alert tcp any any -> any any (msg:"BLEEDING-EDGE CURRENT EVENTS Traffic with a window of 55808 - Unknown likely hostile scanning - Please report hits to Bleeding Edge or ISC"; flags:S; window:55808; classtype:attempted-recon; reference:url,isc.sans.org/diary.html?n&storyid=2717; reference:url,www.cert.org/current/archive/2003/06/25/archive.html; sid:2003633; rev:2;)

Added 2007-05-03 10:45:56 UTC


alert tcp any any -> any any (msg:"BLEEDING-EDGE CURRENT EVENTS Traffic with a window of 55808 - Unknown likely hostile scanning - Please report hits to Bleeding Edge or ISC"; window:55808; classtype:attempted-recon; reference:url,isc.sans.org/diary.html?n&storyid=2717; reference:url,www.cert.org/current/archive/2003/06/25/archive.html; sid:2003633; rev:1;)

Added 2007-05-01 22:25:37 UTC

This is experimental, based on the ISC post in the reference.

Please report any falses or positive hits.

-- MattJonkman - 03 May 2007


Topic revision: r2 - 2007-05-03 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats