[Snort-openappid] WD SmartWare Detector

Y M snort at ...46...
Sun Jun 21 15:43:17 EDT 2015


Hi,
Simple detector below for the Western Digital SmartWare application attempting to check for updates. Pcap is available if needed.
--[[detection_name: wd_smartware_updateversion: 1description: Western Digital SmartWare software updatemetadat: OpenAppID community--]]
require "DetectorCommon"local DC = DetectorCommon
local proto = DC.ipproto.tcp;DetectorPackageInfo = {        name = "wd_sw_update",        proto = proto,        server = {                init = 'DetectorInit',                clean = 'DetectorClean',                minimum_matches = 1        }}
function DetectorInit(detectorInstance)
        gDetector = detectorInstance;        gAppId = gDetector:open_createApp("wd_sw_update");
        if gDetector.addAppUrl then                gDetector:addAppUrl(0, 0, 0, gAppId, 0, "download.wdc.com", "/wdapp/", "http:", "", gAppId);        end
        return gDetector;end
function DetectorClean()end
Thanks.YM  		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150621/b3f174f0/attachment.html>


More information about the Snort-openappid mailing list