IDS Europe - Documents and data

This web page is a collection of documentation & data supporting the IDS-Europe mailing list.

Available Documents

Arrigo's GnuPG key (24/06/2001).
Mailing list rules and subscription information for IDS-Europe (13/01/2003).
Daily Snort summary generated daily at 16:30 UK time (GMT or GMT+1 in summer)
[HTML using snort_stat.pl]
Log from Sub7 honeypot
Root CA certificate to validate SSL certificates from this site (including TLS SMTP)

Snort rules being used (as a tar.gz file) [from 28/05/2004]
MD5 checksum a28c1b07f6988fb032ba93ddaf55ee8b
portscan data covering the period from 15/03/2004 to 28/05/2004
MD5 checksum 3fd5f487fe97691d3dca66f40c4e69c8
Snort rules being used (as a tar.gz file)
MD5 checksum bb043c51a80313761c17dd9641afaf25
Snort data (binary TCPdump format) (27/05/2004->28/05/2004)
MD5 checksum 2d1265b1bafa4fcc43227dcc1f61c2a2
Snort data (binary TCPdump format) (15/03/2004->27/05/2004)
MD5 checksum a467a86ac16ac69455cf3e6c1e07bde0
Snort data (binary TCPdump format) (24/02/2004->15/03/2004)
MD5 checksum b9d4e504c4c3dedfeb64dcbfcc0443f8
Snort data (binary TCPdump format) (21/02/2004->24/02/2004)
MD5 checksum 4215c3af9d62843ce29626132781638b
Snort data (binary TCPdump format) (20/02/2004->21/02/2004)
MD5 checksum b9178738ae0d50494f92f92bf33167ea
Snort data (binary TCPdump format) (15/02/2004->20/02/2004)
MD5 checksum e81b42eb46b6adb59827fe8367e62ad5
Snort data (binary TCPdump format) (07/01/2004->15/02/2004)
MD5 checksum 190f8f22ab2c0b758ce8fc8b25ec888b

Snort data (binary TCPdump format) (12/12/2003->07/01/2004)
MD5 checksum e29c59ff0f588f60117ab162a0e67e39
Snort data (binary TCPdump format) (16/11/2003->12/12/2003)
MD5 checksum 4b7f31e07998027f5f9ba5e857e5f0cc
Snort data (binary TCPdump format) (06/10/2003->16/11/2003)
MD5 checksum 746646aced20f4fbdb5afb75c1ea2c93
Snort data (binary TCPdump format) (01/10/2003->06/10/2003)
MD5 checksum 92d60eff48c7596053bde7771f6dee19
Snort rules being used (as a tar.gz file)
MD5 checksum dac63fa9812b9fd5360b8dd0b97874cf

portscan data covering the period from 19/08/2003 to 01/10/2003
MD5 checksum 7f06a9d559bab00767602b9eac4646fe
Snort data (binary TCPdump format) (19/08/2003->01/10/2003)
MD5 checksum b2eb07fab64a818c8921880f0e9db72b
Snort data (binary TCPdump format) (04/08/2003->19/08/2003)
MD5 checksum 883125ecd955761553dec5325f36fbc8
Snort rules being used (as a tar.gz file) as of 04/08/2003
MD5 checksum 28ce93c8aaea0c99f8b973d4d5b02abc
portscan data covering the period from 28/07/2003->19/08/2003
MD5 checksum ae74b9473af59964d8704da534ba8e8c
Snort data (binary TCPdump format) (28/07/2003->04/08/2003)
MD5 checksum 9b961794b95c4947412d13fb4a40ffdf
Snort rules being used (as a tar.gz file)
MD5 checksum 2295c5949c08e1828374c8f127d8d1bf

portscan data covering the installation period of this version of snort
MD5 checksum c440b121931655814a56eaa7c379884c
Snort data (binary TCPdump format) (25/07/2003->28/07/2003)
MD5 checksum c75c1f1bd0c3535bfcf4a28cf5048b12
Snort data (binary TCPdump format) (09/07/2003->25/07/2003)
MD5 checksum a177315c2836d9d9a69a8f9e5b7f9d78
Snort rules being used (as a tar.gz file)
MD5 checksum 563d91b7dca987d3252abf3c14bb489d

portscan data covering the installation period of this version of snort
MD5 checksum 3dbfebfc3b0c451dde904b76cbf66abe
Snort data (binary TCPdump format) (04/03/2003->09/07/2003)
MD5 checksum b706f1b9e0056a2e82fb7f66d8f2c450
Note: 28Mb, not for the faint of heart on a modem!
Snort rules being used (as a tar.gz file)
MD5 checksum a786988639983d2f4a8590ff3e525e02

portscan data covering the installation period of this version of snort
MD5 checksum 59354cdb1ba387446cd2ce0d3154b34a
Snort data (binary TCPdump format) (28/01/2003->04/03/2003)
MD5 checksum d7dc87244cbe4ba0e5ddb924b8ab6d89
Snort rules being used (as a tar.gz file) [changed 28/01/2003]
Note that these are based on the official Snort rules
Snort data (binary TCPdump format) (27/01/2003->28/01/2003)
MD5 checksum fcb4bfba0bd02c540d80169451ce0f02
Snort data (binary TCPdump format) (04/12/2002->27/01/2003)
MD5 checksum d16be361addd1939cc077af3451e577b
Snort data (binary TCPdump format) (23/11/2002->04/12/2002)
MD5 checksum 54145e8e205c1029bc5fcb282062b185
Snort data (binary TCPdump format) (14/11/2002->23/11/2002)
MD5 checksum 71a1ccb1361ea7fc14afe556eb9e0a05
Snort data (binary TCPdump format) (24/10/2002->14/11/2002)
MD5 checksum 6b2eeae953fa2321d37de466eec5de6f
Scan log data (portscan2)
MD5 checksum ff79a628a44f9d80c53f824f059a5b15
Snort rules being used (as a tar.gz file)

Snort data (binary TCPdump format) (08/10/2002->14/10/2002)
MD5 checksum 2f02782fe742ce1ba4b4a1e149e68547
Snort data (binary TCPdump format) (08/10/2002->14/10/2002)
MD5 checksum 59f457b7ab7cf44a0583122353765587
Snort data (binary TCPdump format) (15/09/2002->08/10/2002)
MD5 checksum e08d80a47a838a52a2241db209607f34

Snort data (binary TCPdump format) (03/08/2002->15/09/2002)
MD5 checksum 045ecdbed71fb5627c457694b2be2656
Snort data (binary TCPdump format) (28/07/2002->03/08/2002)
MD5 checksum ea6962ec560ed2fca8275a1cde1bd09f
Snort data (binary TCPdump format) (25/06/2002->28/06/2002)
MD5 checksum 74ef9bd629cbc7c4c13cd6fd1a43a0fa
Short due to rules change & restart of Snort
Snort data (binary TCPdump format) (23/05/2002->25/06/2002)
MD5 checksum 32d3856070d33f11fe0daf7557c2b457
Snort rules being used (as a tar.gz file)

Snort data (binary TCPdump format) (11/05/2002->23/05/2002)
MD5 checksum 4da0e4859cff034967890c8153c76cfc
Snort data (binary TCPdump format) (24/04/2002->11/05/2002)
MD5 checksum 0eab650ca985d2b4e5d49b8f9de95c14
Snort data (binary TCPdump format) (05/04/2002->24/04/2002)
MD5 checksum 0a3eeccd9803e4ec4c56867da461e8f5
Snort rules being used (as a tar.gz file)

SNMP Alert: Go and patch your SNMP (see CERT advisory)

Snort data (binary TCPdump format) (13/02/2002->27/02/2002)
MD5 checksum 834a64d72e7279783f58e87e2d1f5c67
Snort data (binary TCPdump format) (11/01/2002->13/02/2002)
MD5 checksum c6f4c35a18e140f62723ada72e114dd1
Snort data (binary TCPdump format) (08/01/2002->11/01/2002)
MD5 checksum d67b7a69856d7ed694c3029ee64fc17a
Snort data (binary TCPdump format) (07/01/2002->08/01/2002)
MD5 checksum 33378d7afbd6601a9a32e23c3e8ff403
Snort data (binary TCPdump format) (07/01/2002->07/01/2002)
MD5 checksum db3b2ed1b9af669c3ebd648b20995bca
Snort data (binary TCPdump format) (06/11/2001->07/01/2002)
MD5 checksum d11e2d8071b2a1333e5de970dea075d5
Snort rules being used (as a tar.gz file)
Note that the file local.conf which is referenced but not included is used to mask out legitimate but private traffic.

Snort data (binary TCPdump format) (18/10/2001->05/11/2001)
MD5 checksum c392692a21c139d9598f389fd36e7fb2
10Mb of data, not for modem download
Snort data (binary TCPdump format) (26/09/2001->14/10/2001)
MD5 checksum 949777bcdb7683969991ec7f1088e7ee
Snort data (binary TCPdump format) (04/09/2001->26/09/2001)
MD5 checksum 9e565918b8e70b4a3690ce5b2dbf2f55
Snort portscan data (text only) (04/09/2001 -> 11/10/2001)
MD5 checksum fdc7b2f85f6c4084f015ea2efa759b82

Snort data (binary TCPdump format) (6/7/2001 -> 02/09/2001)
MD5 checksum 34069e4cdd27873b4f67275874872da5
Snort data (binary TCPdump format) (28/6/2001 -> 6/7/2001)
MD5 checksum 0cb75e13973927a4f4592d9cdf86197c
Snort data (binary TCPdump format) (24/6/2001 -> 28/6/2001)
MD5 checksum 5f3a3c23b495a8114faa0b6e6e08ac87
Snort portscan data (text only) (24/6/2001 -> 02/09/2001)
MD5 checksum d372de769b44435887400d1de5b60b65
Snort rules being used:
Please note that snort.lib references a file which is not included in the above set - this masks out private and legitimate traffic from the data you are being provided with. There are no additional "alert" rules there, only "pass" rules.

Last Modified 07/06/2005 Arrigo