Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: pif WORM?

From: Anthony Geoffron <anthonyg () passinglane com>
Date: Mon, 13 Aug 2001 12:09:33 -0700
it seems to me to be emails with .pif attachments
port 110 pop3

-----Original Message-----
From: john.ruff () us abb com [mailto:john.ruff () us abb com]
Sent: Monday, August 13, 2001 10:52 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] pif WORM?




Anyone have specific deatils rergarding this entry in my ALERT_FULL snort
lof
file:

[**] [1:721:1] Virus - Possible pif Worm [**]
08/13-13:24:12.370939 207.217.120.162:110 -> 130.110.95.77:1417
TCP TTL:42 TOS:0x0 ID:63795 IpLen:20 DgmLen:1044
***AP*** Seq: 0xAC838C68  Ack: 0x14BBA  Win: 0xFAF0  TcpLen: 20

[**] [1:729:1] Virus - Possible scr Worm [**]
08/13-13:24:38.676198 207.217.120.162:110 -> 130.110.95.77:1417
TCP TTL:42 TOS:0x0 ID:64225 IpLen:20 DgmLen:1051
***A**** Seq: 0xAC898900  Ack: 0x14CA4  Win: 0xFAF0  TcpLen: 20

Thanks,
John



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: