Re: Cisco backdoor snort rule

["Joel Esler (jesler)" <jesler () cisco com>]

Our rule detects attempts to exploit the vulnerability in the device, and in IPS mode, will prevent it.

--
Joel Esler
Manager
Talos Group
http://www.talosintelligence.com


> On Aug 25, 2016, at 1:00 PM, Arun Saini <mailarunsaini () gmail com> wrote:
>
> Many thanks!!
> What about my query how to know via traffic pattern that its backdoor??
>
>
> Sincerely,
>
> Arun Saini
> http://about.me/arun.saini <http://about.me/arun.saini>
> Mobile :+91-9890738762
>
>
> On 25 Aug 2016 10:08 pm, "Joel Esler (jesler)" <jesler () cisco com <mailto:jesler () cisco com>> wrote:
> Our statement on the event is here:
>
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp 
> <http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp>
>
> Which includes detection for the vulnerability here:  Snort Rule 3:39885
>
> Which is available to subscribers:  https://snort.org/downloads/#rule-downloads 
> <https://snort.org/downloads/#rule-downloads>
>
>
> --
> Joel Esler
> Manager
> Talos Group
> http://www.talosintelligence.com <http://www.talosintelligence.com/>
>
> > On Aug 25, 2016, at 12:17 PM, Arun Saini <mailarunsaini () gmail com <mailto:mailarunsaini () gmail com>> wrote:
> >
> > Hi Team,
> >
> > any specific traffic pattern to detect backdoor in firewall or other devices ? how to know via traffic that it is 
> > backdoor?
> > Any rule for snort to detect recent backdoor in Cisco products ?
> > ​why snort was not able to detect the backdoor in Cisco PIX or products recently NSA tools released by shadow 
> > hackers or equation group  ?​
> >
> >
> >
> >
> > Arun Sain​i​
> >
> >
> > Mobile: +91-9890738762
> > in.linkedin.com/in/mailarunsaini 
> > <http://in.linkedin.com/in/mailarunsaini>------------------------------------------------------------------------------
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users>
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users 
> > <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
> >
> > Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!