#alert tcp any 443 -> any any (msg:"ET POLICY OpenSSL? Demo Cert Exchange"; flow:established,to_client; ssl_version:sslv2,sslv3,tls1.0,tls1.1,tls1.2; content:"|16|"; content:"|0b|"; within:8; content:"|00 a6 ed b9 1e 40 75 6f 88 0a 30 85 7b 68 b1 8d 48 89 27 33 36 20 ac 1e e8 d6 44 31 78 37 f7 e1 d0 d5 44 cf 4e 67 cb 64 ba 6c fa b6 5f a2 51 c3 5e e4 4a 31 76 c6 15 d4 85 d2 75 d8 ce 8b 4f 0b 38 bb 19 ab b0 10 94 d9 ca bd bb 65 98 c0 d4 2e 9a a4 64 90 f4 6c ee c0 db d9 e2 b0 97 ca cb 55 11 a8 00 4b c3 90 e0 7d c3 e1 d5 92 d7 b6 60 df 52 02 6f 9a 38 13 9a f4 cf 4f 68 fd 4c f8 ea ed 15|"; classtype:not-suspicious; sid:2011525; rev:2;)

Added 2011-10-12 19:32:11 UTC


#alert tcp any 443 -> any any (msg:"ET POLICY OpenSSL? Demo Cert Exchange"; flow:established,to_client; ssl_version:sslv2,sslv3,tls1.0,tls1.1,tls1.2; content:"|16|"; content:"|0b|"; within:8; content:"|00 a6 ed b9 1e 40 75 6f 88 0a 30 85 7b 68 b1 8d 48 89 27 33 36 20 ac 1e e8 d6 44 31 78 37 f7 e1 d0 d5 44 cf 4e 67 cb 64 ba 6c fa b6 5f a2 51 c3 5e e4 4a 31 76 c6 15 d4 85 d2 75 d8 ce 8b 4f 0b 38 bb 19 ab b0 10 94 d9 ca bd bb 65 98 c0 d4 2e 9a a4 64 90 f4 6c ee c0 db d9 e2 b0 97 ca cb 55 11 a8 00 4b c3 90 e0 7d c3 e1 d5 92 d7 b6 60 df 52 02 6f 9a 38 13 9a f4 cf 4f 68 fd 4c f8 ea ed 15|"; classtype:not-suspicious; sid:2011525; rev:2;)

Added 2011-02-04 17:31:20 UTC


#alert tcp any $SSL_PORTS -> any any (msg:"ET POLICY OpenSSL? Demo Cert Exchange"; flow:established,to_client; content:"|16|"; content:"|0b|"; within:8; content:"|00 a6 ed b9 1e 40 75 6f 88 0a 30 85 7b 68 b1 8d 48 89 27 33 36 20 ac 1e e8 d6 44 31 78 37 f7 e1 d0 d5 44 cf 4e 67 cb 64 ba 6c fa b6 5f a2 51 c3 5e e4 4a 31 76 c6 15 d4 85 d2 75 d8 ce 8b 4f 0b 38 bb 19 ab b0 10 94 d9 ca bd bb 65 98 c0 d4 2e 9a a4 64 90 f4 6c ee c0 db d9 e2 b0 97 ca cb 55 11 a8 00 4b c3 90 e0 7d c3 e1 d5 92 d7 b6 60 df 52 02 6f 9a 38 13 9a f4 cf 4f 68 fd 4c f8 ea ed 15|"; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2011525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_SSL_Certs; sid:2011525; rev:2;)

Added 2010-09-22 11:26:16 UTC


#alert tcp any $SSL_PORTS -> any any (msg:"ET POLICY OpenSSL? Demo Cert Exchange"; flow:established,to_client; content:"|16|"; content:"|0b|"; within:8; content:"|00 a6 ed b9 1e 40 75 6f 88 0a 30 85 7b 68 b1 8d 48 89 27 33 36 20 ac 1e e8 d6 44 31 78 37 f7 e1 d0 d5 44 cf 4e 67 cb 64 ba 6c fa b6 5f a2 51 c3 5e e4 4a 31 76 c6 15 d4 85 d2 75 d8 ce 8b 4f 0b 38 bb 19 ab b0 10 94 d9 ca bd bb 65 98 c0 d4 2e 9a a4 64 90 f4 6c ee c0 db d9 e2 b0 97 ca cb 55 11 a8 00 4b c3 90 e0 7d c3 e1 d5 92 d7 b6 60 df 52 02 6f 9a 38 13 9a f4 cf 4f 68 fd 4c f8 ea ed 15|"; classtype:not-suspicious; reference:url,doc.emergingthreats.net/2011525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_SSL_Certs; sid:2011525; rev:2;)

Added 2010-09-22 11:26:16 UTC


#alert tcp any $SSL_PORTS -> any any (msg:"ET POLICY OpenSSL? Demo Cert Exchange"; flow:established,to_client; content:"|16|"; content:"|0b|"; within:8; content:"|00 a6 ed b9 1e 40 75 6f 88 0a 30 85 7b 68 b1 8d 48 89 27 33 36 20 ac 1e e8 d6 44 31 78 37 f7 e1 d0 d5 44 cf 4e 67 cb 64 ba 6c fa b6 5f a2 51 c3 5e e4 4a 31 76 c6 15 d4 85 d2 75 d8 ce 8b 4f 0b 38 bb 19 ab b0 10 94 d9 ca bd bb 65 98 c0 d4 2e 9a a4 64 90 f4 6c ee c0 db d9 e2 b0 97 ca cb 55 11 a8 00 4b c3 90 e0 7d c3 e1 d5 92 d7 b6 60 df 52 02 6f 9a 38 13 9a f4 cf 4f 68 fd 4c f8 ea ed 15|"; classtype:not-suspicious; sid:2011525; rev:1;)

Added 2010-09-17 12:47:31 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats