[Snort-users] BackDoor Subsevsen
This is a discussion on [Snort-users] BackDoor Subsevsen within the Snort forums, part of the System Security and Security Related category; This message is in MIME format. Since your mail reader does not understand this format, some or all of this ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-02-2004
|
|||
|
|||
[Snort-users] BackDoor Subsevsen
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible. ------_=_NextPart_001_01C3D0FA.25F090F0 Content-Type: text/plain; charset="ISO-8859-1" Hi, I was trying to analyze the signature for SID : 103 BackDoor Subseven 22 From Packet Direction "-> ", it appears that the signature is on a packet from port 27374 to any port inside But from flow direction "to_server", it would appear that the signature is to be triggered for a packet from any port to port 27374 assuming that the port 27374 is the server port. Can you please point me out if I am missing anything on this ? Thanks. ------_=_NextPart_001_01C3D0FA.25F090F0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>BackDoor Subsevsen</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2 FACE=3D"Arial">Hi,</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial"> I was trying to analyze the = signature for SID : 103</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial"> BackDoor Subseven 22</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial"> From Packet Direction = "-> ", it appears that the signature is on a packet from = port 27374 to any port inside</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial"> But from flow direction = "to_server", it would appear that the signature is to be = triggered for a packet from any port to port 27374 assuming that the = port 27374 is the server port. </FONT></P> <P><FONT SIZE=3D2 FACE=3D"Arial">Can you please point me out if I am = missing anything on this ?</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">Thanks.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C3D0FA.25F090F0-- ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
