Snort mailing list archives
mstream and shaft
From: mike maxwell <mmaxwell () greenmountainaccess net>
Date: Wed, 30 Jan 2002 09:46:08 -0500
i am using snort as an ids for my network .....i am seeing alerts about mstream and shaft traffic to several of my customers pcs. i know that these pcs are not running unix. is there a port of this trojan for windows out there in the wild or are these false alarms.... alert.1:01/29-15:27:03.962255 [**] [1:230:1] DDOS shaft client to handler [**] [Classification: Attempted Denial of Service] [Priority: 2] {TCP} *.*.*.*:80 -> *.*.*.*:20432 alert.1:01/29-22:19:03.262255 [**] [1:248:1] DDOS mstream handler to client [**] [Classification: Attempted Denial of Service] [Priority: 2] {TCP} *.*.*.*:12754 -> *.*.*.*:20 -- Mike Maxwell System Manager--GMA mmaxwell () gmavt net **************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- mstream and shaft mike maxwell (Jan 30)
- Re: mstream and shaft Stephane Nasdrovisky (Jan 30)