No subject

Thu Nov 23 16:36:19 EST 2017

This indicates an attempt to send a command to a compromised Q server. Q is
a backdoor that allows an attacker to run commands remotely as root, among
other functions.  

 How Specific  
This event is specific to a particular exploit, but the packet payload is
not considered as part of the signature to detect the attack.   

 Trusting The Source IP Address  
Since this event was caused by a ICMP packet, the source IP address could be
easily forged. It has been noted that the intruder is likely to expect or
desire a response to their packets, so it may be likely that the source IP
address is not spoofed.   

cve entry:

- Jeff

More information about the Snort-users mailing list