[Oisf-users] Rule for TOR

Sergey Malinkin malinkinsa at gmail.com
Mon Jun 27 13:55:21 UTC 2016

Wrote a little rule for detect launch Tor Browser.
Test it, work fine.

alert tcp $HOME_NET any ->
any (msg:"Tor Connect to Directory Authorities
servers";detection_filter:track by_src, count 5, seconds 30; sid:108;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160627/d1a65eb1/attachment.html>

More information about the Oisf-users mailing list