rule dragos_crashoverride_moduleStrings {
	meta:
		description = "IEC-104 Interaction Module Program Strings"
		author = "Dragos Inc"
	strings:
		$s1 = "IEC-104 client: ip=%s; port=%s; ASDU=%u" ascii wide nocase
		$s2 = " MSTR ->> SLV" ascii wide nocase
		$s3 = " MSTR <<- SLV" ascii wide nocase
		$s4 = "Unknown APDU format !!!" ascii wide nocase
		$s5 = "iec104.log" ascii wide nocase
	condition:
		any of ($s*)
}