Recently located a users laptop with my pc running on it so I have been looking to see if there is a signature that detects this type of traffic and other traffic related to these types of applications. I have looked at the following that 5188 HTTP Tunneling which are enabled. This does not seem to be a signature that will detect this traffic but I am not sure
Do you need to create a custom signature?
If so does anyone have an example as to what is common to mypc traffic or other remote access applications like this?