Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia

[Will Metcalf <wmetcalf () emergingthreatspro com>]

Hmm is this interesting? Maybe disabled by default? Seems that it is just a
normal thing the NVIDIA updae app does right?

Regards,

Will


On Wed, Feb 5, 2014 at 1:57 PM, rmkml <rmkml () yahoo fr> wrote:

> Hi,
>
> After ISC/SANS talk, I'm offer a new rule for detecting Ping NVidia:
>
> alert icmp any any -> any any (msg:"ICMP PING NVIDIA NvNetworkService
> check access"; icode:0; itype:8; dsize:32; content:"PING DATA!"; depth:10;
> offset:0; reference:url,isc.sans.edu/forums/diary/Odd+ICMP+Echo+
> Request+Payload/17570; classtype:misc-activity; sid:1; rev:1;)
>
> Please check all variables before use.
>
> All comments are welcome.
>
> Regards
> @Rmkml
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () lists emergingthreats net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
> The ONLY place to get complete premium rulesets for all versions of
> Suricata and Snort 2.4.0 through Current!
------------------------------------------------------------------------------
Android&trade; apps run on BlackBerry&reg;10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!