Snort mailing list archives

Previous By Date Next
Previous By Thread Next

New rule offered for detecting Ping NVidia

From: rmkml <rmkml () yahoo fr>
Date: Wed, 5 Feb 2014 20:57:48 +0100 (CET)
Hi,

After ISC/SANS talk, I'm offer a new rule for detecting Ping NVidia:

alert icmp any any -> any any (msg:"ICMP PING NVIDIA NvNetworkService check access"; icode:0; itype:8; dsize:32; 
content:"PING DATA!"; depth:10; offset:0; reference:url,isc.sans.edu/forums/diary/Odd+ICMP+Echo+Request+Payload/17570; 
classtype:misc-activity; sid:1; rev:1;)

Please check all variables before use.

All comments are welcome.

Regards
@Rmkml


------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: