what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

backdoor.rules

backdoor.rules
Posted Mar 29, 2000
Site snort.rapidnet.com

300 snort rules to detect windows backdoors.

tags | tool, sniffer
systems | windows
SHA-256 | 390b848257ce83d0de5c84bb6fc465d825466ab811e188f5d09cb91488a97520
Download | Favorite | View

backdoor.rules

Change Mirror Download
alert udp $HOME_NET 54321 -> any any (msg:"BACKDOOR ACTIVITY-Possible Back Orifice 2k";) 
alert tcp $HOME_NET 30303 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Socket 25"; flags:SA;) 
alert tcp $HOME_NET 30133 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible NetSphere Final 1.31.337"; flags:SA;) 
alert tcp $HOME_NET 23456 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible UglyFTP or WhackJob"; flags:SA;) 
alert tcp $HOME_NET 20203 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Logged!"; flags:SA;) 
alert tcp $HOME_NET 21554 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Girlfriend / Schwindler 1.8"; flags:SA;) 
alert tcp $HOME_NET 16484 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Mosucker"; flags:SA;) 
alert tcp $HOME_NET 11000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Senna Spy"; flags:SA;) 
alert tcp $HOME_NET 6666 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible TCPShell - *NIX Backdoor"; flags:SA;) 
alert tcp $HOME_NET 5637 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible PC-Crasher"; flags:SA;) 
alert tcp $HOME_NET 5011 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible OOTLT / OOTLT Cart"; flags:SA;) 
alert tcp $HOME_NET 5000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Socket 23"; flags:SA;) 
alert tcp $HOME_NET 4567 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible FileNail"; flags:SA;) 
alert tcp $HOME_NET 4321 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Schoolbus 1.0"; flags:SA;) 
alert tcp $HOME_NET 4092 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Wincrash"; flags:SA;) 
alert tcp $HOME_NET 2000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Insane Network 4"; flags:SA;) 
alert tcp $HOME_NET 1050 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Mini Command 1.2 Access"; flags:S;) 
alert tcp $HOME_NET 1029 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possibe InCommand Access"; flags:S;) 
alert tcp $HOME_NET 31 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible-Masters Paradise";flags:SA;) 
alert tcp $HOME_NET 37651 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Yet Another Trojan";flags:SA;) 
alert tcp $HOME_NET 5550 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible XTCP2";flags:SA;) 
alert tcp $HOME_NET 2583 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible WinCrash2";flags:SA;) 
alert tcp $HOME_NET 5742 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible WinCrash";flags:SA;) 
alert tcp $HOME_NET 4092 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible WinCrash";flags:SA;) 
alert tcp $HOME_NET 3024 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible WinCrash";flags:SA;) 
alert tcp $HOME_NET 23456 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Whackjob";flags:SA;) 
alert tcp $HOME_NET 12362 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Whack-a-mole";flags:S;) 
alert tcp $HOME_NET 12361 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Whack-a-mole";flags:S;) 
alert tcp $HOME_NET 1245 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Voodoo Doll";flags:SA;) 
alert tcp $HOME_NET 6669 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Vampire";flags:SA;) 
alert tcp $HOME_NET 2001 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible TrojanCow";flags:SA;) 
alert tcp $HOME_NET 1999 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Transcout";flags:SA;) 
alert tcp $HOME_NET 3791 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Totaleclipse";flags:SA;) 
alert tcp $HOME_NET 29891 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible The Unexplained";flags:SA;) 
alert tcp $HOME_NET 6400 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible The Thing";flags:SA;) 
alert tcp $HOME_NET 40412 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible The Spy";flags:SA;) 
alert tcp $HOME_NET 2716 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible The Prayer2";flags:SA;) 
alert tcp $HOME_NET 9999 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible The Prayer1";flags:SA;) 
alert tcp $HOME_NET 61466 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible TeleCommando";flags:SA;) 
alert tcp $HOME_NET 1243 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Subseven";flags:SA;) 
alert tcp $HOME_NET 2565 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Striker";flags:SA;) 
alert tcp $HOME_NET 1170 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Streaming Audio Server";flags:SA;) 
alert tcp $HOME_NET 555 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Stealthspy/Phase0/Netadmin/INI-Killer";flags:SA;) 
alert tcp $HOME_NET 1807 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible SpySender";flags:SA;) 
alert tcp $HOME_NET 33911 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Spirit2001";flags:SA;) 
alert tcp $HOME_NET 1207 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Softwar";flags:SA;) 
alert tcp $HOME_NET 5000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible SocketsDeTroie";flags:SA;) 
alert tcp $HOME_NET 5001 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible SocketsDeTroie";flags:SA;) 
alert tcp $HOME_NET 50505 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible SocketsdeTroie";flags:SA;) 
alert tcp $HOME_NET 30303 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Socket-23";flags:SA;) 
alert tcp $HOME_NET 1001 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Silencer-Webex-Doly";flags:SA;) 
alert tcp $HOME_NET 1981 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible ShockRave";flags:SA;) 
alert tcp $HOME_NET 1600 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Shivka-Burka";flags:SA;) 
alert tcp $HOME_NET 11000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Sennaspy";flags:SA;) 
alert tcp $HOME_NET 31554 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Schwindler";flags:SA;) 
alert tcp $HOME_NET 21554 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Schwindler 1.82 / Girlfriend";flags:SA;) 
alert tcp $HOME_NET 54321 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Schoolbus";flags:SA;) 
alert tcp $HOME_NET 666 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible SatanzBackdoor";flags: SA;) 
alert tcp $HOME_NET 5569 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible RoboHack";flags:SA;) 
alert tcp $HOME_NET 2023 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible RipperPro";flags: SA;) 
alert tcp $HOME_NET 53001 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Remote Windows Shutdown";flags:SA;) 
alert tcp $HOME_NET 1509 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible PsyberStream";flags:SA;) 
alert tcp $HOME_NET 22222 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Prosiak";flags:SA;) 
alert tcp $HOME_NET 11223 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Progenic Trojan";flags:SA;) 
alert tcp $HOME_NET 16969 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Priority / Portal Of Doom";flags:SA;) 
alert tcp $HOME_NET 9872 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Portal Of Doom";flags:SA;) 
alert tcp $HOME_NET 2801 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Phineas Phucker";flags:SA;) 
alert tcp $HOME_NET 2023 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible PassRipper";flags:SA;) 
alert tcp $HOME_NET 5011 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible OOOLT";flags:SA;) 
alert tcp $HOME_NET 31339 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible NetSpyDK";flags:SA;) 
alert tcp $HOME_NET 1033 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible NetSpy";flags:SA;) 
alert tcp $HOME_NET 30100 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Netsphere";flags:SA;) 
alert tcp $HOME_NET 57341 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible netraider";flags:SA;) 
alert tcp $HOME_NET 7300:7309 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible NetMonitor";flags:SA;) 
alert tcp $HOME_NET 5031 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible NetMetro 1.0";flags:SA;) 
alert tcp $HOME_NET 20034 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible NetBusPro";flags:SA;) 
alert tcp $HOME_NET 12346 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible netbus10";flags:SA;) 
alert tcp $HOME_NET 12345 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Netbus/GabanBus";flags:SA;) 
alert tcp $HOME_NET 12346 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Netbus/GabanBus";flags:SA;) 
alert tcp $HOME_NET 2000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Millennium";flags:SA;) 
alert tcp $HOME_NET 1269 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Mavericks Matrix";flags:SA;) 
alert tcp $HOME_NET 40421 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible MastersParadise";flags:SA;) 
alert tcp $HOME_NET 40426 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible MastersParadise";flags:SA;) 
alert tcp $HOME_NET 40423 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible MastersParadise";flags:SA;) 
alert tcp $HOME_NET 40422 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible MastersParadise";flags:SA;) 
alert tcp $HOME_NET 10752 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Linux mountd Backdoor";flags:SA;) 
alert tcp $HOME_NET 17300 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Kuang2";flags:SA;) 
alert tcp $HOME_NET 30999 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Kuang";flags:SA;) 
alert tcp $HOME_NET 2140 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Invasor";flags:SA;) 
alert tcp $HOME_NET 9889 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible INI-Killer";flags:SA;) 
alert tcp $HOME_NET 6939 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Indoctrination";flags:SA;) 
alert tcp $HOME_NET 9400 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible InCommand";flags:SA;) 
alert tcp $HOME_NET 5521 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible IllusionMailer";flags:SA;) 
alert tcp $HOME_NET 4950 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible ICQTrojan";flags:SA;) 
alert tcp $HOME_NET 7789 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible ICQ Killer"; flags:SA;) 
alert tcp $HOME_NET 2283 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible HVLRat5";flags:SA;) 
alert tcp $HOME_NET 456 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible HackersParadise";flags:SA;) 
alert tcp $HOME_NET 31787 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible hackatak";flags:SA;) 
alert tcp $HOME_NET 12223 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible hack99keylogger";flags:SA;) 
alert tcp $HOME_NET 12076 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Gjamer";flags:SA;) 
alert tcp $HOME_NET 21554 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible GirlFriend";flags:SA;) 
alert tcp $HOME_NET 6969 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible gatecrasher";flags:SA;) 
alert tcp $HOME_NET 1492 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible FTP99CMP";flags:SA;) 
alert tcp $HOME_NET 50766 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible fore-schwindler";flags:SA;) 
alert tcp $HOME_NET 50776 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Fore / Remote Windows Shutdown";flags:SA;) 
alert tcp $HOME_NET 5321 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible FireHotcker"; flags:SA;) 
alert tcp $HOME_NET 4567 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Filenail";flags:SA;) 
alert tcp $HOME_NET 12701 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Eclipse 2000";flags:SA;) 
alert tcp $HOME_NET 1011 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Doly Trojan"; flags:SA;) 
alert tcp $HOME_NET 1015 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Doly Trojan 1.5"; flags:SA;) 
alert tcp $HOME_NET 1010 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Doly Trojan 1.35"; flags:SA;) 
alert tcp $HOME_NET 65000 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Devil 1.03";flags:SA;) 
alert tcp $HOME_NET 6883 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible DeltaSource";flags:SA;) 
alert tcp $HOME_NET 47262 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Delta";flags:SA;) 
alert tcp $HOME_NET 6670 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible DeepThroat";flags:SA;) 
alert tcp $HOME_NET 10607 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Coma";flags:SA;) 
alert tcp $HOME_NET 20203 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible chupacabra";flags:SA;) 
alert tcp $HOME_NET 10101 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible BrainSpy"; flags:SA;) 
alert tcp $HOME_NET 121 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible BO Jammer Killah V"; flags:SA;) 
alert tcp $HOME_NET 1042 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Blah 1.1";flags:SA;) 
alert tcp $HOME_NET 20331 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Bla";flags:SA;) 
alert tcp $HOME_NET 34324 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible BigGluck / Tiny Telnet Server";flags:SA;) 
alert tcp $HOME_NET 31337 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Backorifice";flags:SA;) 
alert tcp $HOME_NET 54321 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible BackOrifice 2000"; flags:SA;) 
alert tcp $HOME_NET 54320 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible BackOrifice 2000"; flags:SA;) 
alert tcp $HOME_NET 5400 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible BackConstruction 1.2 / BladeRunner"; flags: SA;) 
alert tcp $HOME_NET 666 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Attack FTP / Satans Backdoor";flags:SA;) 
alert tcp $HOME_NET 30029 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible AOL Trojan 1.1";flags: SA;) 
alert tcp $HOME_NET 10666 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Ambush";flags:SA;) 
alert tcp $HOME_NET 777 -> !$HOME_NET any (msg:"BACKDOOR ACTIVITY-Possible Aimspy";flags:SA;) 
alert udp !$HOME_NET any -> $HOME_NET 54321 (msg:"BACKDOOR ATTEMPT-Back Orifice 2k Attempt";) 
alert tcp !$HOME_NET any -> $HOME_NET 30303 (msg:"BACKDOOR ATTEMPT-Socket 25 Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 30133 (msg:"BACKDOOR ATTEMPT-NetSphere Final 1.31.337 Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 23456 (msg:"BACKDOOR ATTEMPT-UglyFTP or WhackJob Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 20203 (msg:"BACKDOOR ATTEMPT-Logged! Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 21554 (msg:"BACKDOOR ATTEMPT-Girlfriend / Schwindler 1.8 Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 16484 (msg:"BACKDOOR ATTEMPT-Mosucker Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 11000 (msg:"BACKDOOR ATTEMPT-Senna Spy Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6666 (msg:"BACKDOOR ATTEMPT-TCPShell - *NIX Backdoor Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5637 (msg:"BACKDOOR ATTEMPT-PC-Crasher Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5011 (msg:"BACKDOOR ATTEMPT-OOTLT / OOTLT Cart Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5000 (msg:"BACKDOOR ATTEMPT-Socket 23"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4567 (msg:"BACKDOOR ATTEMPT-FileNail Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4321 (msg:"BACKDOOR ATTEMPT-Schoolbus 1.0 Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4092 (msg:"BACKDOOR ATTEMPT-Wincrash Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2000 (msg:"BACKDOOR ATTEMPT-Insane Network Attempt"; flags:S;) 
alert tcp !$HOME_NET !80 -> $HOME_NET 1050 (msg:"BACKDOOR-ATTEMPT Possible Mini Command 1.2 Attempt"; flags:S;) 
alert tcp !$HOME_NET !80 -> $HOME_NET 1029 (msg:"BACKDOOR-ATTEMPT Possibe InCommand Attempt"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5010 (msg:"BACKDOOR ATTEMPT- Yahoo! Messenger Exploit Attempt" flags:S; ) 
alert tcp !$HOME_NET any -> $HOME_NET 244 (msg:"BACKDOOR ATTEMPT- Possible Intel InBusiness E-mail Station exploit"; flags:PA;) 
alert tcp !$HOME_NET any -> $HOME_NET 44444 (msg:"BACKDOOR ATTEMPT -Possible Prosiak"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1024 (msg:"BACKDOOR ATTEMPT-Psyber Streaming Server";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4000 (msg:"BACKDOOR ATTEMPT-Psyber Streaming Server";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1509 (msg:"BACKDOOR ATTEMPT-Psyber Streaming Server";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5741 (msg:"BACKDOOR ATTEMPT-WinCrash";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5714 (msg:"BACKDOOR ATTEMPT-WinCrash";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 33911 (msg:"BACKDOOR ATTEMPT-Trojan Spirit 2001a";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 30133 (msg:"BACKDOOR ATTEMPT-Trojan Spirit 2001a";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6000 (msg:"BACKDOOR ATTEMPT-The Thing";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6913 (msg:"BACKDOOR ATTEMPT- Shitheep Danny";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6912 (msg:"BACKDOOR ATTEMPT- Shitheep";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 43210 (msg:"BACKDOOR ATTEMPT-Schoolbus 1.6 / 2.0";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4321 (msg:"BACKDOOR ATTEMPT-Schoolbus 1.0";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 49301 (msg:"BACKDOOR ATTEMPT-Online Keylogger";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5032 (msg:"BACKDOOR ATTEMPT-Net Metropolitan 1.04";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5031 (msg:"BACKDOOR ATTEMPT-Net Metropolitan 1.0 / 1.04";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 3129 (msg:"BACKDOOR ATTEMPT-Masters Paradise";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 13700 (msg:"BACKDOOR ATTEMPT-Kuang2 The Virus";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 99 (msg:"BACKDOOR ATTEMPT- Hidden Port 2.0";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 8879 (msg:"BACKDOOR ATTEMPT-Hack Office Armageddon";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2023 (msg:"BACKDOOR ATTEMPT-Hack City Ripper Pro";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6970 (msg:"BACKDOOR ATTEMPT-Gatecrasher";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1016 (msg:"BACKDOOR ATTEMPT-Doly Trojan 1.6";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1000 (msg:"BACKDOOR ATTEMPT-Der Spaeher 3";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1349 (msg:"BACKDOOR ATTEMPT-Back Orifice DLL";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 8787 (msg:"BACKDOOR ATTEMPT-Back Orifice 2000";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 32418 (msg:"BACKDOOR ATTEMPT-Acid Battery 1.0";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"BACKDOOR-unlg1.1 Attempt";flags:PA; content:"cgi-bin/unlg1.1";) 
alert tcp !$HOME_NET any -> $HOME_NET 1015 (msg:"BACKDOOR ATTEMPT-Doly Trojan 1.5"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1010 (msg:"BACKDOOR ATTEMPT-Doly Trojan 1.35"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1011 (msg:"BACKDOOR ATTEMPT-Doly Trojan"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 10101 (msg:"BACKDOOR ATTEMPT-BrainSpy"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 121 (msg:"BACKDOOR ATTEMPT-BO Jammer Killah V"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 54320 (msg:"BACKDOOR ATTEMPT-BackOrifice 2000"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6776 (msg:"BACKDOOR ATTEMPT-SubSeven access";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 7789 (msg:"BACKDOOR ATTEMPT-ICQ Killer";) 
alert tcp !$HOME_NET any -> $HOME_NET 7300:7309 (msg:"BACKDOOR ATTEMPT-NetMonitor";flags:S;) 
alert udp !$HOME_NET any -> $HOME_NET 7000 (msg:"BACKDOOR ATTEMPT-RemoteGrab";) 
alert tcp !$HOME_NET any -> $HOME_NET 6711 (msg:"BACKDOOR ATTEMPT-DeepThroat/SubSeven";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5400 (msg:"BACKDOOR ATTEMPT-BackConstruction 1.2 1.5 / BladeRunner"; flags: S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5742 (msg:"BACKDOOR ATTEMPT-WinCrash";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5042 (msg:"BACKDOOR ATTEMPT-BladeRunner";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5401 (msg:"BACKDOOR ATTEMPT-BladeRunner"flags:S;;) 
alert tcp !$HOME_NET any -> $HOME_NET 30029 (msg:"BACKDOOR ATTEMPT-AOL Trojan 1.1";flags: S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5321 (msg:"BACKDOOR ATTEMPT-FireHotcker"; flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 50776 (msg:"BACKDOOR ATTEMPT-Fore / Remote Windows Shutdown";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 50505 (msg:"BACKDOOR ATTEMPT-SocketsdeTroie";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5001 (msg:"BACKDOOR ATTEMPT-SocketsDeTroie";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5000 (msg:"BACKDOOR ATTEMPT-SocketsDeTroie";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4950 (msg:"BACKDOOR ATTEMPT-ICQTrojan";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 47262 (msg:"BACKDOOR ATTEMPT-Delta";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4092 (msg:"BACKDOOR ATTEMPT-WinCrash";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 40426 (msg:"BACKDOOR ATTEMPT-MastersParadise";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 40423 (msg:"BACKDOOR ATTEMPT-MastersParadise";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 40422 (msg:"BACKDOOR ATTEMPT-MastersParadise";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 40421 (msg:"BACKDOOR ATTEMPT-MastersParadise";flags:S;) 
alert udp !$HOME_NET any -> $HOME_NET 3700 (msg:"BACKDOOR ATTEMPT-Portal Of Doom";) 
alert udp !$HOME_NET any -> $HOME_NET 33333 (msg:"BACKDOOR ATTEMPT-Prosiak";) 
alert tcp !$HOME_NET any -> $HOME_NET 31666 (msg:"BACKDOOR ATTEMPT-BOWhack";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 3150 (msg:"BACKDOOR ATTEMPT-DeepThroat/Invasor";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 31338 (msg:"BACKDOOR ATTEMPT-DeepBackOrifice";flags:S;) 
alert udp !$HOME_NET any -> $HOME_NET 31 (msg:"BACKDOOR ATTEMPT-HackersParadise";) 
alert tcp !$HOME_NET any -> $HOME_NET 3024 (msg:"BACKDOOR ATTEMPT-WinCrash";flags:S;) 
alert udp !$HOME_NET any -> $HOME_NET 2989 (msg:"BACKDOOR ATTEMPT-Ratbackdoor";) 
alert tcp !$HOME_NET any -> $HOME_NET 26274 (msg:"BACKDOOR ATTEMPT-Delta";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2115 (msg:"BACKDOOR ATTEMPT-Bugs"; flags: S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12362 (msg:"BACKDOOR ATTEMPT-Whack-a-mole";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12361 (msg:"BACKDOOR ATTEMPT-Whack-a-mole";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12346 (msg:"BACKDOOR ATTEMPT-Netbus/GabanBus";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12345 (msg:"BACKDOOR ATTEMPT-Netbus/GabanBus";flags:S;) 
alert udp !$HOME_NET any -> $HOME_NET 1234 (msg:"BACKDOOR ATTEMPT-UltorsTrojan";) 
alert tcp !$HOME_NET any -> $HOME_NET 10752 (msg:"BACKDOOR ATTEMPT-Linux mountd Backdoor";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 65000 (msg:"BACKDOOR ATTEMPT-Devil 1.03";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 61466 (msg:"BACKDOOR ATTEMPT-TeleCommando";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 57341 (msg:"BACKDOOR ATTEMPT-netraider";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 54321 (msg:"BACKDOOR ATTEMPT-Schoolbus 1.6 / 2.0";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 53001 (msg:"BACKDOOR ATTEMPT-Remote Windows Shutdown";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 50766 (msg:"BACKDOOR ATTEMPT- fore-schwindler";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 40412 (msg:"BACKDOOR ATTEMPT-The Spy";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 37651 (msg:"BACKDOOR ATTEMPT-Yet Another Trojan";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 34324 (msg:"BACKDOOR ATTEMPT-BigGluck / Tiny Telnet Server";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 31787 (msg:"BACKDOOR ATTEMPT-hackatak";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 31554 (msg:"BACKDOOR ATTEMPT-Schwindler";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 31339 (msg:"BACKDOOR ATTEMPT-NetSpyDK";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 31337 (msg:"BACKDOOR ATTEMPT-Backorifice";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 30999 (msg:"BACKDOOR ATTEMPT-Kuang";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 30303 (msg:"BACKDOOR ATTEMPT-Socket-23";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 29891 (msg:"BACKDOOR ATTEMPT-The Unexplained";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 22222 (msg:"BACKDOOR ATTEMPT-Prosiak";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 20331 (msg:"BACKDOOR ATTEMPT-Bla";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 20203 (msg:"BACKDOOR ATTEMPT-Chupacabra";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 20034 (msg:"BACKDOOR ATTEMPT-NetBus2Pro";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 20000 (msg:"BACKDOOR ATTEMPT-millenium";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 17300 (msg:"BACKDOOR ATTEMPT-Kuang2";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 16969 (msg:"BACKDOOR ATTEMPT-Priority / Portal Of Doom";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12701 (msg:"BACKDOOR ATTEMPT-Eclipse 2000";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12223 (msg:"BACKDOOR ATTEMPT-hack99keylogger";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 12076 (msg:"BACKDOOR ATTEMPT-Gjamer";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 11223 (msg:"BACKDOOR ATTEMPT-Progenic Trojan";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 11000 (msg:"BACKDOOR ATTEMPT-Sennaspy";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 10666 (msg:"BACKDOOR ATTEMPT-Ambush";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 10607 (msg:"BACKDOOR ATTEMPT-Coma Danny";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 9999 (msg:"BACKDOOR ATTEMPT-The Prayer1";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 9889 (msg:"BACKDOOR ATTEMPT-INI-Killer";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 9872 (msg:"BACKDOOR ATTEMPT-Portal Of Doom";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 9400 (msg:"BACKDOOR ATTEMPT-InCommand";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6939 (msg:"BACKDOOR ATTEMPT-Indoctrination";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6883 (msg:"BACKDOOR ATTEMPT-DeltaSource DarkStar";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6670 (msg:"BACKDOOR ATTEMPT-DeepThroat";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6669 (msg:"BACKDOOR ATTEMPT-Vampire";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 6400 (msg:"BACKDOOR ATTEMPT-The Thing";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5569 (msg:"BACKDOOR ATTEMPT-RoboHack";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5550 (msg:"BACKDOOR ATTEMPT-XTCP2";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5521 (msg:"BACKDOOR ATTEMPT-IllusionMailer";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 5011 (msg:"BACKDOOR ATTEMPT-OOOLT";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 4567 (msg:"BACKDOOR ATTEMPT-Filenail Danny";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 3791 (msg:"BACKDOOR ATTEMPT-Total Eclipse 1.0";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2801 (msg:"BACKDOOR ATTEMPT-Phineas Phucker";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2716 (msg:"BACKDOOR ATTEMPT-The Prayer2";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2583 (msg:"BACKDOOR ATTEMPT-WinCrash2";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2565 (msg:"BACKDOOR ATTEMPT-Striker";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2283 (msg:"BACKDOOR ATTEMPT-HVLRat5";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 2001 (msg:"BACKDOOR ATTEMPT-TrojanCow";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1999 (msg:"BACKDOOR ATTEMPT-Transcout";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1981 (msg:"BACKDOOR ATTEMPT-ShockRave";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1807 (msg:"BACKDOOR ATTEMPT-SpySender";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1600 (msg:"BACKDOOR ATTEMPT- Shivka-Burka";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1492 (msg:"BACKDOOR ATTEMPT- FTP99CMP";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1269 (msg:"BACKDOOR ATTEMPT- Mavericks Matrix";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1245 (msg:"BACKDOOR ATTEMPT- Voodoo Doll";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1243 (msg:"BACKDOOR ATTEMPT- Subseven";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1207 (msg:"BACKDOOR ATTEMPT- Softwar";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1170 (msg:"BACKDOOR ATTEMPT- Psyber Streaming Server / Voice";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1042 (msg:"BACKDOOR ATTEMPT-Blah 1.1";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1033 (msg:"BACKDOOR ATTEMPT- NetSpy";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 1001 (msg:"BACKDOOR ATTEMPT- PossibleSilencer-Webex-Doly";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 777 (msg:"BACKDOOR ATTEMPT-Aimspy";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 666 (msg:"BACKDOOR ATTEMPT- Attack FTP / Satans Backdoor";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 555 (msg:"BACKDOOR ATTEMPT- Stealthspy/Phase0/Netadmin/INI-Killer";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 456 (msg:"BACKDOOR ATTEMPT- HackersParadise";flags:S;) 
alert tcp !$HOME_NET any -> $HOME_NET 31 (msg:"BACKDOOR ATTEMPT-Masters Paradise";flags:S;)

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close