Snort mailing list archives

pif WORM?

From: john.ruff () us abb com
Date: Mon, 13 Aug 2001 13:51:44 -0400



Anyone have specific deatils rergarding this entry in my ALERT_FULL snort lof
file:

[**] [1:721:1] Virus - Possible pif Worm [**]
08/13-13:24:12.370939 207.217.120.162:110 -> 130.110.95.77:1417
TCP TTL:42 TOS:0x0 ID:63795 IpLen:20 DgmLen:1044
***AP*** Seq: 0xAC838C68  Ack: 0x14BBA  Win: 0xFAF0  TcpLen: 20

[**] [1:729:1] Virus - Possible scr Worm [**]
08/13-13:24:38.676198 207.217.120.162:110 -> 130.110.95.77:1417
TCP TTL:42 TOS:0x0 ID:64225 IpLen:20 DgmLen:1051
***A**** Seq: 0xAC898900  Ack: 0x14CA4  Win: 0xFAF0  TcpLen: 20

Thanks,
John



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

pif WORM? john . ruff (Aug 13)
- Re: pif WORM? Mike Baptiste (Aug 13)
- <Possible follow-ups>
- RE: pif WORM? Anthony Geoffron (Aug 13)
- RE: pif WORM? Hawrylkiw, Dan G (Aug 13)
- RE: pif WORM? Hawrylkiw, Dan G (Aug 13)