GEN:SID 1:229
Message DDOS Stacheldraht client check skillz
Summary This event is generated when a Stacheldraht agent attempts to contact a known handler.
Impact This indicates that a Stacheldraht agent may exist on the source host and a handler may exist on the destination host.
Detailed Information The Stacheldraht DDoS uses a tiered structure of compromised hosts to coordinate and participate in a denial of service attack.  

There are "handler" hosts that are used to coordinate the attacks and "agent" hosts that launch the attack.  Once a host becomes a Stacheldraht agent, it will attempt to contact a list of known handlers using an ICMP echo reply with an ICMP identification number of 666 and a string of "skillz" in the payload.
Affected Systems Any Stacheldraht compromised host.
Attack Scenarios A compromised host that has become a Stacheldraht agent will attempt an initial communication with all known handlers.
Ease of Attack Simple. Stacheldraht code is freely available.
Corrective Action Perform proper forensic analysis on the suspected compromised host to discover the means of compromise.

Rebuild a confirmed compromised host.

Use a packet filtering firewall to block inappropriate traffic to the network to prevent hosts from being compromised.
Additional References Arachnids:
http://www.whitehats.com/info/IDS190
Rule References arachnids: 190