#alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (3)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 0F|"; classtype:trojan-activity; sid:2007784; rev:2;)

Added 2008-01-25 13:07:20 UTC


#alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (3)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 0F|"; classtype:trojan-activity; sid:2007784; rev:2;)

Added 2008-01-25 13:07:20 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (3)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 0F|"; classtype:trojan-activity; sid:2007784; rev:2;)

Added 2008-01-25 12:35:04 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET CURRENT_EVENTS Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (3)"; content:"|C0 0C 00 0C 00 01 00 00 00|<|00 0F|"; classtype:trojan-activity; sid:2007784; rev:2;)

Added 2008-01-25 12:35:04 UTC


alert udp $EXTERNAL_NET 53 -> any any (msg:"ET Fast Flux DNS ttl Less than 60 Seconds - Likely Botnet Domain (3)" content:"|C0 0C 00 0C 00 01 00 00 00|<|00 0F|"; classtype:trojan-activity; sid:2007784; rev:1;)

Added 2008-01-25 09:39:12 UTC


Topic revision: r1 - 2008-01-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats