EmergingThreats> Main Web>2003461 (revision 3)EditAttach

alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS Unknown Bot Inbound C&C Packet"; flow:established,to_server; content:"|ce 01 36 f6 88 7b 94 0d c5 f9 10 bf a4 e5 05 de fd ba cd 4f b9 91 db 10 5e 6f|"; offset:0; classtype:unknown; reference:url,doc.bleedingthreats.net/2003460; sid:2003461; rev:2;)

Auto-added on 2007-03-01 14:30:59 UTC




See http://doc.bleedingthreats.net/bin/view/Main/2003460 for full analysis. These sigs are intertwined

-- MattJonkman - 01 Mar 2007


Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 2007-03-01 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats