⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 snortrules.txt

📁 IPv4下发伪造包的程序
💻 TXT
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
include backdoor.rules
include dos.rules
include ddos.rules
include dns.rules
include netbios.rules
include sql.rules
include web-cgi.rules
include web-coldfusion.rules
include web-frontpage.rules
include web-misc.rules
include web-iis.rules
include icmp.rules
include misc.rules
#include policy.rules
#include info.rules
#include virus.rules

# BACKDOOR RULES
# Updated 03/15/2001
# ------------------

alert tcp $EXTERNAL_NET 27374 -> $HOME_NET any (msg: "BACKDOOR SIG - SubSseven 22"; flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) 
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET 2589 (msg: "BACKDOOR - Dagger_1.4.0_client_connect"; flags: A+; content: "|0b 00 00 00 07 00 00 00|Connect"; depth: 16; reference:arachnids,483;) 
alert tcp $HOME_NET 2589 -> $EXTERNAL_NET 1024: (msg: "BACKDOOR - Dagger_1.4.0"; flags: A+; content: "|3200000006000000|Drives|2400|"; depth: 16; reference:arachnids,484;) 
alert tcp $EXTERNAL_NET 80 -> $HOME_NET 1054 (msg:"BACKDOOR ACKcmdC trojan scan"; seq: 101058054; ack: 101058054; flags: A;reference:arachnids,445;) 
alert tcp $EXTERNAL_NET 16959 -> any any (msg:"BACKDOOR subseven DEFCON8 2.1 access"; content: "PWD"; content:"acidphreak"; nocase; flags: A+;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 7597 (msg:"BACKDOOR QAZ Worm Client Login access"; flags: A+; content:"|71 61 7a 77 73 78 2e 68 73 71|";) 
alert udp $EXTERNAL_NET 4120 -> $HOME_NET any (msg:"BACKDOOR DeepThroat access"; content: "--Ahhhhhhhhhh"; reference:arachnids,405;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 31337 (msg:"BACKDOOR BackOrifice access"; content: "|ce63 d1d2 16e7 13cf 39a5 a586|";  reference:arachnids,399;) 
alert tcp $HOME_NET 80 -> $EXTERNAL_NET any (msg:"BACKDOOR BackOrifice access"; flags: A+; content: "server|3a| BO|2f|"; reference:arachnids,400;) 
alert tcp $HOME_NET 12345,12346 -> $EXTERNAL_NET any (msg:"BACKDOOR netbus active"; flags: A+; content: "NetBus";  reference:arachnids,401;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 12345,12346 (msg:"BACKDOOR netbus getinfo"; flags: A+; content: "GetInfo|0d|"; reference:arachnids,403;) 
alert tcp $HOME_NET 146 -> $EXTERNAL_NET 1024: (msg:"BACKDOOR Infector.1.x"; content: "WHATISIT"; flags: A+; reference:arachnids,315;) 
alert tcp $HOME_NET 666 -> $EXTERNAL_NET 1024: (msg:"BACKDOOR SatansBackdoor.2.0.Beta"; content: "Remote|3A| You are connected to me."; flags:A+;  reference:arachnids,316;) 
alert tcp $HOME_NET 6789 -> $EXTERNAL_NET any (msg:"BACKDOOR Doly 2.0 access"; content: "|57 74 7a 75 70 20 55 73 65|"; flags: A+; depth: 32;  reference:arachnids,312;) 
alert tcp $HOME_NET 146 -> $EXTERNAL_NET 1000:1300 (msg:"BACKDOOR Infector 1.6 Server to Client"; content:"|57 48 41 54 49 53 49 54|"; flags:A+;) 
alert tcp $EXTERNAL_NET 1000:1300 -> $HOME_NET 146 (msg:"BACKDOOR Infector 1.6 Client to Server Connection Request"; content:"|46 43 20|"; flags:A+;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 FTP Status Client Request"; content:"09"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 System Info Client Request"; content:"13"; reference:arachnids,106;) 
alert udp $HOME_NET 2140 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 System Info From Server"; content:"Comp Name"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Drive Info Client Request"; content:"130";  reference:arachnids,106;) 
alert udp $HOME_NET 2140 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Drive Info From Server"; content:"C - ";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Server Status Client Request"; content:"10"; reference:arachnids,106;) 
alert udp $HOME_NET 2140 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Server Status From Server"; content:"Host"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 E-Mail Info Client Request"; content:"12";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request"; content: "40";  reference:arachnids,106;) 
alert udp $HOME_NET 2140 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 E-Mail Info From Server"; content:"Retreaving";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Server FTP Port Change Client Request"; content:"21"; reference:arachnids,106;) 
alert udp $HOME_NET 2140 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server"; content:"FTP Server changed to"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Cached Passwords Client Request"; content:"16"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 RAS Passwords Client Request"; content:"17";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Server Password Change Client Request"; content:"91"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Server Password Remove Client Request"; content:"92"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 System Info Client Request"; content:"13"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 3150 (msg:"BACKDOOR DeepThroat 3.1 Server Rehash Client Request"; content:"shutd0wnM0therF***eR"; reference:arachnids,106;) 
alert tcp $HOME_NET 5401:5402 -> $EXTERNAL_NET any (msg:"BACKDOOR BackConstruction 2.1 Connection"; flags: A+; content:"c|3A|\\";) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request"; content:"88";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Rehash Client Request"; content:"911";  reference:arachnids,106;) 
alert tcp $HOME_NET 31785 -> $EXTERNAL_NET any (msg:"BACKDOOR HackAttack 1.20 Connect"; flags: A+; content:"host";) 
alert tcp $HOME_NET 21 <- $EXTERNAL_NET any (msg:"BACKDOOR ADMw0rm ftp retrieval";flags: A+; content:"USERw0rm|0D0A|"; reference:arachnids,01;) 
alert tcp $EXTERNAL_NET !80 -> $HOME_NET 21554 (msg:"BACKDOOR GirlFriendaccess"; flags: A+; content:"Girl"; reference:arachnids,98;) 
alert tcp $HOME_NET 30100 -> $EXTERNAL_NET any (msg:"BACKDOOR NetSphere access"; flags: A+; content:"NetSphere"; reference:arachnids,76;) 
alert tcp $HOME_NET 6969 -> $EXTERNAL_NET any (msg:"BACKDOOR GateCrasher"; flags: A+; content:"GateCrasher";reference:arachnids,99;) 
alert udp $HOME_NET 2140 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Keylogger Active on Network"; content:"KeyLogger Is Enabled On port";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 3150 (msg:"BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network"; content:"|00 23|"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 3150 -> $HOME_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Server Active on Network"; content:"|00 23|"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network";  reference:arachnids,106;) 
alert tcp $HOME_NET 666 -> $EXTERNAL_NET any (msg:"BACKDOOR BackConstruction 2.1 Server FTP Open Reply"; flags: A+; content:"FTP Port open";) 
alert tcp $HOME_NET 23476 -> $EXTERNAL_NET any (msg:"BACKDOOR DonaldDick 1.53 Traffic"; flags: A+; content:"pINg";) 
alert udp $HOME_NET 3150 -> $EXTERNAL_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Wrong Password"; content:"Wrong Password"; reference:arachnids,106;) 
alert tcp $HOME_NET 30100:30102 -> $EXTERNAL_NET any (msg:"BACKDOOR NetSphere 1.31.337 access"; flags: A+; content:"NetSphere";  reference:arachnids,76;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Show Picture Client Request"; content:"22"; reference:arachnids,106;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 666 (msg:"BACKDOOR BackConstruction 2.1 Client FTP Open Request"; flags: A+; content:"FTPON";) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Visible Window List Client Request"; content:"37"; reference:arachnids,106;) 
alert tcp $HOME_NET any -> $EXTERNAL_NET 5032 (msg:"BACKDOOR NetMetro File List"; flags: A+; content:"|2D 2D|";  reference:arachnids,79;) 
alert tcp $EXTERNAL_NET 5031 -> $HOME_NET !53:80 (msg:"BACKDOOR NetMetro Incoming Traffic"; flags: A+;  reference:arachnids,79;) 
alert udp $EXTERNAL_NET 3344 -> $HOME_NET 3345 (msg:"BACKDOOR Matrix 2.0 Client connect"; content:"activate"; reference:arachnids,83;) 
alert udp $EXTERNAL_NET 3345 -> $HOME_NET 3344 (msg:"BACKDOOR Matrix 2.0 Server access"; content:"logged in";  reference:arachnids,83;) 
alert tcp $HOME_NET 5714 -> $EXTERNAL_NET any (msg:"BACKDOOR WinCrash 1.0 Server Active" ; flags:SA; content:"|B4 B4|";  reference:arachnids,36;) 
alert udp $EXTERNAL_NET 2140 -> $HOME_NET 60000 (msg:"BACKDOOR DeepThroat 3.1 Server Active on Network"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Keylogger on Server ON"; content:"KeyLogger Is Enabled On port"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Send Text to Window Client Request"; content:"63"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request"; content:"32";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request"; content:"33";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request"; content:"34"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request"; content:"110";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request"; content:"35";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request"; content:"70" reference:arachnids,106;;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request"; content:"71"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request"; content:"31";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Resolution Change Client Request"; content:"125"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request"; content:"04";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Keylogger on Server OFF"; content:"KeyLogger Shut Down";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Send to URL Client Request"; content:"12"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 FTP Server Port Client Request"; content:"21";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Process List Client request"; content:"64";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Close Port Scan Client Request"; content:"121"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Registry Add Client Request"; content:"89"; reference:arachnids,106;) 
alert icmp 255.255.255.0/24 any -> $HOME_NET any (msg:"BACKDOOR SIGNATURE - Q ICMP"; itype: 0; dsize: >1; reference:arachnids,202;) 
alert tcp 255.255.255.0/24 any -> $HOME_NET any (msg:"BACKDOOR Q access"; flags:A+; dsize: >1;  reference:arachnids,203;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"BACKDOOR CDK"; content: "ypi0ca"; nocase; flags: A+; depth: 15;  reference:arachnids,263;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Monitor on/off Client Request"; content:"07";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Delete File Client Request"; content:"41"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Kill Window Client Request"; content:"38";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Disable Window Client Request"; content:"23";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Enable Window Client Request"; content:"24";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Change Window Title Client Request"; content:"60"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Hide Window Client Request"; content:"26";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Show Window Client Request"; content:"25"; reference:arachnids,106;) 
alert tcp $HOME_NET 555 -> $EXTERNAL_NET any (msg:"BACKDOOR PhaseZero Server Active on Network"; flags: A+; content:"phAse";) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Server Response"; content:"Ahhhh My Mouth Is Open"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request"; content:"30";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request"; content:"20"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 All Window List Client Request"; content:"370"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Play Sound Client Request"; content:"36"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Run Program Normal Client Request"; content:"14"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request"; content:"15";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Get NET File Client Request"; content:"100";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Find File Client Request"; content:"117";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Find File Client Request"; content:"118";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 HUP Modem Client Request"; content:"199";  reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 CD ROM Open Client Request"; content:"02"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 CD ROM Close Client Request"; content:"03"; reference:arachnids,106;) 
alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 Create Directory Client Request"; content:"39"; reference:arachnids,106;) 


# DDOS RULES
# Updated: 03/15/2001
# -------------------

alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS TFN Probe"; id: 678; itype: 8; content: "1234";reference:arachnids,443;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS tfn2k icmp possible communication"; itype: 0; icmp_id: 0; content: "AAAAAAAAAA"; reference:arachnids,425;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 31335 (msg:"DDOS Trin00:DaemontoMaster(PONGdetected)"; content:"PONG";reference:arachnids,187;) 
alert icmp 3.3.3.3/32 any -> $EXTERNAL_NET any (msg:"DDOS Stacheldraht server-spoof"; itype: 0; icmp_id: 666; reference:arachnids,193;) 
alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg:"DDOS Stacheldraht server-response-gag"; content: "|73 69 63 6B 65 6E|"; itype: 0; icmp_id: 669; reference:arachnids,195;) 
alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg:"DDOS Stacheldraht server-response"; content: "|66 69 63 6B 65 6E|"; itype: 0; icmp_id: 667; reference:arachnids,191;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS Stacheldraht client-spoofworks"; content: "|73 70 6F 6F 66 77 6F 72 6B 73|"; itype: 0; icmp_id: 1000; reference:arachnids,192;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS TFN client command BE"; itype: 0; icmp_id: 456; icmp_seq: 0; reference:arachnids,184;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS Stacheldraht client-check"; content: "|73 6B 69 6C 6C 7A|"; itype: 0; icmp_id: 666; reference:arachnids,190;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 20432 (msg:"DDOS shaft client to handler"; flags: A+; reference:arachnids,254;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 31335 (msg:"DDOS Trin00:DaemontoMaster(messagedetected)"; content:"l44";reference:arachnids,186;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 31335 (msg:"DDOS Trin00:DaemontoMaster(*HELLO*detected)"; content:"*HELLO*"; reference:arachnids,185;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 27665 (msg:"DDOS Trin00:Attacker to Master default startup password";flags: A+; content:"betaalmostdone"; reference:arachnids,197;) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 27665 (msg:"DDOS Trin00 Attacker to Master default password";flags: A+; content:"gOrave";) 
alert tcp $EXTERNAL_NET any -> $HOME_NET 27665 (msg:"DDOS Trin00 Attacker to Master default mdie password";flags: A+; content:"killme";) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS Stacheldraht client-check-gag"; content: "|67 65 73 75 6E 64 68 65 69 74 21|"; itype: 0; icmp_id: 668; reference:arachnids,194;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 27444 (msg:"DDOS Trin00:MastertoDaemon(defaultpassdetected!)"; content:"l44adsl"; reference:arachnids,197;) 
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"DDOS TFN server response"; content: "|73 68 65 6C 6C 20 62 6F 75 6E 64 20 74 6F 20 70 6F 72 74|"; itype: 0; icmp_id: 123; icmp_seq: 0; reference:arachnids,182;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 18753 (msg:"DDOS shaft handler to agent"; content: "alive tijgu";  reference:arachnids,255;) 
alert udp $EXTERNAL_NET any -> $HOME_NET 20433 (msg:"DDOS shaft agent to handler"; content: "alive"; reference:arachnids,256;) 
alert tcp $HOME_NET :1024 -> $EXTERNAL_NET any (msg:"DDOS shaft synflood outgoing"; flags: S; seq: 674711609; reference:arachnids,253;)
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -