[Snort-users] mstream and shaft

mike maxwell mmaxwell at ...4733...
Wed Jan 30 06:42:17 EST 2002

i am using snort as an ids for my network .....i am seeing alerts about
mstream and shaft traffic to several of my customers pcs. i know that
these pcs are not running unix. is there a port of this trojan for
windows out there in the wild or are these false alarms....

alert.1:01/29-15:27:03.962255  [**] [1:230:1] DDOS shaft client to
handler [**] [Classification: Attempted Denial of Service] [Priority: 2]
{TCP} *.*.*.*:80 -> *.*.*.*:20432

alert.1:01/29-22:19:03.262255  [**] [1:248:1] DDOS mstream handler to
client [**] [Classification: Attempted Denial of Service] [Priority: 2]
{TCP} *.*.*.*:12754 -> *.*.*.*:20

Mike Maxwell
System Manager--GMA
mmaxwell at ...4734...

More information about the Snort-users mailing list