[Emerging-Sigs] Rules for detect Oneplus sending data to open.oneplus.net
fnaves at emergingthreatspro.com
Wed Dec 6 02:54:17 HST 2017
We made two signatures to cover DNS and HTTP, these will go on today's
Em 05/12/2017 23:40, Arnold Chan escreveu:
> Is that possible to create rules that'll be useful to detect OnePlus
> phone that possible trigger the data leakage dns (Oneplus sending data
> to open.oneplus.net <http://open.oneplus.net>)?
> I recall there's something similar for Xiaomi phone data leakage DNS
> policy rule.
> alert udp any any -> any 53 (msg:"ET POLICY possible Xiaomi phone data
> leakage DNS"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10;
> offset:2; content:"|03|api|07|account|06|xiaomi|03|com|00|";
> fast_pattern; nocase; distance:0;
> classtype:policy-violation; sid:2018918; rev:1; metadata:created_at
> 2014_08_11, updated_at 2014_08_11;)
> Kind Regards,
> IMPORTANT: This email and any attachments may be confidential and
> privileged. If you have received this email in error, please contact
> the sender and delete all copies immediately. Any unauthorised use,
> dissemination, forwarding, printing, or copying of this email is
> strictly prohibited. This communication may contain confidential or
> copyright information.
> Tree Think before you print.
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs