[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Interestingly enough...



On 31/10/2006 03:53, Fergie wrote:
> I found it interesting that Cisco added this their most recent IDS
> signatures:

Bleedingsnort has the following signatures:

2001728 || BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic ||
url,tor.eff.org
2002950 || BLEEDING-EDGE POLICY TOR 1.0 Server Key Retrival ||
url,tor.eff.org
2002951 || BLEEDING-EDGE POLICY TOR 1.0 Status Update || url,tor.eff.org
2002952 || BLEEDING-EDGE POLICY TOR 1.0 Inbound Circuit Traffic ||
url,tor.eff.org
2002953 || BLEEDING-EDGE POLICY TOR 1.0 Outbound Circuit Traffic ||
url,tor.eff.org

see: http://www.bleedingthreats.net/bleeding-sid-msg-map.txt

Enterasys Dragon has a TOR:NEGOTIATION rule in the MISUSE category.

My two eurocent.

Jan