1: The snort ID does not exist
2: The links for the whois queries is all 404
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: MALWARE-CNC TDSS outbound connection
Details........: Snort ::
Time...........: 2013-06-29 13:48:06
Packet dropped.: yes
Priority.......: high
Classification.: A Network Trojan was detected
IP protocol....: 6 (TCP)
Source IP address: 192.168.1.175
- Professional Toolset | DNSstuff
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.1.175
- APNIC - Query the APNIC Whois Database
Source port: 58814
Destination IP address: 203.70.119.68
- Professional Toolset | DNSstuff
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=203.70.119.68
- APNIC - Query the APNIC Whois Database
Destination port: 80 (http)
I have not yet done any digging to figure out if there actually *is* a trojan on that computer, but i have not recieved any antivirus alerts from that machine.
Firmware version: 9.006-5
This thread was automatically locked due to age.
