[Snort-users] Bots using encryption?

Jeff Kell jeff-kell at ...6282...
Wed Mar 16 10:51:12 EST 2005


Tracking host traffic after a bot signature (MySQL, bleeding sig 
2001690) I've run into some encrypted traffic.  After 3-way handshake 
the thing fires off a "SHA-1:  " followed by a base-64 string.

Are the bots encrypting now?

Jeff





More information about the Snort-users mailing list