#alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET TROJAN Potential DNS Command and Control via TXT queries"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013514; rev:2;)

Added 2011-10-12 19:37:04 UTC


#alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET TROJAN Potential DNS Command and Control via TXT queries"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; classtype:trojan-activity; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; sid:2013514; rev:2;)

Added 2011-09-06 17:33:28 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats