[Snort-sigs] RE : Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia

rmkml rmkml at ...174...
Mon Feb 10 11:54:00 EST 2014


Thx Will for feedback, 

Unknown (nvidia thx isc) ping payload on network traffic are always interesting, but ok disabled by default. 

Regards
@Rmkml





-------- Message d'origine --------
De : Will Metcalf <wmetcalf at ...3525...> 
Date :  
A : rmkml <rmkml at ...174...> 
Cc : "emerging-sigs at ...3694..." <Emerging-sigs at ...3694...>,snort-sigs at lists.sourceforge.net 
Objet : Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia 
 
Hmm is this interesting? Maybe disabled by default? Seems that it is just a normal thing the NVIDIA update app does right?

Regards,

Will


On Wed, Feb 5, 2014 at 1:57 PM, rmkml <rmkml at ...174...> wrote:
Hi,

After ISC/SANS talk, I'm offer a new rule for detecting Ping NVidia:

alert icmp any any -> any any (msg:"ICMP PING NVIDIA NvNetworkService check access"; icode:0; itype:8; dsize:32; content:"PING DATA!"; depth:10; offset:0; reference:url,isc.sans.edu/forums/diary/Odd+ICMP+Echo+Request+Payload/17570; classtype:misc-activity; sid:1; rev:1;)

Please check all variables before use.

All comments are welcome.

Regards
@Rmkml

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs at ...3694...
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140210/1049626a/attachment.html>


More information about the Snort-sigs mailing list