alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Unknown CnC? Channel Keep Alive Server Response"; flow:established,from_server; dsize:5; content:"|17 24 1b 00 00|"; classtype:trojan-activity; sid:2009866; rev:1;)

Added 2009-09-04 10:45:36 UTC

False +ves with <http://www.teamviewer.com> teamviewer seems to be catching on here!

-- RussellFulton - 07 Sep 2009


Topic revision: r2 - 2009-09-07 - RussellFulton
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats