Op 4-mei-07, om 17:19 heeft Justin Mason het volgende geschreven:
Jason Bertoch [Electronet] writes:
Have the Botnet rules been absorbed into SA 3.2.0, or are the new
rules
compliamentary? Specifically, I'm looking at FH_HOST_EQ_D_D_D_D and
FH_HOST_EQ_D_D_D_DB.
They're complementary (as far as I know).
--j.
This one is new and looks BOTNET like.
But it misfires all the time. Doens't work.
Received: from [78.48.66.39] (HELO son-lpyqjmpajv2)
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 2.8 BOTNET_CLIENT Hostname looks like a client
78.48.66.39 PTR record: f048066039.adsl.alicedsl.de.
Patrick Sneyers
