# alert tcp $EXTERNAL_NET any -> $TELNET_SERVERS 23
(msg:”MALWARE-BACKDOOR w00w00 attempt”;flow:to_server,established;
content:”w00w00″; metadata:ruleset community;classtype:attemptedadmin; sid:209; rev:9;)
a. In which direction is the packet going? (Into our server, orout to the Internet?)
b. What protocol is being used?
c. Find out what this is all about by looking up the cvereference.
d. What will be done with the packet? Is it dropped or allowedthrough?
e. There will be an alert message. What is it?
Expert Answer
An answer will be send to you shortly. . . . .