[Snort-sigs] snort-sid-103

Chris Green cmg at ...26...
Fri Jan 25 19:21:02 EST 2002


"Michael Anuzis" <michael_anuzis at ...12...> writes:

> alert tcp $EXTERNAL_NET 27374 -> $HOME_NET any (msg:"BACKDOOR subseven 22"; 
> flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485; 
> sid:103; classtype:misc-activity; rev:3;)
>
> --
> Corrective Action:
> Examine the packet to locate the victimized computer on your
> network and remove server accordingly. See additional references
> for information.

Any idea what the "22" part of the msg is?
-- 
Chris Green <cmg at ...26...>
A good pun is its own reword.




More information about the Snort-sigs mailing list