[Snort-users] BOHTTP/BrownOrifice/Netscape ServerSocket sigs

Max Vision vision at ...4...
Tue Aug 8 18:57:06 EDT 2000


Hi,

I can't find the reference email anywhere but someone asked me if there
were signatures to detect this.  I have written two, one for the java
bytecode download, and another for a successful trojan installation:

IDS294/trojan-netscape-java-serversocket 
http://whitehats.com/IDS/294

IDS295/trojan-netscape-java-brownorifice 
http://whitehats.com/IDS/295

Max Vision
http://whitehats.com/





More information about the Snort-users mailing list