Rule History

SID: 10001844 • Source: ptrules/open

Versions (7)

Version DetailsCurrent

Rev: 6 • Sep 25, 2025, 2:40 PM

Message:

POLICY [PTsecurity] TOR cert FB set FB0_01

Rule:

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg: "POLICY [PTsecurity] TOR cert FB set FB0_01"; flow: established, to_client; content: "|3082|"; depth: 300; content: "|308201|"; distance: 2; within: 3; content: "|a00302010202|"; distance: 1; within: 6; content: "|7777|"; distance: 38; within: 2; fast_pattern; flowbits: set, FB0_01; flowbits: noalert; reference: url, rules.ptsecurity.com; classtype: policy-violation; sid: 10001844; rev: 6;)

Created:

Sep 25, 2025, 2:40 PM

Updated:

Feb 13, 2026, 2:43 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Mar 2, 2026, 1:34 PM

Filename:

rules/ptopen-info.rules