23 lines
1.3 KiB
Plaintext
23 lines
1.3 KiB
Plaintext
|
# Copyright 2001-2019 Sourcefire, Inc. All Rights Reserved.
|
||
|
|
#
|
||
|
|
# This file contains (i) proprietary rules that were created, tested and certified by
|
||
|
|
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT
|
||
|
|
# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
|
||
|
|
# Sourcefire and other third parties (the "GPL Rules") that are distributed under the
|
||
|
|
# GNU General Public License (GPL), v2.
|
||
|
|
#
|
||
|
|
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created
|
||
|
|
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
|
||
|
|
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by
|
||
|
|
# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a
|
||
|
|
# list of third party owners and their respective copyrights.
|
||
|
|
#
|
||
|
|
# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer
|
||
|
|
# to the VRT Certified Rules License Agreement (v2.0).
|
||
|
|
#
|
||
|
|
#-------------
|
||
|
|
# SCADA RULES
|
||
|
|
#-------------
|
||
|
|
|
||
|
|
# alert tcp $EXTERNAL_NET any -> $HOME_NET 2537 (msg:"SCADA Schneider Electric Accutech http request overflow attempt"; flow:to_server,established; content:"GET /"; depth:5; isdataat:128,relative; content:!" HTTP/1.1"; within:128; reference:bugtraq,57651; reference:cve,2013-0658; classtype:attempted-admin; sid:39941; rev:1;)
|