forked from ITI/ICS-Security-Tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
talos-snort.rules
19 lines (19 loc) · 6.17 KB
/
talos-snort.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP ABB default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"c2VydmljZTpBQkI4MDB4QQ=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37378; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP BinTec Elmeg default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46YmludGVj"; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37379; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP BinTec Elmeg default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46ZnVud2Vyaw=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37380; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Digi default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"cm9vdDpkYnBz"; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37381; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Digi default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"dXNlcjpwYXNzd2Q="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37382; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Digi default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"dXNlcm5hbWU6cGFzc3dvcmQ="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37383; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Emerson default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46ZGVmYXVsdA=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37384; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Hirschmann default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46cHJpdmF0ZQ=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37385; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Hirschmann default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"dXNlcjpwdWJsaWM="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37386; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Moxa default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46cm9vdA=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37387; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP NOVUS AUTOMATION default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"c3VwZXJ2aWV3OnN1cGVydmlldw=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37388; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Rockwell Automation default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW5pc3RyYXRvcjptbDE0MDA="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37389; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Rockwell Automation default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW5pc3RyYXRvcjptbDExMDA="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37390; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Samsung default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"cm9vdDpya3dqc2R1c3JudGg="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37391; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Schneider default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"QWRtaW5pc3RyYXRvcjpHYXRld2F5"; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37392; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Schneider default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"VVNFUjpVU0VS"; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37393; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Wago default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46d2Fnbw=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37394; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Westermo default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtaW46d2VzdGVybW8="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37395; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP eWON default password login attempt"; flow:to_server,established; content:"Authorization|3A|"; nocase; http_header; content:"YWRtOmFkbQ=="; fast_pattern:only; http_header; metadata:service http; classtype:default-login-attempt; sid:37396; rev:1;)