snort2-docker/docker/etc/rules/scada.rules

23 lines
1.3 KiB
Plaintext
Raw Normal View History

2020-02-24 13:56:30 +00:00
# Copyright 2001-2019 Sourcefire, Inc. All Rights Reserved.
#
# This file contains (i) proprietary rules that were created, tested and certified by
# Sourcefire, Inc. (the "VRT Certified Rules") that are distributed under the VRT
# Certified Rules License Agreement (v 2.0), and (ii) rules that were created by
# Sourcefire and other third parties (the "GPL Rules") that are distributed under the
# GNU General Public License (GPL), v2.
#
# The VRT Certified Rules are owned by Sourcefire, Inc. The GPL Rules were created
# by Sourcefire and other third parties. The GPL Rules created by Sourcefire are
# owned by Sourcefire, Inc., and the GPL Rules not created by Sourcefire are owned by
# their respective creators. Please see http://www.snort.org/snort/snort-team/ for a
# list of third party owners and their respective copyrights.
#
# In order to determine what rules are VRT Certified Rules or GPL Rules, please refer
# to the VRT Certified Rules License Agreement (v2.0).
#
#-------------
# SCADA RULES
#-------------
# alert tcp $EXTERNAL_NET any -> $HOME_NET 2537 (msg:"SCADA Schneider Electric Accutech http request overflow attempt"; flow:to_server,established; content:"GET /"; depth:5; isdataat:128,relative; content:!" HTTP/1.1"; within:128; reference:bugtraq,57651; reference:cve,2013-0658; classtype:attempted-admin; sid:39941; rev:1;)