[Snort-sigs] references for sid:220 (BACKDOOR HideSource backdoor attempt)

Carl Gibbons cgibbons at ...1299...
Mon Apr 7 10:03:05 EDT 2003


Hi!  I got a few hits on this rule:

alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"BACKDOOR 
HideSource backdoor attempt";flags: A+; content:"wank"; sid:220;  
classtype:misc-activity; rev:4;)

I had to google to find more information. Perhaps one of you official 
rule-updaters would be willing to add a reference or two to this rule? 
 I found:

http://www.iss.net/security_center/static/1840.php
http://hq.mcafeeasap.com/vulnerabilities/vuln_data/4000.asp

-- Carl Gibbons GCIA, Network Security Engineer, University of Denver






More information about the Snort-sigs mailing list