[Snort-sigs] Remote Shell Trojan signature
jtjuslin at ...1151...
Tue Jul 15 06:31:11 EDT 2003
Could somebody help to evaluate this filter, I put together:
alert udp any -> any 4369 (msg:"Remote Shell Trojan";
classtype:attempted-user; sid:1234; rev:1;)
Might be a stupid question, but can I invent sid from some pre-release
Just decided to share this now, although needs some work.
Thanks for any help and comments,
More information about the Snort-sigs