SCADA IDS Signatures (SIS)

CRITIFENCE® SCADA IDS Signatures Database (SIS)

IGSS SCADA System Directory Traversal and Download

Date Title Author SVE-ID
2016-03-03IGSS SCADA System Directory Traversal and DownloadEmerging Threats Pro, NitroSecurityN/A
Description
This rule is distributed under the ET-PRO license that is available at http://rules.emergingthreats.net/open/snort-2.4.0/ETPRO-License.txt

Signature

						
							
								
alert tcp any any -> any 12401 (msg:"ETPRO SCADA IGSS SCADA System Directory Traversal and Download";
 flow:to_server,established;
 content:"|01 00 34 12 0D|";
 offset:2;
 depth:5;
 content:"|03|";
 distance:11;
 within:1;
 content:"|2E 2E 5C 2E 2E 5C 2E 2E 5C 2E 2E 5C|";
 distance:0;
 classtype:attempted-user;
 reference:url,digitalbond.com/tools/quickdraw/vulnerability-rules;
 sid:1111620;
 rev:1;
)