alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 1024: (msg:"ET TROJAN Unknown
CnC? Channel Keep Alive Server Response"; flow:established,from_server; dsize:5; content:"|17 24 1b 00 00|"; classtype:trojan-activity; sid:2009866; rev:1;)
Added 2009-09-04 10:45:36 UTC
False +ves with <http://www.teamviewer.com> teamviewer seems to be catching on here!
--
RussellFulton - 07 Sep 2009