4 Replies Latest reply on Feb 7, 2015 11:11 AM by catdaddy

    Backdoor: Poison Ivy Traffic detected, fp?

    rebel2

      Folks,

       

      Have you guys seen this sig (Backdoor: Poison Ivy Traffic detected) fire and if so, was it a fp? We have seen this signature fire recently in our environment and we can't come to a conclusion if it is a fp or something legitimate. The signature seems to be firing on a packet size of 256 bytes and non standard traffic on http ports. Around the time this sig fires on hosts we have seen usually ad related traffic around that time frame. If anyone else has seen this fire can you please chime in on whether it was a legitimate threat or fp.

       

      Thanks,

       

      John