16 Aug
2005
16 Aug
'05
1:46 a.m.
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might have a text dump or packet capture of the C&C traffic that they would be willing to send me so I can tune our IDS to recognize it. I already have exploit rules loaded, just wanted to see if the C&C traffic varied significantly from the (relatively) standard *bot variety.
Matt just got some signatures together: http://www.bleedingsnort.com/article.php?story=20050814131513212 Enjoy, Gadi.