Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patterns for DELL SonicWALL #4

Closed
ghost opened this issue Sep 4, 2013 · 4 comments
Closed

Patterns for DELL SonicWALL #4

ghost opened this issue Sep 4, 2013 · 4 comments

Comments

@ghost
Copy link

ghost commented Sep 4, 2013

Hi,

the link to submit new patterns:

http://www.nta-monitor.com/tools/ike-scan/submit-patterns.html

from the readme seems to be down so i hope its ok to submit those patterns in here.

This patterns are collected from two runs on the same DELL SonicWALL appliance (version unknown):

IP Address  No. Recv time       Delta Time
foo.bar 1   1378198474.458549   0.000000
foo.bar 2   1378198480.131168   5.672619
foo.bar 3   1378198490.986802   10.855634
foo.bar 4   1378198511.175981   20.189179
foo.bar Implementation guess: UNKNOWN

IP Address  No. Recv time       Delta Time
foo.bar 1   1378198676.325332   0.000000
foo.bar 2   1378198680.897706   4.572374
foo.bar 3   1378198691.894241   10.996535
foo.bar 4   1378198708.895223   17.000982
foo.bar Implementation guess: UNKNOWN
@royhills
Copy link
Owner

royhills commented Sep 4, 2013

Yes, this address works.

I'll amend the README, as the project is now on github. So people can submit pull requests if they're happy working with the git version control system.

Roy

Date: Wed, 4 Sep 2013 01:00:15 -0700
From: notifications@github.com
To: ike-scan@noreply.github.com
Subject: [ike-scan] Patterns for DELL SonicWALL (#4)

Hi,

the link to submit new patterns:

http://www.nta-monitor.com/tools/ike-scan/submit-patterns.html

from the readme seems to be down so i hope its ok to submit those patterns in here.

This patterns are collected from two runs on the same DELL SonicWALL appliance (version unknown):

IP Address No. Recv time Delta Time
foo.bar 1 1378198474.458549 0.000000
foo.bar 2 1378198480.131168 5.672619
foo.bar 3 1378198490.986802 10.855634
foo.bar 4 1378198511.175981 20.189179
foo.bar Implementation guess: UNKNOWN

IP Address No. Recv time Delta Time
foo.bar 1 1378198676.325332 0.000000
foo.bar 2 1378198680.897706 4.572374
foo.bar 3 1378198691.894241 10.996535
foo.bar 4 1378198708.895223 17.000982
foo.bar Implementation guess: UNKNOWN


Reply to this email directly or view it on GitHub.

@ghost
Copy link
Author

ghost commented Sep 4, 2013

Ah yes, sorry. I mean its not down but redirected to:

http://www.nta-monitor.com/tools-resources

There is also no mention on how to submit the patterns on:

http://www.nta-monitor.com/tools-resources/security-tools/ike-scan

@royhills
Copy link
Owner

royhills commented Sep 4, 2013

I've changed the addresses in the README and various other files to point to the github repository.

Looking at the backoff pattern, it looks very similar to that reported for sonicwall back in 2005:

Discovered by: Florent Trupheme, April 2005

Observed on SonicWall unknown version

Interestingly, this is different from the earlier sonicwall-pro entry.

Sonic Wall 0, 5, 8, 18

Perhaps this one will match if the fuzz is increased. I suspect it may be the same underlying pattern.

@claudijd
Copy link
Collaborator

bump

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@claudijd @royhills