[Snort-sigs] Tenda router backdoor

Joel Esler jesler at ...435...
Mon Oct 21 20:02:04 EDT 2013


Thanks James.  We'll be publishing one like this tomorrow. I'll compare and move it to community. 

Sent from my iPhone

> On Oct 21, 2013, at 18:21, James Lay <jlay at ...3266...> wrote:
> 
> Pretty obscure:
> 
> alert udp any any -> any 7329 (msg:OS-OTHER Tenda magic packet backdoor 
> detected"; flow:to_server; content:"w302r_mfg"; fast_pattern:only; 
> metadata:policy balanced-ips drop, policy security-ips drop, ruleset 
> community; reference:url,www.devttys0.com/2013/10/from-china-with-love; 
> classtype:bad-unknown; sid:10000108; rev:1;)
> 
> Funny how all these are popping up lately.
> 
> James
> 
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!




More information about the Snort-sigs mailing list