Buy or Renew
Buy or Renew
ramachandran.gunasekaran
Community Member
Member since ‎05-24-2017
‎10-03-2017
Awards
No awards available to display
Recent Badges

User Statistics

  • 9 Posts
  • 0 Solutions
  • 9 Helpful votes Given
  • 0 Helpful votes Received
Recent Badges
Reorder
First Discussion
5 Discussion Posts
1 Reply
5 Replies
Certifications
No certifications available to display

User Activity

MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection

10-03-2017
alert udp $HOME_NET any -> $EXTERNAL_NET 123 (msg:"MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection"; flow:to_server; content:"GN"; depth:2; metadata:policy security-ips drop, service ntp; classtype:trojan-activity; sid:26932; rev:2; ) I...

BLACKLIST DNS request for known malware domain counter.yadro.ru

06-18-2017
alert udp $HOME_NET any -> any 53 (msg:"BLACKLIST DNS request for known malware domain counter.yadro.ru"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|07|counter|05|yadro|02|ru|00|"; fast_pattern:only; metadata:impact_flag red, service dns; refer...

MALWARE-BACKDOOR wow 23 runtime detection

05-29-2017
Please explain this rule how it works.   Is it detecting the alert based only on the content "R|00|23".  Please explain how to figure this out.   IPS Rule:   alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"MALWARE-BACKDOOR wow 23 runtime detection...

(1:1000122) Local - BAD-TRAFFIC SSH brute force login attempt

05-24-2017
IPS RULE: alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (sid:1000122; gid:1; flow:established,to_server; content:"SSH-"; depth:4; detection_filter:track by_src, count 30, seconds 60; msg:"Local - BAD-TRAFFIC SSH brute force login attempt"; classtype:Hi...
Community Statistics
Member Since ‎05-24-2017 06:22 AM
Date Last Visited ‎10-03-2017 12:19 PM
Posts 9
Helpful Votes Given To