Snort mailing list archives
New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow
From: rmkml <rmkml () ligfy org>
Date: Tue, 22 Nov 2016 21:42:36 +0100 (CET)
Hi, Please check a new sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow: alert udp $EXTERNAL_NET any -> $HOME_NET 1040 (msg:"MISC TP-Link TDDP SET_CONFIG type buffer overflow attempt"; dsize:>336; content:"|01 01 00|"; depth:3; offset:0; byte_test:4,>=,0x0264,4,big; reference:url,www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities; classtype:attempted-recon; sid:1; rev:1;) Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow rmkml (Nov 22)
- Re: New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow Joshua Williams (Nov 22)