#
# $Id: emerging-drop.rules $
# Emerging Threats Spamhaus DROP List rules.
#
# Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2020, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 2793


#  Generated 2021-01-10 00:05:02 EDT

alert ip [2.59.200.0/22,5.134.128.0/19,5.180.4.0/22,5.181.84.0/22,5.183.60.0/22,5.188.10.0/23,24.137.16.0/20,24.170.208.0/20,24.233.0.0/19,24.236.0.0/19,27.126.160.0/20,27.146.0.0/16,31.14.65.0/24,31.14.66.0/23,31.40.156.0/22,31.40.164.0/22,36.0.8.0/21,36.37.48.0/20,36.116.0.0/16,36.119.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 1"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400000; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [42.0.32.0/19,42.1.128.0/17,42.96.0.0/18,42.128.0.0/12,42.160.0.0/12,42.194.128.0/17,42.208.0.0/12,43.229.52.0/22,43.236.0.0/16,43.250.116.0/22,43.252.80.0/22,45.4.128.0/22,45.4.136.0/22,45.6.48.0/22,45.9.148.0/22,45.9.156.0/22,45.10.16.0/22,45.11.184.0/22,45.11.188.0/22,45.41.0.0/18] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 2"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400001; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [45.65.120.0/22,45.65.188.0/22,45.80.28.0/22,45.80.248.0/23,45.80.250.0/23,45.86.20.0/22,45.95.40.0/22,45.114.240.0/22,45.117.52.0/22,45.117.232.0/22,45.119.40.0/22,45.121.204.0/22,45.130.100.0/22,45.135.193.0/24,45.159.56.0/22,45.220.64.0/18,46.102.177.0/24,46.102.178.0/23,46.102.180.0/24,46.102.182.0/23] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 3"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400002; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [58.14.0.0/15,58.145.176.0/21,59.153.60.0/22,60.233.0.0/16,61.11.224.0/19,61.45.251.0/24,64.92.224.0/20,64.250.144.0/20,65.97.48.0/20,67.213.112.0/20,68.66.48.0/20,69.8.64.0/20,69.8.96.0/20,72.1.224.0/20,74.114.148.0/22,76.191.0.0/20,77.36.62.0/24,77.81.84.0/23,77.81.86.0/24,77.81.89.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 4"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400003; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [85.209.4.0/22,86.55.40.0/23,86.55.42.0/23,86.62.28.0/22,86.104.0.0/23,86.104.2.0/24,86.104.212.0/23,86.104.222.0/23,86.104.224.0/23,86.105.2.0/24,86.105.6.0/24,86.105.176.0/24,86.105.178.0/24,86.105.184.0/23,86.105.186.0/24,86.105.229.0/24,86.105.230.0/24,86.105.242.0/23,86.106.10.0/24,86.106.13.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 5"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400004; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [86.106.110.0/23,86.106.114.0/23,86.106.116.0/23,86.106.118.0/24,86.106.138.0/23,86.106.140.0/23,86.106.174.0/23,86.107.72.0/24,86.107.193.0/24,86.107.194.0/23,88.218.40.0/22,88.218.148.0/22,89.32.43.0/24,89.32.170.0/24,89.32.202.0/24,89.33.46.0/23,89.33.116.0/24,89.33.134.0/24,89.33.198.0/23,89.33.200.0/23] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 6"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400005; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [89.34.74.0/24,89.34.102.0/24,89.34.104.0/23,89.35.54.0/24,89.35.89.0/24,89.35.90.0/24,89.36.38.0/23,89.36.136.0/24,89.36.138.0/23,89.36.141.0/24,89.37.92.0/23,89.37.94.0/24,89.37.96.0/24,89.37.129.0/24,89.37.130.0/23,89.37.132.0/23,89.37.134.0/24,89.38.240.0/24,89.39.69.0/24,89.39.212.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 7"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400006; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [89.40.209.0/24,89.41.27.0/24,89.41.28.0/23,89.41.49.0/24,89.41.50.0/23,89.41.189.0/24,89.41.190.0/23,89.42.10.0/24,89.42.152.0/23,89.42.154.0/24,89.45.82.0/24,89.46.47.0/24,91.132.164.0/22,91.197.196.0/22,91.200.12.0/22,91.200.133.0/24,91.200.248.0/22,91.218.236.0/22,91.220.163.0/24,91.229.52.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 8"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400007; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [93.114.51.0/24,93.114.52.0/23,93.114.54.0/24,93.114.58.0/23,93.115.59.0/24,93.119.118.0/23,93.119.120.0/23,93.119.124.0/23,93.120.34.0/24,93.120.46.0/24,94.131.228.0/22,94.154.32.0/22,96.45.144.0/20,98.143.192.0/20,101.42.0.0/16,101.134.0.0/15,101.192.0.0/14,101.203.128.0/19,101.248.0.0/15,102.196.96.0/19] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 9"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400008; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [103.14.208.0/22,103.16.76.0/24,103.23.8.0/22,103.23.124.0/22,103.24.232.0/22,103.30.12.0/22,103.32.0.0/16,103.32.132.0/22,103.34.0.0/16,103.36.64.0/22,103.59.92.0/22,103.73.172.0/22,103.75.36.0/22,103.76.96.0/22,103.76.128.0/22,103.77.32.0/22,103.99.0.0/22,103.100.168.0/22,103.134.144.0/23,103.135.144.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 10"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400009; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [103.197.240.0/22,103.199.88.0/22,103.199.184.0/22,103.205.84.0/22,103.207.160.0/22,103.210.244.0/22,103.215.80.0/22,103.225.72.0/22,103.225.128.0/22,103.226.192.0/22,103.228.60.0/22,103.229.36.0/22,103.230.144.0/22,103.232.136.0/22,103.232.172.0/22,103.236.32.0/22,103.239.28.0/22,103.239.56.0/22,103.243.8.0/22,103.243.124.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 11"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400010; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [104.239.0.0/17,104.243.192.0/20,104.247.96.0/19,104.250.192.0/19,104.250.224.0/19,104.251.192.0/20,106.95.0.0/16,107.182.112.0/20,107.182.240.0/20,107.190.160.0/20,110.41.0.0/16,111.223.192.0/19,113.212.128.0/19,116.144.0.0/15,116.146.0.0/15,117.58.0.0/17,119.58.0.0/16,119.232.0.0/16,120.48.0.0/15,121.46.124.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 12"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400011; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [124.157.0.0/18,124.242.0.0/16,125.31.192.0/18,125.58.0.0/18,125.169.0.0/16,128.24.0.0/16,128.85.0.0/16,130.21.0.0/16,130.148.0.0/16,130.196.0.0/16,130.222.0.0/16,131.108.16.0/22,131.143.0.0/16,131.200.0.0/16,132.255.132.0/22,134.18.0.0/16,134.22.0.0/16,134.23.0.0/16,134.33.0.0/16,134.127.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 13"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400012; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [137.72.0.0/16,137.76.0.0/16,137.105.0.0/16,137.114.0.0/16,137.218.0.0/16,138.31.0.0/16,138.36.92.0/22,138.36.136.0/22,138.52.0.0/16,138.59.4.0/22,138.59.204.0/22,138.94.144.0/22,138.94.216.0/22,138.97.156.0/22,138.122.192.0/22,138.125.0.0/16,138.185.116.0/22,138.186.208.0/22,138.216.0.0/16,138.219.172.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 14"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400013; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [140.82.96.0/20,140.167.0.0/16,141.98.68.0/23,141.98.70.0/23,141.136.22.0/24,141.178.0.0/16,141.206.128.0/20,141.253.0.0/16,142.102.0.0/16,143.0.236.0/22,143.49.0.0/16,143.135.0.0/16,143.136.0.0/16,143.253.0.0/16,145.231.0.0/16,146.3.0.0/16,146.51.0.0/16,146.106.0.0/16,146.183.0.0/16,146.202.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 15"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400014; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [148.148.0.0/16,148.154.0.0/16,148.178.0.0/16,148.185.0.0/16,148.248.0.0/16,149.118.0.0/16,149.207.0.0/16,150.10.0.0/16,150.22.128.0/17,150.25.0.0/16,150.40.0.0/16,150.121.0.0/16,150.129.212.0/22,150.129.228.0/22,150.141.0.0/16,150.242.120.0/22,150.242.144.0/22,151.212.0.0/16,152.89.228.0/23,152.89.230.0/23] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 16"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400015; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [155.11.0.0/16,155.40.0.0/16,155.66.0.0/16,155.71.0.0/16,155.73.0.0/16,155.108.0.0/16,155.159.0.0/16,155.235.0.0/16,155.249.0.0/16,156.96.0.0/16,157.115.0.0/16,157.162.0.0/16,157.186.0.0/16,157.195.0.0/16,158.54.0.0/16,158.249.0.0/16,159.80.0.0/16,159.85.0.0/16,159.151.0.0/16,159.174.