[Emerging-Sigs] Ares TCP signature.

[Husnu Demir]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

alert TCP any 1024: -> any 1024: (msg:"ET P2P Ares TCP - hdemir";
content:"@Ares|00|"; flags:PA,12; classtype:policy-violation;
sid:3000014; rev:1;)




Finds lots of ARES. Can somebody check also?


hdemir.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHxDUdgRE9SgZYLtoRArFoAKCe5tze7Hn3uy75OkjvETISCjkwlQCfaSu3
MFot+GLZ26f/StVPBarzsWU=
=NsEF
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hdemir.vcf
Type: text/x-vcard
Size: 164 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080226/7aacb567/hdemir.vcf