SonicALERT
Search

Sonicwall Signatures


Go to All Categories list.
Go to All Applications list.

Category: SCADA-APPS

SCADA-APPS Category Description

This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent legitimate traffic of SCADA systems

SCADA stands for "Supervisory Control And Data Acquisition". It generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes.

  Modbus -- Client Request (Outbound)
  Modbus -- Client Request (Inbound)
  Prosys OPC -- Protocol Command 1
  Prosys OPC -- Protocol Command 2
  Prosys OPC -- Protocol Command 3
  Synchrophasor Protocol (IEEE C37.118) -- TCP Command Frame
  Synchrophasor Protocol (IEEE C37.118) -- UDP Command Frame
  IEC 60870 -- Protocol Command IEC 104 2
  IEC 60870 -- Protocol Command IEC 101
  BACnet -- BVLC Function Result Successful completion
  BACnet -- BVLC Function Result Write-Broadcast-Distribution-Table NAK
  BACnet -- BVLC Function Result Read-Broadcast-Distribution-Table NAK
  BACnet -- BVLC Function Result Register-Foreign-Device NAK
  BACnet -- BVLC Function Result Read-Foreign-Device-Table NAK
  BACnet -- BVLC Function Result Delete-Foreign-Device-Table-Entry NAK
  BACnet -- BVLC Function Result Distribute-Broadcast-To-Network NAK
  BACnet -- BVLC Function Write-Broadcast-Distribution-Table
  BACnet -- BVLC Function Read-Broadcast-Distribution-Table
  BACnet -- BVLC Function Read-Broadcast-Distribution-Table-Ack
  BACnet -- BVLC Function Forwarded-NPDU
  BACnet -- BVLC Function Register-Foreign-Device
  BACnet -- BVLC Function Read-Fore-ign-Device-Table
  BACnet -- BVLC Function Read-Foreign-Device-Table-Ack
  BACnet -- BVLC Function Delete-Foreign-Device-Table-Entry
  BACnet -- BVLC Function Distribute-Broadcast-To-Network
  BACnet -- BVLC Function Original-Unicast-NPDU
  BACnet -- BVLC Function Original-Broadcast-NPDU
  BACnet -- BVLC Function Secure-BVLL
  BACnet -- Broadcast NSDU Who-Is-Router-To-Network
  BACnet -- Broadcast NSDU I-Am-Router-To-Network
  BACnet -- Broadcast NSDU I-Could-Be-Router-To-Network
  BACnet -- Broadcast NSDU Reject-Message-To-Network
  BACnet -- Broadcast NSDU Router-Busy-To-Network
  BACnet -- Broadcast NSDU Router-Available-To-Network
  BACnet -- Broadcast NSDU Initialize-Routing-Table
  BACnet -- Broadcast NSDU Initialize-Routing-Table-Ack
  BACnet -- Broadcast NSDU Establish-Connection-To-Network
  BACnet -- Broadcast NSDU Disconnect-Connection-To-Network
  BACnet -- Broadcast NSDU Challenge-Request
  BACnet -- Broadcast NSDU Security-Payload
  BACnet -- Broadcast NSDU Security-Response
  BACnet -- Broadcast NSDU Request-Key-Update
  BACnet -- Broadcast NSDU Update-Key-Set
  BACnet -- Broadcast NSDU Update-Distribution-Key
  BACnet -- Broadcast NSDU Request-Master-Key
  BACnet -- Broadcast NSDU Set-Master-Key
  BACnet -- Broadcast NSDU What-Is-Network-Number
  BACnet -- Broadcast NSDU Network-Number-Is
  BACnet -- Broadcast APDU i-Am Service DNET
  BACnet -- Broadcast APDU i-Am Service SNET
  BACnet -- Broadcast APDU who-Is Service DNET
  BACnet -- Broadcast APDU who-Is Service SNET
  BACnet -- Broadcast APDU Unconfirmed Service unconfirmedPrivateTransfer
  BACnet -- Broadcast APDU Unconfirmed Service who-Has
  BACnet -- Broadcast APDU unconfirmedCOVNotification Service
  BACnet -- Broadcast NPDU Malformed Packet
  EtherNet/IP -- Request Identity Attempt
  Fox -- Protocol Version
  OMRON-FINS -- OMRON TCP Controller Read Attempt
  OMRON-FINS -- OMRON UDP controlller read attempt
  S7comm -- SPARC S7 ROSCTR Job Setup Communication To Client
  S7comm -- SPARC S7 ROSCTR Job Setup Communication To Server
  S7comm -- SPARC S7 Request CPU Function Read
  CIP -- Service Request
  CIP -- Function Request
  ICCP -- Client Request (COTP)
  ICCP -- Client Request (Association)
  ICCP -- Client Request (MMS Write)
  ICCP -- Server Response (Invalid OSI-SSEL)
  ICCP -- Server Response (Invalid OSI-PSEL)
  CODESYS -- UDP Activity 1
  CODESYS -- UDP Activity 2
  CODESYS -- UDP Activity 3
  CODESYS -- TCP Activity 1
  CODESYS -- TCP Activity 2
  CODESYS -- TCP Activity 3
  EtherNet/IP -- TCP Activity (Send RR Data)
  EtherNet/IP -- Registration
  EtherNet/IP -- TCP Activity (Send Unit Data)
  SAIA ETHER S-BUS -- UDP Activity
  ETHERSIO -- UDP Activity
  OMRON-FINS -- UDP Activity 1
  OMRON-FINS -- UDP Activity 2
  HART-IP -- UDP Activity 1
  HART-IP -- UDP Activity 2
  IEC 60870 -- Protocol Command IEC 104 1
  PC_WORX -- TCP Activity
  ISO-TSAP -- TCP Activity 1
  ISO-TSAP -- TCP Activity 2
  ISO-TSAP -- TCP Activity 3
  S7comm -- TCP Activity (Setup)
  S7comm -- TCP Activity (Data)
  Advantech ICS -- Server Response (FTP)
  Beckhoff ICS -- TCP Activity
  Hirschmann ICS -- HTTPS Activity
  Modbus -- Server Response (Gateway)
  Moxa ICS -- HTTP Activity
  Moxa ICS -- TCP Activity
  Moxa ICS -- HTTPS Activity
  Phoenix ICS -- HTTP Activity 1
  Phoenix ICS -- HTTP Activity 2
  Phoenix ICS -- HTTP Activity 3
  Siemens ICS -- TCP Activity (RUGGEDCOM RS910) 1
  Siemens ICS -- TCP Activity (RUGGEDCOM RS910) 2
  Siemens ICS -- HTTPS Activity (RUGGEDCOM RS910)
  Siemens ICS -- UDP Activity (SIMATIC S7-1200)
  Westermo ICS -- TCP Activity 2
  Westermo ICS -- TCP Activity 3
  Westermo ICS -- TCP Activity 4
  NetBurner ICS -- TCP Activity
  Inhandnetworks ICS -- HTTP Activity 1
  Inhandnetworks ICS -- HTTP Activity 2
  Inhandnetworks ICS -- HTTP Activity 3
  Westermo ICS -- TCP Activity 1
  Barix ICS -- TCP Activity


Relevant Information