EditAttachPrintable
r2 - 19 Mar 2008 - 02:25:37 - MattJonkmanYou are here: TWiki >  Main Web > 2008017

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:2;)

Added 2008-03-18 22:28:50 UTC

 

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)"; icode:0; itype:0; dsize:11; content:"Hello,World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:2;)

Added 2008-03-18 22:28:50 UTC

alert icmp any any -> any any (msg:"ET TROJAN Philis.J ICMP Sweep (Payload Hello, World)"; icode:0; itype:0; dsize:11; content:"Hello, World"; classtype:trojan-activity; reference:url,vil.nai.com/vil/content/v_141203.htm; sid:2008017; rev:1;)

Added 2008-03-18 22:19:54 UTC

This is any to any because most pinging will be local net to local net. But it'll be interesting if you see these coming in from the outside. As it's setup that's unlikely to happen, and will indicate a shift in tactics.

-- MattJonkman - 19 Mar 2008

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback