[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Interestingly enough...

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Interestingly enough...
From: Jan Reister <Jan.Reister@xxxxxxxx>
Date: Tue, 07 Nov 2006 09:44:07 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 07 Nov 2006 03:44:06 -0500
In-reply-to: <20061030.185511.717.853601@webmail53.lax.untd.com>
References: <20061030.185511.717.853601@webmail53.lax.untd.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060927)

On 31/10/2006 03:53, Fergie wrote:
> I found it interesting that Cisco added this their most recent IDS
> signatures:

Bleedingsnort has the following signatures:

2001728 || BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic ||
url,tor.eff.org
2002950 || BLEEDING-EDGE POLICY TOR 1.0 Server Key Retrival ||
url,tor.eff.org
2002951 || BLEEDING-EDGE POLICY TOR 1.0 Status Update || url,tor.eff.org
2002952 || BLEEDING-EDGE POLICY TOR 1.0 Inbound Circuit Traffic ||
url,tor.eff.org
2002953 || BLEEDING-EDGE POLICY TOR 1.0 Outbound Circuit Traffic ||
url,tor.eff.org

see: http://www.bleedingthreats.net/bleeding-sid-msg-map.txt

Enterasys Dragon has a TOR:NEGOTIATION rule in the MISUSE category.

My two eurocent.

Jan

Follow-Ups:
- Re: Interestingly enough...
  - From: David Vennik
- IDS signatures [was Re: Interestingly enough...]
  - From: Nick Mathewson

Prev by Author: Re: Possible fishing attempt for eBay
Next by Author: Re: still slow browsing
Previous by thread: Re: Interestingly enough...
Next by thread: Re: Interestingly enough...
Index(es):
- Author
- Thread