#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET DELETED Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; reference:url,doc.emergingthreats.net/bin/view/Main/2008779; classtype:unknown; sid:2008779; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:55 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET DELETED Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; fast_pattern:only; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; reference:url,doc.emergingthreats.net/bin/view/Main/2008779; classtype:unknown; sid:2008779; rev:5;)

Added 2011-10-12 19:25:50 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET DELETED Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; fast_pattern:only; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2008779; sid:2008779; rev:5;)

Added 2011-09-14 22:39:17 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET DELETED Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; fast_pattern:only; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2008779; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Unknown_trojan3; sid:2008779; rev:5;)

Added 2011-02-04 17:27:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2008779; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Unknown_trojan3; sid:2008779; rev:4;)

Added 2009-02-06 19:00:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; reference:url,doc.emergingthreats.net/bin/view/Main/2008779; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Unknown_trojan3; sid:2008779; rev:4;)

Added 2009-02-06 19:00:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; sid:2008779; rev:3;)

Added 2008-11-19 15:45:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive out"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:isnotset,ET.teamviewerkeepaliveout; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; sid:2008779; rev:3;)

Added 2008-11-19 15:45:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive up"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; sid:2008779; rev:2;)

Added 2008-11-18 12:15:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive up"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; classtype:unknown; sid:2008779; rev:2;)

Added 2008-11-18 12:15:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET CURRENT_EVENTS Unknown Keepalive up"; flow:established,to_server; dsize:5; content:"|17 24 1B 00 00|"; flowbits:set,ET.unknownkeepaliveup; flowbits:noalert; sid:2008779; rev:1;)

Added 2008-11-13 10:06:24 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats