Snort mailing list archives
Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia
From: Jeremy Hoel <jthoel () gmail com>
Date: Mon, 10 Feb 2014 16:50:11 +0000
We had this and I sent some info to the SANS team. It's one of the nvidia driver updaters.. It grabs a dat file and when it's done, does the ping. but it doesn't do a DNS to any domain first.. it just seems to have IPs internally. We turned off the autoupdate service and they went away. It seemed related to the geforce experience stuff, but the machines are in the fields and hard to get information about. On Mon, Feb 10, 2014 at 4:43 PM, Will Metcalf <wmetcalf () emergingthreatspro com> wrote:
Hmm is this interesting? Maybe disabled by default? Seems that it is just a normal thing the NVIDIA updae app does right? Regards, Will On Wed, Feb 5, 2014 at 1:57 PM, rmkml <rmkml () yahoo fr> wrote:Hi, After ISC/SANS talk, I'm offer a new rule for detecting Ping NVidia: alert icmp any any -> any any (msg:"ICMP PING NVIDIA NvNetworkService check access"; icode:0; itype:8; dsize:32; content:"PING DATA!"; depth:10; offset:0; reference:url,isc.sans.edu/forums/diary/Odd+ICMP+Echo+Request+Payload/17570; classtype:misc-activity; sid:1; rev:1;) Please check all variables before use. All comments are welcome. Regards @Rmkml _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!_______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!
------------------------------------------------------------------------------ Android™ apps run on BlackBerry®10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- New rule offered for detecting Ping NVidia rmkml (Feb 05)
- Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia Will Metcalf (Feb 10)
- Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia Jeremy Hoel (Feb 10)
- Re: [Emerging-Sigs] New rule offered for detecting Ping NVidia Will Metcalf (Feb 10)