alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS DNS Reply with ttl of 0 Seconds - Likely Botnet FastFlux? Domain"; content:"|C0 0C 00 01 00 01 00 00 00 00 00 04|"; classtype:trojan-activity; sid:2007782; rev:3;)

Added 2008-01-25 14:45:06 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS DNS Reply with ttl of 0 Seconds - Likely Botnet FastFlux? Domain"; content:"|C0 0C 00 01 00 01 00 00 00 00 00 04|"; classtype:trojan-activity; sid:2007782; rev:3;)

Added 2008-01-25 14:45:06 UTC


#alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (1)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 04|"; classtype:trojan-activity; sid:2007782; rev:2;)

Added 2008-01-25 13:07:20 UTC


#alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (1)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 04|"; classtype:trojan-activity; sid:2007782; rev:2;)

Added 2008-01-25 13:07:20 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (1)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 04|"; classtype:trojan-activity; sid:2007782; rev:2;)

Added 2008-01-25 12:35:04 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (1)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 04|"; classtype:trojan-activity; sid:2007782; rev:2;)

Added 2008-01-25 12:35:04 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (1)" content:"|C0 0C 00 0C 00 01 00 00 00|<|00 04|"; classtype:trojan-activity; sid:2007782; rev:1;)

Added 2008-01-25 09:39:12 UTC


Topic revision: r1 - 2008-01-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats