Home page logo
/

snort logo Snort mailing list archives

Any plans to update 11951?
From: "Weir, Jason" <jason.weir () nhrs org>
Date: Wed, 13 Oct 2010 15:40:28 -0400

Warning: /etc/snort/rules/backdoor.rules(613) => threshold (in rule) is
deprecated; use detection_filter instead.

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BACKDOOR winshadow
runtime detection - init connection request";
flow:to_server,established; content:"@|11 00 00 00 00 00 00 1C 00 00 00
10 00 03 00 00 00 01 00 02 00|"; depth:22; threshold:type limit, track
by_src, count 1, seconds 300;
reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453060036;
classtype:trojan-activity; sid:11951; rev:1;)

-Jason


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


  By Date           By Thread  

Current thread:
  • Any plans to update 11951? Weir, Jason (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]