The Geniuses at SRI have published a preprocessor to detect the P2P UDP traffic the most recent Conficker uses to update. It's also been proted to an SO ruleset by the Sourcefuire folks. Great work by both groups, and our thanks! SRI also has a good scanner available. All are available below:
Conficker C P2P Detection Modules:
Preprocessor: http://mtc.sri.com/Conficker/contrib/plugin.html
SO Version: http://www.snort.org/vrt/tools/conficker-so-rules.tar.gz
Conficker C Network Scanner:
Source Code: http://mtc.sri.com/Conficker/contrib/scanner.html
| < Prev | Next > |
|---|
