[Snort-sigs] SCADA PCAPs
alex.kirk at ...435...
Thu Apr 24 11:55:07 EDT 2008
The Sourcefire VRT is looking to expand our coverage into SCADA over
TCP/IP, particularly Modbus and ICCP, in response to growing demand for
such coverage. While standards documents and the like aren't hard to
find, publicly available packet captures appear to be virtually
nonexistent...and as you all know, writing rules without testing against
live traffic is a bad idea.
If anyone on this list has access to these types of PCAPs, the VRT would
greatly appreciate it if you could send a few our way (or more
specifically to me, since I'm doing the bulk of the research). We'll be
happy to work with you on confidentiality requirements, and/or credit in
the rule documentation for your help.
More information about the Snort-sigs