[Snort-sigs] SolarWinds Traceroute Triggers sid:10106

Bamm Visscher bamm.visscher at ...2420...
Mon May 7 12:36:54 EDT 2007

msg:"BACKDOOR icmp cmd 1.0 runtime detection - download file"

The sig looks for the content "http://" anywhere in the payload.
SolarWinds includes the content "Visit http://SolarWinds.Net for more
details" in the payload of the its ICMP ping packets.


sguil - The Analyst Console for NSM

More information about the Snort-sigs mailing list