01-28-2013 10:26 AM
Is there a signature for PHP.BroBot ?
If there isn't and I need to make a customer one, I have the following details and would like some help on the best action to be used via data patterns.
"Attacks using BroBot tool are to attack DNS servers will result in a large number of UDP packets to port 53 containing a payload of many repeated "A" character (hexadecimal 0x41). "
If the signature has all A's or a bunch of them.. what is the perfect balance of min characters to trigger? is 8 A's enough and then whatever matches 0 or more times after enough?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!