wkitty42 at ...3507...
Tue Aug 5 14:03:46 EDT 2014
On 8/5/2014 10:51 AM, usuarionuevo nuevo nuevo wrote:
> Hi, I'm new on this list,
> Anyone knows something about this snort signature: ET TROJAN Dropper-497
> (Yumato) Initial Checkin
> What does this alert means?
you should ask that of the Emerging Threats folks since that's one of their
BUT let's go ahead and look... since that shows "Initial Checkin" it would
appear to be SID 2007917 which is outbound from your network to some external
machine on a port 1024 or greater... you can look at the rule to see the content
matched which caused the rule to fire...
have you also seen 2007918, 2007919 or 2007920 fire?
you can find information on the rules here...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-sigs