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 17"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400016; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [160.116.0.0/16,160.117.0.0/16,160.121.0.0/16,160.122.0.0/16,160.180.0.0/16,160.184.0.0/16,160.188.0.0/16,160.200.0.0/16,160.235.0.0/16,160.240.0.0/16,160.255.0.0/16,161.0.0.0/19,161.0.68.0/22,161.1.0.0/16,162.208.124.0/22,162.212.188.0/22,162.222.128.0/21,162.249.20.0/22,163.47.19.0/24,163.50.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 18"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400017; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [163.216.0.0/19,163.250.0.0/16,163.254.0.0/16,164.6.0.0/16,164.79.0.0/16,164.88.0.0/16,164.137.0.0/16,164.155.0.0/16,165.3.0.0/16,165.25.0.0/16,165.52.0.0/14,165.102.0.0/16,165.205.0.0/16,165.209.0.0/16,165.231.0.0/16,166.93.0.0/16,166.117.0.0/16,167.74.0.0/18,167.82.144.0/20,167.97.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 19"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400018; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [167.224.0.0/19,167.224.32.0/20,167.224.48.0/21,167.249.200.0/22,168.0.212.0/22,168.64.0.0/16,168.76.0.0/16,168.80.0.0/15,168.90.96.0/22,168.129.0.0/16,168.151.0.0/22,168.151.4.0/23,168.151.6.0/24,168.151.32.0/21,168.151.43.0/24,168.151.44.0/22,168.151.48.0/22,168.151.52.0/23,168.151.54.0/24,168.151.56.0/21] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 20"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400019; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [168.151.128.0/20,168.151.145.0/24,168.151.146.0/23,168.151.148.0/22,168.151.152.0/22,168.151.157.0/24,168.151.158.0/23,168.151.160.0/20,168.151.176.0/21,168.151.184.0/22,168.151.192.0/20,168.151.208.0/21,168.151.216.0/22,168.151.220.0/23,168.151.232.0/21,168.151.240.0/21,168.151.248.0/22,168.151.254.0/24,168.181.52.0/22,168.195.76.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 21"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400020; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [168.211.0.0/16,168.227.128.0/22,168.227.140.0/22,169.239.152.0/22,170.67.0.0/16,170.83.232.0/22,170.113.0.0/16,170.120.0.0/16,170.179.0.0/16,170.244.40.0/22,170.244.240.0/22,170.247.220.0/22,171.25.212.0/22,171.26.0.0/16,172.98.0.0/18,174.136.192.0/18,175.103.64.0/18,176.56.192.0/19,176.96.88.0/21,176.102.120.0/21] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 22"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400021; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [176.223.116.0/23,176.223.118.0/24,176.223.160.0/23,177.234.136.0/21,178.212.184.0/21,178.213.176.0/22,179.63.0.0/17,180.178.192.0/18,180.236.0.0/14,181.177.64.0/18,185.0.96.0/19,185.21.8.0/22,185.30.168.0/22,185.39.8.0/22,185.55.4.0/22,185.55.140.0/22,185.60.201.0/24,185.60.202.0/23,185.63.35.0/24,185.64.23.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 23"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400022; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [185.116.172.0/23,185.116.175.0/24,185.120.8.0/22,185.122.128.0/22,185.123.144.0/20,185.123.248.0/21,185.124.0.0/22,185.124.56.0/21,185.126.136.0/22,185.126.148.0/22,185.126.160.0/21,185.126.224.0/22,185.126.236.0/22,185.126.248.0/22,185.127.44.0/22,185.127.56.0/22,185.127.68.0/22,185.127.76.0/22,185.127.92.0/22,185.129.8.0/22] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 24"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400023; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [185.144.180.0/22,185.147.140.0/22,185.156.88.0/21,185.156.92.0/22,185.161.148.0/22,185.165.24.0/22,185.180.192.0/22,185.184.192.0/22,185.185.48.0/22,185.193.90.0/24,185.193.143.0/24,185.194.100.0/22,185.203.64.0/22,185.215.132.0/22,185.227.200.0/22,185.230.44.0/22,185.234.64.0/22,185.237.104.0/22,185.237.220.0/22,185.237.226.0/23] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 25"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400024; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [188.172.160.0/19,188.208.48.0/22,188.208.52.0/22,188.208.109.0/24,188.208.220.0/22,188.209.120.0/21,188.212.254.0/24,188.213.23.0/24,188.213.206.0/23,188.213.214.0/23,188.213.248.0/22,188.213.252.0/22,188.214.94.0/24,188.214.95.0/24,188.214.140.0/24,188.214.155.0/24,188.214.193.0/24,188.241.211.0/24,188.247.230.0/24,190.123.208.0/20] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 26"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400025; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [192.31.212.0/23,192.40.29.0/24,192.43.160.0/24,192.43.175.0/24,192.43.176.0/21,192.43.184.0/24,192.54.110.0/24,192.67.16.0/24,192.96.146.0/24,192.101.44.0/24,192.101.181.0/24,192.101.200.0/21,192.101.240.0/21,192.101.248.0/23,192.133.3.0/24,192.152.194.0/24,192.154.11.0/24,192.160.44.0/24,192.161.80.0/20,192.190.49.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 27"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400026; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [192.219.120.0/21,192.219.128.0/18,192.219.192.0/20,192.219.208.0/21,192.226.16.0/20,192.229.32.0/19,192.231.66.0/24,192.234.189.0/24,192.245.101.0/24,192.251.231.0/24,192.252.16.0/20,193.25.48.0/20,193.30.254.0/23,193.32.66.0/23,193.46.172.0/22,193.139.0.0/16,193.151.160.0/22,193.201.232.0/22,193.228.91.0/24,193.243.0.0/17] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 28"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400027; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [196.1.109.0/24,196.10.64.0/19,196.15.64.0/18,196.16.0.0/14,196.42.128.0/17,196.61.192.0/20,196.62.0.0/16,196.192.192.0/18,196.193.0.0/16,196.194.0.0/15,196.199.0.0/16,196.207.64.0/18,196.246.0.0/16,197.154.0.0/16,197.231.208.0/22,198.13.0.0/20,198.14.0.0/20,198.20.16.0/20,198.45.32.0/20,198.45.64.0/19] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 29"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400028; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [198.96.224.0/20,198.99.117.0/24,198.102.222.0/24,198.148.212.0/24,198.151.16.0/20,198.151.64.0/18,198.151.152.0/22,198.160.205.0/24,198.169.201.0/24,198.177.175.0/24,198.177.176.0/22,198.177.180.0/24,198.177.214.0/24,198.178.64.0/19,198.179.22.0/24,198.181.96.0/20,198.183.32.0/19,198.184.193.0/24,198.184.208.0/24,198.186.25.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 30"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400029; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [198.200.8.0/23,198.202.237.0/24,198.204.0.0/21,198.206.140.0/24,198.212.132.0/24,199.5.152.0/23,199.5.229.0/24,199.26.137.0/24,199.26.207.0/24,199.26.251.0/24,199.33.222.0/24,199.34.128.0/18,199.60.102.0/24,199.71.192.0/20,199.73.64.0/20,199.84.16.0/20,199.84.55.0/24,199.84.56.0/22,199.84.60.0/24,199.84.64.0/19] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 31"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400030; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [199.184.82.0/24,199.185.144.0/20,199.185.192.0/20,199.196.192.0/19,199.198.160.0/20,199.198.176.0/21,199.198.184.0/23,199.198.188.0/22,199.200.64.0/19,199.212.96.0/20,199.223.0.0/20,199.230.64.0/19,199.230.96.0/21,199.233.85.0/24,199.233.96.0/24,199.241.64.0/19,199.244.56.0/21,199.245.138.0/24,199.246.137.0/24,199.246.213.