-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathmatchers.conf.sample
130 lines (115 loc) · 2.39 KB
/
matchers.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Hijack HTTP on port 80, match GET or POST requests for "pornhub.com" and then call python module called http_pornhub for response generation
begin http_80
match ^(GET|POST).*
ignore (^GET [^ ?]+\.(?i:jpg|jpeg|gif|png|ico|css)|(?i:host: .*pornhub.com))
dst_port 80
proto tcp
option reset
pymodule http_pornhub
end
# Deny all HTTPS via sending fake response and RST packet after than
begin ssl_443
match (.)
dst_port 443
proto any
option reset
response content/no_ssl_please
end
# Deny OpenVPN via sending fake response and RST packet after than
begin openvpn_1194
match (.)
dst_port 1194
proto any
option reset
response content/no_ssl_please
end
# Deny PPTP via sending fake response and RST packet after than
begin pptp_1723
match (.)
dst_port 1723
proto any
option reset
response content/no_ssl_please
end
# Deny L2TP via sending fake response and RST packet after than
begin l2tp_1701
match (.)
dst_port 1701
proto any
option reset
response content/no_ssl_please
end
# Deny OpenVPN via sending fake response and RST packet after than
begin smtp_587
match (?i)ehlo
dst_port 587
proto tcp
response content/smtp_no_starttls
end
# Send fake SMTP response from server, and trying to "deny" STARTTLS in smtp
begin smtp_25
match (?i)ehlo
dst_port 25
proto tcp
response content/smtp_no_starttls
end
# Send fake SMTP response from server, and trying to "deny" STARTTLS in smtp
begin smtp_2525
match (?i)ehlo
dst_port 2525
proto tcp
response content/smtp_no_starttls
end
# Send fake response on starttls command in SMTP
begin smtp_587_stoptls
match (?i)starttls
dst_port 587
proto tcp
response content/smtp_stoptls
end
# Send fake response on starttls command in SMTP
begin smtp_25_stoptls
match (?i)starttls
dst_port 25
proto tcp
response content/smtp_stoptls
end
# Send fake response on starttls command in SMTP
begin smtp_2525_stoptls
match (?i)starttls
dst_port 2525
proto tcp
response content/smtp_stoptls
end
# Just reset all SSL SMTP connections
begin smtp_465
match (.)
dst_port 465
proto any
option reset
response content/no_ssl_please
end
begin imap_143
match (?i)capability
dst_port 143
proto tcp
response content/imap_no_starttls
end
begin imap_143_stoptls
match (?i)starttls
dst_port 143
proto tcp
response content/imap_stoptls
begin imap_993
match (.)
dst_port 993
proto any
option reset
response content/no_ssl_please
end
begin pop3_110_stoptls
match (?i)stls
dst_port 110
proto tcp
response content/pop3_stoptls
end