98.61,92.47.14.11,92.47.20.115,92.48.101.35,92.48.121.7,92.51.132.242,92.51.133.31,92.51.146.72,92.51.147.164,92.51.155.111,92.51.155.36,92.51.155.44,92.51.157.84,92.53.106.14,92.55.72.3,92.60.176.41,92.60.177.241,92.61.149.248,92.61.33.178,92.61.36.103,92.61.37.188,92.63.103.182,92.63.104.27,92.63.106.184,92.63.107.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (239)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500476; rev:2006;)
alert udp [92.38.229.94,92.38.233.26,92.42.250.227,92.46.135.121,92.46.212.223,92.46.98.61,92.47.14.11,92.47.20.115,92.48.101.35,92.48.121.7,92.51.132.242,92.51.133.31,92.51.146.72,92.51.147.164,92.51.155.111,92.51.155.36,92.51.155.44,92.51.157.84,92.53.106.14,92.55.72.3,92.60.176.41,92.60.177.241,92.61.149.248,92.61.33.178,92.61.36.103,92.61.37.188,92.63.103.182,92.63.104.27,92.63.106.184,92.63.107.126] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (239)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500477; rev:2006;)
alert tcp [92.66.90.226,92.74.19.115,92.85.147.249,93.100.105.183,93.114.41.54,93.124.82.232,93.138.35.48,93.139.0.32,93.148.18.126,93.153.189.85,93.155.164.63,93.160.56.156,93.167.196.59,93.17.197.44,93.183.203.38,93.183.203.60,93.184.6.67,93.184.66.202,93.184.66.209,93.184.69.222,93.184.78.10,93.186.104.46,93.186.126.179,93.186.126.250,93.186.126.43,93.186.176.81,93.186.177.95,93.186.192.131,93.186.201.50,93.186.60.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (240)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500478; rev:2006;)
alert udp [92.66.90.226,92.74.19.115,92.85.147.249,93.100.105.183,93.114.41.54,93.124.82.232,93.138.35.48,93.139.0.32,93.148.18.126,93.153.189.85,93.155.164.63,93.160.56.156,93.167.196.59,93.17.197.44,93.183.203.38,93.183.203.60,93.184.6.67,93.184.66.202,93.184.66.209,93.184.69.222,93.184.78.10,93.186.104.46,93.186.126.179,93.186.126.250,93.186.126.43,93.186.176.81,93.186.177.95,93.186.192.131,93.186.201.50,93.186.60.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (240)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500479; rev:2006;)
alert tcp [93.187.141.43,93.187.168.35,93.187.168.57,93.41.63.189,93.63.56.95,93.80.7.87,93.84.112.229,93.86.62.147,93.89.10.142,93.89.208.162,93.90.183.162,93.91.156.1,93.91.168.202,93.94.228.181,93.95.100.87,93.97.20.155,93.97.52.166,94.101.180.3,94.101.44.1,94.102.1.218,94.102.11.236,94.102.13.83,94.102.14.50,94.102.14.74,94.102.15.235,94.102.208.254,94.102.208.59,94.102.209.244,94.102.210.187,94.102.210.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (241)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500480; rev:2006;)
alert udp [93.187.141.43,93.187.168.35,93.187.168.57,93.41.63.189,93.63.56.95,93.80.7.87,93.84.112.229,93.86.62.147,93.89.10.142,93.89.208.162,93.90.183.162,93.91.156.1,93.91.168.202,93.94.228.181,93.95.100.87,93.97.20.155,93.97.52.166,94.101.180.3,94.101.44.1,94.102.1.218,94.102.11.236,94.102.13.83,94.102.14.50,94.102.14.74,94.102.15.235,94.102.208.254,94.102.208.59,94.102.209.244,94.102.210.187,94.102.210.221] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (241)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500481; rev:2006;)
alert tcp [94.102.210.65,94.102.211.101,94.102.211.127,94.102.211.195,94.102.211.99,94.102.212.110,94.102.212.195,94.102.212.220,94.102.212.221,94.102.212.226,94.102.212.236,94.102.212.25,94.102.212.58,94.102.212.72,94.102.212.8,94.102.212.93,94.102.49.76,94.102.52.47,94.102.6.219,94.102.63.12,94.102.7.154,94.111.33.242,94.111.43.146,94.112.244.34,94.125.244.152,94.125.49.82,94.125.50.219,94.126.18.216,94.126.40.154,94.127.67.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (242)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500482; rev:2006;)
alert udp [94.102.210.65,94.102.211.101,94.102.211.127,94.102.211.195,94.102.211.99,94.102.212.110,94.102.212.195,94.102.212.220,94.102.212.221,94.102.212.226,94.102.212.236,94.102.212.25,94.102.212.58,94.102.212.72,94.102.212.8,94.102.212.93,94.102.49.76,94.102.52.47,94.102.6.219,94.102.63.12,94.102.7.154,94.111.33.242,94.111.43.146,94.112.244.34,94.125.244.152,94.125.49.82,94.125.50.219,94.126.18.216,94.126.40.154,94.127.67.103] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (242)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500483; rev:2006;)
alert tcp [94.127.68.70,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.36.89,94.137.188.138,94.137.27.33,94.137.42.5,94.137.48.197,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.141.144.240,94.141.149.89,94.141.29.103,94.142.233.72,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1,94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76,94.153.181.216,94.153.183.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (243)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500484; rev:2006;)
alert udp [94.127.68.70,94.128.29.7,94.128.94.149,94.134.101.228,94.134.174.103,94.136.36.89,94.137.188.138,94.137.27.33,94.137.42.5,94.137.48.197,94.137.64.82,94.139.10.238,94.139.138.194,94.139.207.120,94.139.207.59,94.141.144.240,94.141.149.89,94.141.29.103,94.142.233.72,94.142.37.140,94.142.45.118,94.142.48.8,94.142.51.1,94.142.54.98,94.142.56.79,94.143.53.83,94.153.176.136,94.153.176.76,94.153.181.216,94.153.183.251] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (243)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500485; rev:2006;)
alert tcp [94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.178.109.7,94.178.252.233,94.179.45.214,94.180.69.139,94.180.78.251,94.181.12.143,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82,94.197.194.33,94.197.226.58,94.197.23.2,94.197.247.133,94.198.240.126,94.198.81.140,94.198.99.64,94.209.45.46,94.21.14.23,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138,94.219.65.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (244)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500486; rev:2006;)
alert udp [94.156.122.89,94.156.34.31,94.156.35.160,94.158.101.136,94.178.109.7,94.178.252.233,94.179.45.214,94.180.69.139,94.180.78.251,94.181.12.143,94.196.150.91,94.196.151.22,94.196.221.121,94.197.10.10,94.197.120.82,94.197.194.33,94.197.226.58,94.197.23.2,94.197.247.133,94.198.240.126,94.198.81.140,94.198.99.64,94.209.45.46,94.21.14.23,94.21.48.163,94.218.200.80,94.218.255.14,94.219.145.145,94.219.15.138,94.219.65.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (244)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500487; rev:2006;)
alert tcp [94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.48.66,94.222.166.57,94.222.216.118,94.228.210.218,94.228.212.200,94.228.215.225,94.229.35.150,94.229.36.234,94.229.85.89,94.229.93.163,94.230.17.242,94.230.37.0,94.230.38.189,94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.237.121.102,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191,94.243.91.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (245)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500488; rev:2006;)
alert udp [94.219.67.236,94.219.91.252,94.22.107.250,94.22.11.235,94.220.48.66,94.222.166.57,94.222.216.118,94.228.210.218,94.228.212.200,94.228.215.225,94.229.35.150,94.229.36.234,94.229.85.89,94.229.93.163,94.230.17.242,94.230.37.0,94.230.38.189,94.230.45.30,94.231.54.87,94.231.77.9,94.232.189.15,94.232.189.42,94.237.121.102,94.240.205.214,94.241.210.119,94.243.115.87,94.243.118.22,94.243.123.40,94.243.81.191,94.243.91.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (245)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500489; rev:2006;)
alert tcp [94.243.92.120,94.243.99.213,94.244.1.12,94.245.201.81,94.245.233.45,94.245.240.130,94.246.211.166,94.248.145.119,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.26.2.18,94.28.82.90,94.30.220.31,94.32.68.12,94.33.10.97,94.40.11.195,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.51.137.177,94.52.219.53,94.52.221.11,94.53.12.138,94.54.1.36,94.55.5.232,94.59.120.99,94.66.208.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (246)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500490; rev:2006;)
alert udp [94.243.92.120,94.243.99.213,94.244.1.12,94.245.201.81,94.245.233.45,94.245.240.130,94.246.211.166,94.248.145.119,94.251.130.238,94.251.140.6,94.251.192.232,94.251.204.107,94.26.2.18,94.28.82.90,94.30.220.31,94.32.68.12,94.33.10.97,94.40.11.195,94.45.174.10,94.45.184.59,94.47.137.10,94.50.184.245,94.51.137.177,94.52.219.53,94.52.221.11,94.53.12.138,94.54.1.36,94.55.5.232,94.59.120.99,94.66.208.108] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (246)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500491; rev:2006;)
