[Snort-sigs] Tenda router backdoor

James Lay jlay at ...3266...
Mon Oct 21 18:21:57 EDT 2013


Pretty obscure:

alert udp any any -> any 7329 (msg:OS-OTHER Tenda magic packet backdoor 
detected"; flow:to_server; content:"w302r_mfg"; fast_pattern:only; 
metadata:policy balanced-ips drop, policy security-ips drop, ruleset 
community; reference:url,www.devttys0.com/2013/10/from-china-with-love; 
classtype:bad-unknown; sid:10000108; rev:1;)

Funny how all these are popping up lately.

James




More information about the Snort-sigs mailing list