On Oct 5, 2012 7:57 AM, "Ståle Johnsen" <[email protected]> wrote: > > Hi. > I don't think that is possible since the logged incident was a couple of days ago and I as far as I know torpig does not send data to the C&C server all the time?
As suggested earlier, I would block everything to those addresses and turn on logging for that rule. Check the firewall log occasionally to see who's been knocking. Nothing against snort, but it's a big hammer for a simple task. db
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
