Snort mailing list archives
Re: new rule for detecting VxWorks debugging reply access
From: Eric G <eric () nixwizard net>
Date: Tue, 19 Jun 2012 21:17:19 -0400
On Tue, Jun 19, 2012 at 5:40 PM, Tony Robinson <trobinson () sourcefire com>wrote:
I've seen this rule fire a couple of times in the past. Most times I've seen this rule tripped in the past, it was a vulnerability scanner attempting to scan a target.
+1.. same experience here. Our in-house vuln scanner causes this one to fire off on its regularly scheduled scan dates. If you know you don't have any VxWorks based devices (which might be somewhat difficult to determine... there are a lot of RTOS embedded devices that are VxWorks based, like newer Linksys WRT54Gs for example...) you could disable that rule if it's generating a lot of noise -- Eric
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- new rule for detecting VxWorks debugging reply access rmkml (Jun 19)
- Re: new rule for detecting VxWorks debugging reply access Tony Robinson (Jun 19)
- Re: new rule for detecting VxWorks debugging reply access Eric G (Jun 20)
- Re: new rule for detecting VxWorks debugging reply access Tony Robinson (Jun 19)