Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Phatbot Patterns

Damin
Does Astaro 5.0's IDS paterns include detection signatures for Phatbot and it's relatives?

If not, the following information may be useful:
 Phatbot Information


This thread was automatically locked due to age.
  • 0
    No it doesn't, but the URL you point to has two snort signatures that you could add to the local group of rules.

     Code:

    Description: Agobot/Phatbot Infection Successful
    Selector: tcp any any -> any any
    Filter: flow:established; content:"221 Goodbye, have a good infection |3a 29 2e 0d 0a|"; dsize:40;