![]() ![]() This filter is independent of the specific worm instead it looks for SYN packets originating from a local network on those specific ports. Many worms try to spread by contacting other hosts on ports 135, 445, or 1433. It is the signature of the welchia worm just before it tries to compromise a system. The filter looks for an icmp echo request that is 92 bytes long and has an icmp payload that begins with 4 bytes of A's (hex). Icmp=icmp-echo and ip=92 and icmp=0xAAAAAAAA ones that describe or show the actual payload?)ĭst port 135 and tcp port 135 and ip=48 Port 80 and tcp
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |