[Snort-sigs] [Emerging-Sigs] New rule offered for detecting Ping NVidia

Will Metcalf wmetcalf at ...3525...
Mon Feb 10 11:43:14 EST 2014


Hmm is this interesting? Maybe disabled by default? Seems that it is just a
normal thing the NVIDIA updae app does right?

Regards,

Will


On Wed, Feb 5, 2014 at 1:57 PM, rmkml <rmkml at ...174...> wrote:

> Hi,
>
> After ISC/SANS talk, I'm offer a new rule for detecting Ping NVidia:
>
> alert icmp any any -> any any (msg:"ICMP PING NVIDIA NvNetworkService
> check access"; icode:0; itype:8; dsize:32; content:"PING DATA!"; depth:10;
> offset:0; reference:url,isc.sans.edu/forums/diary/Odd+ICMP+Echo+
> Request+Payload/17570; classtype:misc-activity; sid:1; rev:1;)
>
> Please check all variables before use.
>
> All comments are welcome.
>
> Regards
> @Rmkml
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3694...
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
> The ONLY place to get complete premium rulesets for all versions of
> Suricata and Snort 2.4.0 through Current!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140210/6159b562/attachment.html>


More information about the Snort-sigs mailing list