[Oisf-users] OpenVPN access clients triggers some alerts
C. L. Martinez
carlopmart at gmail.com
Tue Mar 27 09:39:05 UTC 2018
Hi all,
In my Suricata's host when an openvpn client connects to my openvpn
server, the following alerts are triggered:
03/27/2018-06:58:56.912808 [**] [1:2009206:4] ET TROJAN Possible
Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)
[**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP}
172.22.57.4:1194 -> x.x.x.x:50759
03/27/2018-06:58:56.946610 [**] [1:2009208:4] ET TROJAN Possible
Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16)
[**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP}
172.22.57.4:1194 -> x.x.x.x:50759
03/27/2018-06:59:50.514733 [**] [1:2009207:4] ET TROJAN Possible
Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)
[**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP}
172.22.57.4:1194 -> x.x.x.x:50759
03/27/2018-08:58:17.038394 [**] [1:2009207:4] ET TROJAN Possible
Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)
[**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP}
172.22.57.4:1194 -> x.x.x.x:51906
03/27/2018-08:58:17.078348 [**] [1:2009206:4] ET TROJAN Possible
Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)
[**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP}
172.22.57.4:1194 -> x.x.x.x:51906
03/27/2018-08:58:17.138094 [**] [1:2009205:5] ET TROJAN Possible
Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1)
[**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP}
172.22.57.4:1194 -> x.x.x.x:51906
Any idea?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180327/182cd9ea/attachment-0001.html>
More information about the Oisf-users
mailing list