[Snort-sigs] SCADA PCAPs

Alex Kirk alex.kirk at ...435...
Thu Apr 24 11:55:07 EDT 2008

The Sourcefire VRT is looking to expand our coverage into SCADA over 
TCP/IP, particularly Modbus and ICCP, in response to growing demand for 
such coverage. While standards documents and the like aren't hard to 
find, publicly available packet captures appear to be virtually 
nonexistent...and as you all know, writing rules without testing against 
live traffic is a bad idea.

If anyone on this list has access to these types of PCAPs, the VRT would 
greatly appreciate it if you could send a few our way (or more 
specifically to me, since I'm doing the bulk of the research). We'll be 
happy to work with you on confidentiality requirements, and/or credit in 
the rule documentation for your help.

Alex Kirk
Research Analyst
Sourcefire, Inc.

More information about the Snort-sigs mailing list