API tools faq
paste
Advertisement
saleks28

pasoib3_snort_rules

saleks28
May 5th, 2020
275
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.13 KB | None | 0 0
raw download clone embed print report
  1. # Other
  2. alert tcp ![192.168.1.0/25,192.168.2.0/24,192.168.11.0/30,192.168.12.0/28,192.168.22.0/25] 0:65535 -> 192.168.0.1 80 (msg:"Other tried to get M/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 1)
  3. alert tcp ![192.168.1.0/25,192.168.2.0/24,192.168.11.0/30,192.168.12.0/28,192.168.22.0/25] 0:65535 -> 192.168.10.1 8080 (msg:"Other tried to get F1/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 2)
  4. alert tcp ![192.168.1.0/25,192.168.2.0/24,192.168.11.0/30,192.168.12.0/28,192.168.22.0/25] 0:65535 -> 192.168.0.1 80 (msg:"Other tried to get M/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 3)
  5. alert tcp ![192.168.1.0/25,192.168.2.0/24,192.168.11.0/30,192.168.12.0/28,192.168.22.0/25] 0:65535 -> 192.168.10.1 8080 (msg:"Other tried to get F1/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 4)
  6. alert tcp ![192.168.1.0/25,192.168.2.0/24,192.168.11.0/30,192.168.12.0/28,192.168.22.0/25] 0:65535 -> 192.168.20.1 8080 (msg:"Other tried to get F2/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 5)
  7.  
  8. # M Trusted
  9. alert tcp 192.168.1.0/25 0:65535 -> 192.168.10.1 8080 (msg:"M Trusted tried to get F1/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 6)
  10. alert tcp 192.168.1.0/25 0:65535 -> 192.168.10.1 8080 (msg:"M Trusted tried to get F1/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 7)
  11. alert tcp 192.168.1.0/25 0:65535 -> 192.168.20.1 8080 (msg:"M Trusted tried to get F2/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 8)
  12.  
  13. # M Regular
  14. alert tcp 192.168.2.0/24 0:65535 -> 192.168.0.1 80 (msg:"M Regular tried to get M/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 9)
  15. alert tcp 192.168.2.0/24 0:65535 -> 192.168.10.1 8080 (msg:"M Regular tried to get F1/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 10)
  16. alert tcp 192.168.2.0/24 0:65535 -> 192.168.10.1 8080 (msg:"M Regular tried to get F1/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 11)
  17. alert tcp 192.168.2.0/24 0:65535 -> 192.168.20.1 8080 (msg:"M Regular tried to get F2/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 12)
  18.  
  19. # F1 Trusted
  20. alert tcp 192.168.11.0/30 0:65535 -> 192.168.0.1 80 (msg:"F1 Trusted tried to get M/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 13)
  21. alert tcp 192.168.11.0/30 0:65535 -> 192.168.20.1 8080 (msg:"F1 Trusted tried to get F2/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 14)
  22.  
  23. # F1 Regular
  24. alert tcp 192.168.12.0/28 0:65535 -> 192.168.0.1 80 (msg:"F1 Regular tried to get M/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 15)
  25. alert tcp 192.168.12.0/28 0:65535 -> 192.168.0.1 80 (msg:"F1 Regular tried to get M/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 16)
  26. alert tcp 192.168.12.0/28 0:65535 -> 192.168.10.1 8080 (msg:"F1 Regular tried to get F1/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 17)
  27.  
  28. # F2 Regular
  29. alert tcp 192.168.22.0/25 0:65535 -> 192.168.0.1 80 (msg:"F2 Regular tried to get M/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 18)
  30. alert tcp 192.168.22.0/25 0:65535 -> 192.168.10.1 8080 (msg:"F2 Regular tried to get F1/confidential data"; uricontent: "/confidential/"; offset: 0; depth: 14; flow:to_server,established; sid: 19)
  31. alert tcp 192.168.22.0/25 0:65535 -> 192.168.0.1 80 (msg:"F2 Regular tried to get M/internal data"; uricontent: "/internal/"; offset: 0; depth: 10; flow:to_server,established; sid: 20)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!