It would be difficult to write a good signature to catch attempts by a worm connecting to the Microsoft site. It uses DNS to look up the hostname. And these IP's might change over time. Firewalls and routers would probably make a better place to catch this activity than with an IDS. A better signature is catching the attempt by an infected system to download the worm payload via TFTP. It is reported that a newly infected host will attempt to download the worm payload from the host that infected it. Here is a custom signature for that.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...