[Snort-sigs] direction issue with 37053

Joel Esler (jesler) jesler at ...3865...
Fri Jan 22 09:32:05 EST 2016


This has been corrected and will be fixed in the next release.

--
Joel Esler
Manager, Talos Group




> On Jan 21, 2016, at 4:37 PM, John Ives <jives at ...4131...> wrote:
> 
> Signed PGP part
> I had an alert for 37053 and when I went to look at it I noticed an
> issue with either the message or the rule direction
> 
> The rule msg says it is "MALWARE-CNC Win.Trojan.Tdrop2 outbound
> communication attempt," however, with the direction of the traffic
> being "$EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any" and the flow
> set as to_client, it doesn't seem like this is outbound at all.
> 
> Is this just a naming issue or am I missing something.
> 
> John
> 
> 
> --
> ------------------------------------------------------------------------
> John Ives
> Information Security & Policy			    Phone (510) 229-8676
> University of California, Berkeley
> ------------------------------------------------------------------------
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160122/79865401/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160122/79865401/attachment.sig>


More information about the Snort-sigs mailing list