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 32"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400031; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [199.254.32.0/20,200.0.60.0/23,200.22.0.0/16,200.71.124.0/22,200.189.44.0/22,200.234.128.0/18,201.148.168.0/22,201.169.0.0/16,202.0.192.0/18,202.20.32.0/19,202.21.64.0/19,202.27.96.0/23,202.27.98.0/24,202.27.99.0/24,202.27.100.0/22,202.27.120.0/22,202.27.161.0/24,202.27.162.0/23,202.27.164.0/22,202.27.168.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 33"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400032; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [202.148.176.0/20,202.183.0.0/19,202.189.80.0/20,203.2.200.0/22,203.9.0.0/19,203.31.88.0/23,203.34.70.0/23,203.86.252.0/22,203.169.0.0/22,203.191.64.0/18,203.195.0.0/18,204.14.80.0/22,204.19.38.0/23,204.44.32.0/20,204.44.208.0/20,204.44.224.0/20,204.52.96.0/19,204.52.255.0/24,204.57.16.0/20,204.75.147.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 34"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400033; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [204.106.128.0/18,204.106.192.0/19,204.107.208.0/24,204.126.244.0/23,204.128.32.0/20,204.128.151.0/24,204.128.180.0/24,204.130.16.0/20,204.130.167.0/24,204.147.64.0/21,204.147.96.0/20,204.147.240.0/20,204.156.192.0/20,204.194.64.0/21,204.225.159.0/24,204.225.210.0/24,204.232.0.0/18,204.238.137.0/24,204.238.170.0/24,204.238.183.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 35"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400034; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [205.148.192.0/18,205.151.128.0/19,205.159.45.0/24,205.159.174.0/24,205.159.180.0/24,205.166.77.0/24,205.166.84.0/24,205.166.130.0/24,205.166.168.0/24,205.166.211.0/24,205.172.244.0/22,205.175.160.0/19,205.189.71.0/24,205.189.72.0/23,205.203.0.0/19,205.203.224.0/19,205.207.134.0/24,205.210.107.0/24,205.210.139.0/24,205.210.171.0/24] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 36"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400035; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [205.236.189.0/24,205.237.88.0/21,206.41.128.0/20,206.41.160.0/19,206.51.29.0/24,206.124.104.0/21,206.125.16.0/20,206.130.188.0/24,206.143.128.0/17,206.183.128.0/19,206.195.224.0/19,206.197.28.0/24,206.197.29.0/24,206.197.77.0/24,206.197.165.0/24,206.209.48.0/20,206.209.80.0/20,206.223.17.0/24,206.224.160.0/19,206.226.0.0/19] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 37"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400036; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [207.90.0.0/18,207.110.64.0/18,207.110.96.0/19,207.110.128.0/18,207.183.64.0/19,207.183.96.0/20,207.183.128.0/19,207.183.192.0/19,207.201.64.0/18,207.228.192.0/20,207.244.0.0/18,208.73.208.0/22,208.90.32.0/21,208.93.4.0/22,209.17.192.0/19,209.66.0.0/18,209.66.128.0/19,209.95.64.0/19,209.95.192.0/19,209.99.128.0/18] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 38"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400037; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)
alert ip [209.145.0.0/19,209.148.16.0/20,209.161.64.0/19,209.161.96.0/20,209.182.64.0/19,209.242.192.0/19,212.162.152.0/22,213.173.36.0/22,213.247.0.0/19,216.179.128.0/17,220.154.0.0/16,221.132.192.0/18,223.0.0.0/15,223.169.0.0/16,223.173.0.0/16,223.254.0.0/16] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound group 39"; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DROPIP; sid:2400038; rev:2793; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Minor, created_at 2010_12_30, updated_at 2021_01_10;)