Snort mailing list archives
RE: pif WORM?
From: Anthony Geoffron <anthonyg () passinglane com>
Date: Mon, 13 Aug 2001 12:09:33 -0700
it seems to me to be emails with .pif attachments port 110 pop3 -----Original Message----- From: john.ruff () us abb com [mailto:john.ruff () us abb com] Sent: Monday, August 13, 2001 10:52 AM To: snort-users () lists sourceforge net Subject: [Snort-users] pif WORM? Anyone have specific deatils rergarding this entry in my ALERT_FULL snort lof file: [**] [1:721:1] Virus - Possible pif Worm [**] 08/13-13:24:12.370939 207.217.120.162:110 -> 130.110.95.77:1417 TCP TTL:42 TOS:0x0 ID:63795 IpLen:20 DgmLen:1044 ***AP*** Seq: 0xAC838C68 Ack: 0x14BBA Win: 0xFAF0 TcpLen: 20 [**] [1:729:1] Virus - Possible scr Worm [**] 08/13-13:24:38.676198 207.217.120.162:110 -> 130.110.95.77:1417 TCP TTL:42 TOS:0x0 ID:64225 IpLen:20 DgmLen:1051 ***A**** Seq: 0xAC898900 Ack: 0x14CA4 Win: 0xFAF0 TcpLen: 20 Thanks, John _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pif WORM? john . ruff (Aug 13)
- Re: pif WORM? Mike Baptiste (Aug 13)
- <Possible follow-ups>
- RE: pif WORM? Anthony Geoffron (Aug 13)
- RE: pif WORM? Hawrylkiw, Dan G (Aug 13)
- RE: pif WORM? Hawrylkiw, Dan G (Aug 13)