[Oisf-users] Rule for TOR
Sergey Malinkin
malinkinsa at gmail.com
Mon Jun 27 13:55:21 UTC 2016
Hello,
Wrote a little rule for detect launch Tor Browser.
Test it, work fine.
alert tcp $HOME_NET any ->
[128.31.0.39,86.59.21.38,194.109.206.212,82.94.251.203,131.188.40.189,193.23.244.244,208.83.223.34,171.25.193.9,154.35.175.225,199.254.238.52]
any (msg:"Tor Connect to Directory Authorities
servers";detection_filter:track by_src, count 5, seconds 30; sid:108;
rev:1;)
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160627/d1a65eb1/attachment.html>
More information about the Oisf-users
mailing list