Snort mailing list archives

Previous By Date Next
Previous By Thread Next

mstream and shaft

From: mike maxwell <mmaxwell () greenmountainaccess net>
Date: Wed, 30 Jan 2002 09:46:08 -0500
i am using snort as an ids for my network .....i am seeing alerts about
mstream and shaft traffic to several of my customers pcs. i know that
these pcs are not running unix. is there a port of this trojan for
windows out there in the wild or are these false alarms....

alert.1:01/29-15:27:03.962255  [**] [1:230:1] DDOS shaft client to
handler [**] [Classification: Attempted Denial of Service] [Priority: 2]
{TCP} *.*.*.*:80 -> *.*.*.*:20432

alert.1:01/29-22:19:03.262255  [**] [1:248:1] DDOS mstream handler to
client [**] [Classification: Attempted Denial of Service] [Priority: 2]
{TCP} *.*.*.*:12754 -> *.*.*.*:20


--
Mike Maxwell
System Manager--GMA
mmaxwell () gmavt net
****************************************************



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: