if snort see two packets in a TCP flow with • first packet has “login” or “Initial” in payload, destination port is 3399; • and second packet has a “IPv4Address:Port”string(E.g. 123.45.6.7:8080) in payload. destination port is 3399; • output a alert with msg “bot founded” and sid 1000001
-
Notifications
You must be signed in to change notification settings - Fork 0
wjlkk1/idshwk2
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published