alert tcp [94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84,94.73.48.201,94.73.9.218,94.74.248.8,94.75.207.115,94.75.209.167,94.75.210.40,94.75.213.129,94.75.213.156,94.75.229.207,94.75.229.230,94.75.242.71,94.76.107.120,94.76.204.102,94.76.204.199,94.76.206.30,94.76.246.101,94.76.249.99,94.76.250.85,94.80.140.91,94.80.41.174,94.85.20.50,94.85.213.34,95.0.180.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (247)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500492; rev:2006;)
alert udp [94.71.250.52,94.72.2.36,94.72.4.238,94.72.98.38,94.72.99.25,94.73.109.197,94.73.29.84,94.73.48.201,94.73.9.218,94.74.248.8,94.75.207.115,94.75.209.167,94.75.210.40,94.75.213.129,94.75.213.156,94.75.229.207,94.75.229.230,94.75.242.71,94.76.107.120,94.76.204.102,94.76.204.199,94.76.206.30,94.76.246.101,94.76.249.99,94.76.250.85,94.80.140.91,94.80.41.174,94.85.20.50,94.85.213.34,95.0.180.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (247)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500493; rev:2006;)
alert tcp [95.0.85.118,95.105.180.109,95.110.224.230,95.128.245.35,95.131.89.114,95.132.35.241,95.141.226.37,95.146.116.219,95.154.113.9,95.154.229.217,95.156.192.31,95.156.202.120,95.156.202.92,95.168.177.103,95.169.190.139,95.169.190.235,95.170.221.13,95.170.64.177,95.176.158.244,95.211.0.93,95.211.113.247,95.211.118.150,95.211.118.153,95.211.129.181,95.211.129.43,95.211.129.96,95.211.130.79,95.211.19.162,95.211.52.140,95.211.85.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (248)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500494; rev:2006;)
alert udp [95.0.85.118,95.105.180.109,95.110.224.230,95.128.245.35,95.131.89.114,95.132.35.241,95.141.226.37,95.146.116.219,95.154.113.9,95.154.229.217,95.156.192.31,95.156.202.120,95.156.202.92,95.168.177.103,95.169.190.139,95.169.190.235,95.170.221.13,95.170.64.177,95.176.158.244,95.211.0.93,95.211.113.247,95.211.118.150,95.211.118.153,95.211.129.181,95.211.129.43,95.211.129.96,95.211.130.79,95.211.19.162,95.211.52.140,95.211.85.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (248)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500495; rev:2006;)
alert tcp [95.211.87.202,95.211.98.147,95.211.99.137,95.215.1.6,95.215.36.5,95.215.68.18,95.244.235.24,95.26.36.246,95.27.34.195,95.29.90.61,95.48.25.90,95.52.181.38,95.56.158.69,95.56.230.22,95.56.239.66,95.57.251.209,95.58.122.98,95.59.47.131,95.62.147.8,95.65.92.173,95.67.192.47,95.74.64.182,95.83.3.17,95.88.20.8,95.90.78.66,95.95.168.49,95.95.32.160,96.237.178.82,96.4.191.21,96.48.38.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (249)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500496; rev:2006;)
alert udp [95.211.87.202,95.211.98.147,95.211.99.137,95.215.1.6,95.215.36.5,95.215.68.18,95.244.235.24,95.26.36.246,95.27.34.195,95.29.90.61,95.48.25.90,95.52.181.38,95.56.158.69,95.56.230.22,95.56.239.66,95.57.251.209,95.58.122.98,95.59.47.131,95.62.147.8,95.65.92.173,95.67.192.47,95.74.64.182,95.83.3.17,95.88.20.8,95.90.78.66,95.95.168.49,95.95.32.160,96.237.178.82,96.4.191.21,96.48.38.230] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (249)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500497; rev:2006;)
alert tcp [96.57.192.253,96.57.252.11,96.57.99.74,96.9.186.245,97.100.186.88,97.107.134.58,97.107.135.103,97.107.141.136,97.67.249.162,97.79.131.69,97.86.80.130,97.86.95.234,98.124.198.1,98.124.92.182,98.126.77.227,98.129.178.9,98.141.177.115,98.143.145.40,98.144.99.157,98.172.116.2,98.197.179.69,98.247.187.116,98.30.253.72,99.140.221.21,99.142.5.35,99.156.194.15,99.159.118.10,99.16.175.96,99.226.47.246,99.236.71.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (250)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500498; rev:2006;)
alert udp [96.57.192.253,96.57.252.11,96.57.99.74,96.9.186.245,97.100.186.88,97.107.134.58,97.107.135.103,97.107.141.136,97.67.249.162,97.79.131.69,97.86.80.130,97.86.95.234,98.124.198.1,98.124.92.182,98.126.77.227,98.129.178.9,98.141.177.115,98.143.145.40,98.144.99.157,98.172.116.2,98.197.179.69,98.247.187.116,98.30.253.72,99.140.221.21,99.142.5.35,99.156.194.15,99.159.118.10,99.16.175.96,99.226.47.246,99.236.71.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (250)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500499; rev:2006;)