A reader posted that they are observing strange TCP 443 behavior that looks like a fast flux [1] style pattern. They have a large snort sensor install base. Is anyone else seeing behavior like this? If so.... Got packets?
If you are seeing this behavior and are allowed please report it!
[1]http://www.honeynet.org/papers/ff/
Richard Porter
--- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Source: http://isc.sans.edu/diary.html?storyid=14665&rss