[Snort-sigs] SolarWinds Traceroute Triggers sid:10106

Bamm Visscher bamm.visscher at ...2420...
Mon May 7 12:36:54 EDT 2007


msg:"BACKDOOR icmp cmd 1.0 runtime detection - download file"

The sig looks for the content "http://" anywhere in the payload.
SolarWinds includes the content "Visit http://SolarWinds.Net for more
details" in the payload of the its ICMP ping packets.

Bammkkkk


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-sigs mailing list