4. Snort says "Trojan was Detected" - but how can I see the payload?

Snort says "Trojan was Detected" - but how can I see the payload?

  • S

    Hello,

    my snort says "Trojan was Detected" - but how can I see the payload?

    LAN

    05/22/15-10:09:26.674028 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,59260,192.168.2.254,53,1095,A Network Trojan was Detected,1,
05/24/15-20:37:02.120938 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51716,192.168.2.254,53,13660,A Network Trojan was Detected,1,
05/24/15-20:37:03.120154 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51716,192.168.2.254,53,13745,A Network Trojan was Detected,1,
05/25/15-00:09:06.061417 ,139,1,1,"(spp_sdf) SDF Combination Alert",,192.168.2.44,,207.104.216.xx,,24379,Sensitive Data was Transmitted Across the Network,2,
05/26/15-11:42:08.682007 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51784,192.168.2.254,53,22078,A Network Trojan was Detected,1,
05/26/15-11:42:09.681996 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51784,192.168.2.254,53,22083,A Network Trojan was Detected,1,
05/26/15-11:42:10.682214 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51784,192.168.2.254,53,22090,A Network Trojan was Detected,1,
05/26/15-11:42:12.682434 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51784,192.168.2.254,53,22098,A Network Trojan was Detected,1,
05/26/15-11:42:16.682453 ,1,28039,5,"INDICATOR-COMPROMISE Suspicious .pw dns query",UDP,192.168.2.44,51784,192.168.2.254,53,22572,A Network Trojan was Detected,1

    The "207.104.216.xx" represents my mailserver. Normally I use SSL/TLS …

    WAN

    05/16/15-01:22:12.459163 ,105,2,1,"(spo_bo) Back Orifice Client Traffic detected",UDP,72.251.250.27,36866,46.237.2x.xxx,31337,9066,A Network Trojan was Detected,1,
05/16/15-01:22:16.975496 ,105,2,1,"(spo_bo) Back Orifice Client Traffic detected",UDP,72.251.250.27,39701,5.158.13x.xx,31337,23628,A Network Trojan was Detected,1,

    Same here - I guess that BO is so oudated, it wouldnt run on my Win 7 System. Even my Antivir cant find anything harmful on the client.

    Regards

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy