Rule History

SID: 2018538 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 3 • Jun 6, 2014, 12:00 PM

Message:

ET INFO tor2www .onion Proxy SSL cert

Rule:

alert tcp $EXTERNAL_NET [443,$HTTP_PORTS] -> $HOME_NET any (msg:"ET INFO tor2www .onion Proxy SSL cert"; flow:established,from_server; content:"|55 04 03|"; content:"*.tor2www."; nocase; distance:2; within:10; classtype:misc-activity; sid:2018538; rev:3; metadata:attack_target Client_Endpoint, created_at 2014_06_06, deployment Perimeter, confidence High, signature_severity Informational, tag TOR_Proxy, updated_at 2023_04_20;)

Created:

Jun 6, 2014, 12:00 PM

Updated:

Apr 20, 2023, 12:00 PM

DB Created:

Jun 6, 2014, 12:00 PM

DB Updated:

May 31, 2024, 9:00 PM

Filename:

rules/emerging-info.rules