dataplane_org

defaults:
  tags:
      - scanner
      - bruteforce

feeds:
  dnsrd:
    remote: https://dataplane.org/dnsrd.txt
    defaults:
      tags: scanner, dns
      description: 'identified as sending recursive DNS queries to a remote host'

  dnsrdany:
    remote: https://dataplane.org/dnsrdany.txt
    portlist: 53
    tags: scanner, dns
    description: 'identified as sending recursive DNS IN ANY queries to a remote host'

  dnsversion:
    remote: https://dataplane.org/dnsversion.txt
    portlist: 53
    tags: scanner, dns
    description: 'identified as sending DNS CH TXT VERSION.BIND queries to a remote host'

  # not enough info to be confident they're doing bad things
  sshclient:
    remote: https://dataplane.org/sshclient.txt
    portlist: 22
    tags: scanner, ssh
    description: 'has been seen initiating an SSH connection'

  # pinging the protocol, bad stuff..
  ssh:
    remote: https://dataplane.org/sshpwauth.txt
    portlist: 22
    tags: scanner, ssh
    description: 'seen attempting to remotely login using SSH password authentication'

  sipquery:
    remote: https://dataplane.org/sipquery.txt
    protocol: udp
    portlist: 5060
    tags: scanner, sip
    description: 'seen initiating a SIP OPTIONS query to a remote host'

  sipinvitation:
    remote: https://dataplane.org/sipinvitation.txt
    protocol: udp
    portlist: 5060
    tags: scanner, sip
    description: 'seen initiating a SIP INVITE operation to a remote host'

  sipregistration:
    remote: https://dataplane.org/sipregistration.txt
    protocol: udp
    portlist: 5060
    tags: scanner, sip
    description: 'seen initiating a SIP REGISTER operation to a remote host'

  vnc:
    remote: http://dataplane.org/vncrfb.txt
    protocol: tcp
    portlist: 5900-5904
    tags: scanner, vnc
    description: "seen initiating a VNC remote frame buffer (RFB) session to a remote host"