-
Notifications
You must be signed in to change notification settings - Fork 61
/
ELITEWOLF_SNORT_SchweitzerEngineeringLaboratories.txt
37 lines (33 loc) · 4.29 KB
/
ELITEWOLF_SNORT_SchweitzerEngineeringLaboratories.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
alert tcp any 443 -> any any (msg: "ELITEWOLF SEL-3530-RTAC URL path activity - homepage"; content:"/home.sel"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg: "ELITEWOLF SEL-3530-RTAC URL path activity - LoginError"; content:"/errors/err401.sel?username="; sid:1; rev:1;)
alert tcp any 443 -> any any (msg: "ELITEWOLF SEL-3530-RTAC URL path activity - default.sel page"; content:"/default.sel"; sid:1; rev:1;)
alert tcp any 1024 -> any any (msg: "ELITEWOLF SEL-3530-RTAC Possible SSH Login Activity"; content:"SSH-2.0-dropbear_2016.74"; sid:1; rev:1;)
alert tcp any 5432 -> any any (msg: "ELITEWOLF SEL-3530-RTAC Possible AcSELerator Firmware Activity"; content:"SEL-3530 RTAC"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-3620 X509 certificate activity"; content: "http://www.sel-secure.com"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-3620 X509 certificate activity"; content: "commonname=http://www.sel-secure.com"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-3620 X509 certificate activity"; content: "issuer_CN: http://www.sel-secure.com"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-2488 URL path activity"; content: "/scripts/dScripts.sel"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-2488 URL path activity"; content: "/css/sel.css?vid="; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-2488 X509 certificate activity"; content: "commonName=http://www.selinc.com/EthernetCommunications/"; sid:1; rev:1;)
alert tcp any 443 -> any any (msg:"ELITEWOLF_SEL-2488 X509 certificate activity"; content: "issuer_CN: http://www.selinc.com/EthernetCommunications/"; sid:1; rev:1;)
alert tcp any 23 -> any any (msg:"ELITEWOLF SEL Telnet Activity"; pcre:"/SEL-[0-9]{3,4}/"; sid:1; rev:1;)
alert tcp any 23 -> any any (msg:"ELITEWOLF SEL Access Level 1 Change"; content: "Level 1"; sid:1; rev:1;)
alert tcp any 23 -> any any (msg:"ELITEWOLF SEL Access Level 2 Change"; content: "Level 2"; sid:1; rev:1;)
alert tcp any 23 -> any any (msg:"ELITEWOLF SEL 2032 Processor"; content:"COMMUNICATIONS PROCESSOR-S/N"; sid:1; rev:1;)
alert tcp any 23 -> any any (msg:"ELITEWOLF SEL Callibration Access Level Login Success"; content:"Calibration Access Established"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Access Change"; content: "USER 2AC"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Change working directory 2701"; content: "CWD SEL-2701"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Change working directory 2701"; content: "CWD /SEL-2701"; sid:1; rev:1;)
alert tcp any 21 -> any any (msg: "ELITEWOLF SEL FTP Activity - Current directory"; content: "/SEL-2701"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - RETR DNPMAP.TXT file"; content: "RETR DNPMAP.TXT"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - STOR SET_DNP1.TXT file"; content: "STOR SET_DNP1.TXT"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - potential file change"; content:"STOR SET_"; pcre:"/STOR SET_[0-9A-Z]{1,4}.TXT/"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Access Change ACC"; content: "USER ACC"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Password Login otter"; content: "PASS otter"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - STOR DNPMAP.TXT file"; content: "STOR DNPMAP.TXT"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - RETR ERR.TXT file"; content: "RETR ERR.TXT"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - RETR SET_DNP1.TXT file 2701"; content: "RETR SET_DNP1.TXT"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - File Retrieval"; content:"RETR SET_"; pcre:"/RETR SET_[0-9A-Z]{1,4}/"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Default Username"; content:"USER FTPUSER"; sid:1; rev:1;)
alert tcp any any -> any 21 (msg: "ELITEWOLF SEL FTP Activity - Default Password"; content:"PASS TAIL"; sid:1; rev:1;)
alert tcp any 21 -> any any (msg: "ELITEWOLF SEL-751A FTP SERVER"; content:"SEL-751A"; sid:1; rev:1;)