Thu Nov 23 16:36:19 EST 2017
This indicates an attempt to send a command to a compromised Q server. Q is
a backdoor that allows an attacker to run commands remotely as root, among
This event is specific to a particular exploit, but the packet payload is
not considered as part of the signature to detect the attack.
Trusting The Source IP Address
Since this event was caused by a ICMP packet, the source IP address could be
easily forged. It has been noted that the intruder is likely to expect or
desire a response to their packets, so it may be likely that the source IP
address is not spoofed.
cve entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0660
More information about the Snort-users