[Snort-sigs] New rule offered for detecting Ping NVidia

rmkml rmkml at ...174...
Wed Feb 5 14:57:48 EST 2014


Hi,

After ISC/SANS talk, I'm offer a new rule for detecting Ping NVidia:

alert icmp any any -> any any (msg:"ICMP PING NVIDIA NvNetworkService check access"; icode:0; itype:8; dsize:32; content:"PING DATA!"; depth:10; offset:0; reference:url,isc.sans.edu/forums/diary/Odd+ICMP+Echo+Request+Payload/17570; classtype:misc-activity; sid:1; rev:1;)

Please check all variables before use.

All comments are welcome.

Regards
@Rmkml





More information about the Snort-sigs mailing list