rules:
  - match: tcp dst port 23 or port 2323 or port 23231
    type: conn_handler
    target: telnet
  - match: tcp dst port 25
    type: conn_handler
    target: smtp
  - match: tcp dst port 3389
    type: conn_handler
    target: rdp
  - match: tcp dst port 445
    type: conn_handler
    target: smb
  - match: tcp dst port 21
    type: conn_handler
    target: ftp
  - match: tcp dst port 5060
    type: conn_handler
    target: sip
  - match: tcp
    type: conn_handler
    target: default