[Snort-sigs] snort-sid-103

John Berkers berjo at ...66...
Fri Jan 25 21:52:03 EST 2002

I think it might be meant to signify version 2.2 as opposed to 2.1.

John Berkers
berjo at ...66...

-----Original Message-----
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of Chris Green
Sent: Saturday, 26 January 2002 14:20
To: Michael Anuzis
Cc: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] snort-sid-103

"Michael Anuzis" <michael_anuzis at ...12...> writes:

> alert tcp $EXTERNAL_NET 27374 -> $HOME_NET any (msg:"BACKDOOR subseven

> 22";
> flags: A+; content: "|0d0a5b52504c5d3030320d0a|";
> sid:103; classtype:misc-activity; rev:3;)
> --
> Corrective Action:
> Examine the packet to locate the victimized computer on your network 
> and remove server accordingly. See additional references for 
> information.

Any idea what the "22" part of the msg is?
Chris Green <cmg at ...26...>
A good pun is its own reword.

Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list