[Snort-sigs] references for sid:220 (BACKDOOR HideSource backdoor attempt)

Carl Gibbons cgibbons at ...1299...
Mon Apr 7 10:03:05 EDT 2003

Hi!  I got a few hits on this rule:

alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23 (msg:"BACKDOOR 
HideSource backdoor attempt";flags: A+; content:"wank"; sid:220;  
classtype:misc-activity; rev:4;)

I had to google to find more information. Perhaps one of you official 
rule-updaters would be willing to add a reference or two to this rule? 
 I found:


-- Carl Gibbons GCIA, Network Security Engineer, University of Denver

More information about the Snort-sigs mailing list