Changeset 2129
- Timestamp:
- 12/11/07 23:56:10 (1 year ago)
- Files:
-
- psad/trunk/signatures (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
psad/trunk/signatures
r2071 r2129 138 138 ### PSAD-CUSTOM rules 139 139 alert tcp $EXTERNAL_NET any -> $HOME_NET 17300 (msg:"PSAD-CUSTOM Kuang2 virus communication attempt"; flags:S; reference:url,isc.sans.org/port_details.php?port=17300; classtype:trojan-activity; psad_id:100206; psad_dl:2;) 140 alert udp $EXTERNAL_NET any -> $HOME_NET 1434 (msg:"PSAD-CUSTOM Slammer communication attempt"; reference:url,www.linklogger.com/UDP1434.htm; classtype:trojan-activity; psad_id:100208; psad_dl:2; )140 alert udp $EXTERNAL_NET any -> $HOME_NET 1434 (msg:"PSAD-CUSTOM Slammer communication attempt"; reference:url,www.linklogger.com/UDP1434.htm; classtype:trojan-activity; psad_id:100208; psad_dl:2; psad_ip_len:404;) 141 141 alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"PSAD-CUSTOM Nachi worm reconnaisannce"; itype:8; icode:0; reference:url,www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a00801b143a.html; classtype:trojan-activity; psad_id:100209; psad_dl:2; psad_ip_len:92;) 142 142
