Snort mailing list archives

New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow

From: rmkml <rmkml () ligfy org>
Date: Tue, 22 Nov 2016 21:42:36 +0100 (CET)

Hi,

Please check a new sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow:

alert udp $EXTERNAL_NET any -> $HOME_NET 1040 (msg:"MISC TP-Link TDDP SET_CONFIG type buffer overflow attempt";
dsize:>336; content:"|01 01 00|"; depth:3; offset:0; byte_test:4,>=,0x0264,4,big;
reference:url,www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities;
classtype:attempted-recon; sid:1; rev:1;)

Don't forget check variables.

Please send any comments.

Regards
@Rmkml

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow rmkml (Nov 22)
- Re: New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow Joshua Williams (Nov 22)