We are watching the Haft open syn and TCP syn host sweep for sdbot and sassor traffic. Does anyone have a working custom signature that actually can capture the sdbot traffic which uses various TCP ports.
You could check up the latest signatures to find out if there is one that would work for you. You could also make one yourself if you do not find any signatures specifically to address your issue.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
