Changeset 1760

Show
Ignore:
Timestamp:
12/04/06 15:00:17 (2 years ago)
Author:
mbr
Message:

removed sid value since the Subseven sig is not derived from Snort

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • psad/trunk/signatures

    r1759 r1760  
    7070### backdoor.rules 
    7171alert tcp $EXTERNAL_NET any -> $HOME_NET 16959 (msg:"BACKDOOR Subseven DEFCON8 2.1 connection Attempt"; flags:S; classtype:trojan-activity; sid:107; psad_id:100027; psad_dl:2;) 
    72 alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg:"BACKDOOR Subseven connection attempt"; flags:S; classtype:trojan-activity; sid:107; psad_id:100207; psad_dl:2;) 
     72alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg:"BACKDOOR Subseven connection attempt"; flags:S; classtype:trojan-activity; psad_id:100207; psad_dl:2;) 
    7373alert tcp $EXTERNAL_NET any -> $HOME_NET 12345:12346 (msg:"BACKDOOR netbus Connection Cttempt"; flags:S; reference:arachnids,401; classtype:misc-activity; psad_id:100028; psad_dl:2; psad_derived_sids:109,110;) 
    7474alert tcp $EXTERNAL_NET any -> $HOME_NET 20034 (msg:"BACKDOOR NetBus Pro 2.0 Connection Cttempt"; flags:S; classtype:misc-activity; psad_id:100029; psad_dl:2; psad_derived_sids:115,3009;)