Just got the following Snort alert as part of hacking attempt ticket
from my server provider:
Date:05/10 13:16:17Name:ET DROP Known Bot CC Server
Traffic UDP (group 15)
Priority:1Type:A Network Trojan was Detected
IP info:192.168.0.3:42070 - 173.45.238.221:123
On May 16, 2011, at 16:14, Nicholas Suan wrote:
I took a look at the snort rule and it seems that any UDP traffic to
the IP address of that pool server is flagged.
Is anyone else seeing things like this?
It's been a while; but yes (for providing just about any service you can
reasonably