[Snort-sigs] sid 216

Chris Green cmg at ...26...
Wed Jan 16 20:35:04 EST 2002


ealert tcp $EXTERNAL_NET any -> $HOME_NET 23 \
            (msg:"BACKDOOR MISC linux rootkit attempt"; \
             flags: A+; content:"satori"; classtype:attempted-admin; \
             sid:216; rev:1;)

Change that message to "BACKDOOR TELNET linux rootkit satori"
for a more informative message. 
-- 
Chris Green <cmg at ...26...>
Fame may be fleeting but obscurity is forever.




More information about the Snort-sigs mailing list