Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Slaper Worm Traffic

Has there been a signature created for slaper worm yet ? Either for the SSL overflow or the port 2002 p2p traffic? I've created a few but they are very slaper specific and easily defeated through evasion /obfuscation techniques. I was hoping to see an officiacially supported signature that was more robust.

Thanks

1 REPLY
Bronze

Re: Slaper Worm Traffic

New signatures have been created for the S32 signature update. This should be available on CCO on Wednesday. In the interim, the update can be downloaded from:

ftp://ftpeng.cisco.com/csids-sig-updates/S32

We have signatures for the SSL overflow and the UDP 2002 traffic.

76
Views
5
Helpful
1
Replies
CreatePlease to create content