alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN LDPinch Checkin (9)"; flow:established,to_server; uricontent:".cgi?sid="; nocase; uricontent:"&bt="; nocase; uricontent:"&pz="; uricontent:"&rnd="; uricontent:"&tail"; classtype:trojan-activity; sid:2008095; rev:1;) Added 2008-04-03 13:36:06 UTC This was dropped. Was hitting on legit ad server requests. -- MattJonkman - 04 Apr 2008
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r2 - 2008-04-04 - MattJonkman
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats