Rule History

alert tcp $EXTERNAL_NET !$HTTP_PORTS -> $HOME_NET any (msg: "BOTNET [PTsecurity] Tofsee Successful Connection FB set PT.Tofsee_1"; flow: established, to_client; dsize: 57; flags: PA; stream_size: client,<,200; stream_size: server,=,258; flowbits: isset, PT.Tofsee_0; flowbits: noalert; flowbits: unset, PT.Tofsee_0; flowbits: set, PT.Tofsee_1; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 11001388; rev: 8;)