Project

General

Profile

Download (2.3 KB)

Feature #2957 » tls-inspection-rules.txt

Michal Vymazal, 05/03/2019 08:11 AM

 
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 server_keyx"; classtype:protocol-command-decode; ssl_version:tls1.2; ssl_state:server_keyx; sid:200030; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 client_keyx"; classtype:protocol-command-decode; ssl_version:tls1.2; ssl_state:client_keyx; sid:200031; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 server_hello"; classtype:protocol-command-decode; ssl_version:tls1.2; ssl_state:server_hello; sid:200032; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 client_hello"; classtype:protocol-command-decode; ssl_version:tls1.2; ssl_state:client_hello; sid:200033; rev:1;)

alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 server_keyx from_server"; classtype:protocol-command-decode; flow:from_server; ssl_version:tls1.2; ssl_state:server_keyx; sid:200050; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 client_keyx from_client"; classtype:protocol-command-decode; flow:from_client; ssl_version:tls1.2; ssl_state:client_keyx; sid:200051; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 server_hello from_server"; classtype:protocol-command-decode; flow:from_server; ssl_version:tls1.2; ssl_state:server_hello; sid:200052; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.2 client_hello from_client"; classtype:protocol-command-decode; flow:from_client; ssl_version:tls1.2; ssl_state:client_hello; sid:200053; rev:1;)

alert tls any ![443,636,989,990,992,993,994,995,5061,25] -> any !10050:10051 (msg:"TLSv1.2 server_keyx from_server unusual port"; classtype:protocol-command-decode; flow:from_server; ssl_version:tls1.2; ssl_state:server_keyx; sid:200060; rev:1;)
alert tls any !10050:10051 -> any ![443,636,989,990,992,993,994,995,5061,25] (msg:"TLSv1.2 client_keyx from_client unusual port"; classtype:protocol-command-decode; flow:from_client; ssl_version:tls1.2; ssl_state:client_keyx; sid:200061; rev:1;)

alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.1 client_keyx"; classtype:protocol-command-decode; ssl_version:tls1.1; ssl_state:client_keyx; sid:200131; rev:1;)
alert tls any !10050:10051 -> any !10050:10051 (msg:"TLSv1.0 client_keyx"; classtype:protocol-command-decode; ssl_version:tls1.0; ssl_state:client_keyx; sid:200231; rev:1;)

(2-2/4)