Versions (3)
Version DetailsCurrent
Rev: 2 • May 20, 2015, 12:00 PMET EXPLOIT Logjam Weak DH/DHE Export Suite From Server
alert tcp any [21,25,110,143,443,465,587,636,989:995,5061,5222] -> $HOME_NET any (msg:"ET EXPLOIT Logjam Weak DH/DHE Export Suite From Server"; flow:established,from_server; content:"|16 03|"; depth:2; byte_test:1,<,4,0,relative; content:"|02|"; distance:3; within:1; byte_jump:1,37,relative; content:"|00 65|"; within:2; fast_pattern; threshold:type limit,track by_dst,count 1,seconds 1200; reference:url,weakdh.org; classtype:bad-unknown; sid:2021125; rev:2; metadata:created_at 2015_05_20, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
May 20, 2015, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 14, 2025, 9:34 PM
rules/emerging-exploit.rules