Skip to content

Commit

Permalink
DOC: Document new supported Dataplane feeds
Browse files Browse the repository at this point in the history
  • Loading branch information
@monoidic
monoidic authored and Wagner committed Sep 17, 2021
1 parent 9e14dc2 commit f9ff4c1
Showing 1 changed file with 174 additions and 8 deletions.
182 changes: 174 additions & 8 deletions intelmq/etc/feeds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -453,15 +453,15 @@ providers:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: http://dataplane.org/sshclient.txt
http_url: https://dataplane.org/sshclient.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2018-01-20
documentation: http://dataplane.org/
documentation: https://dataplane.org/
public: true
SSH Password Authentication:
description: Entries below consist of fields with identifying characteristics
Expand All @@ -474,15 +474,15 @@ providers:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: http://dataplane.org/sshpwauth.txt
http_url: https://dataplane.org/sshpwauth.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2018-01-20
documentation: http://dataplane.org/
documentation: https://dataplane.org/
public: true
SIP Query:
description: Entries consist of fields with identifying characteristics of a
Expand All @@ -495,15 +495,15 @@ providers:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: http://dataplane.org/sipquery.txt
http_url: https://dataplane.org/sipquery.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2018-01-20
documentation: http://dataplane.org/
documentation: https://dataplane.org/
public: true
SIP Registration:
description: Entries consist of fields with identifying characteristics of a
Expand All @@ -516,15 +516,181 @@ providers:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: http://dataplane.org/sipregistration.txt
http_url: https://dataplane.org/sipregistration.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2018-01-20
documentation: http://dataplane.org/
documentation: https://dataplane.org/
public: true
DNS Recursion Desired:
description: Entries consist of fields with identifying characteristics of a
source IP address that has been seen performing a DNS recursion desired query
to a remote host. This report lists hosts that are suspicious of more than just
port scanning. The host may be DNS server cataloging or searching for hosts
to use for DNS-based DDoS amplification.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/dnsrd.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
DNS Recursion Desired ANY:
description: Entries consist of fields with identifying characteristics of a
source IP address that has been seen performing a DNS recursion desired IN ANY query
to a remote host. This report lists hosts that are suspicious of more than just
port scanning. The host may be DNS server cataloging or searching for hosts
to use for DNS-based DDoS amplification.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/dnsrdany.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
DNS Version:
description: Entries consist of fields with identifying characteristics of a
source IP address that has been seen performing a DNS CH TXT version.bind query
to a remote host. This report lists hosts that are suspicious of more than just
port scanning. The host may be DNS server cataloging or searching for vulnerable
DNS servers.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/dnsversion.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
Protocol 41:
description: Entries consist of fields with identifying characteristics of a
host that has been detected to offer open IPv6 over IPv4 tunneling.
This could allow for the host to be used a public proxy against IPv6 hosts.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/proto41.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
SMTP Greet:
description: Entries consist of fields with identifying characteristics of a
host that has been seen initiating a SMTP HELO/EHLO operation to a remote host.
The source report lists hosts that are suspicious of more than just port
scanning. The host may be SMTP server cataloging or conducting various forms
of email abuse.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/smtpgreet.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
SMTP Data:
description: Entries consist of fields with identifying characteristics of a
host that has been seen initiating a SMTP DATA operation to a remote host.
The source report lists hosts that are suspicious of more than just port
scanning. The host may be SMTP server cataloging or conducting various forms
of email abuse.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/smtpdata.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
Telnet Login:
description: Entries consist of fields with identifying characteristics of a
host that has been seen initiating a telnet connection to a remote host.
The source report lists hosts that are suspicious of more than just port
scanning. The host may be telnet server cataloging or conducting
authentication attack attempts.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/telnetlogin.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
VNC/RFB Login:
description: Entries consist of fields with identifying characteristics of a
host that has been seen initiating a VNC remote buffer session to a remote host.
The source report lists hosts that are suspicious of more than just port
scanning. The host may be VNC/RFB server cataloging or conducting
authentication attack attempts.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dataplane.org/vncrfb.txt
rate_limit: 3600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dataplane.parser
parameters:
revision: 2021-09-09
documentation: https://dataplane.org/
public: true
Turris:
Greylist:
Expand Down

0 comments on commit f9ff4c1

Please sign in to comment.