doc.emergingthreats.net
Open in
urlscan Pro
72.12.209.155
Public Scan
URL:
https://doc.emergingthreats.net/2012079
Submission: On June 27 via manual from US — Scanned from DE
Submission: On June 27 via manual from US — Scanned from DE
Form analysis
3 forms found in the DOMName: threadmode0 — POST https://doc.emergingthreats.net/bin/save/Main/2012079
<form method="post" action="https://doc.emergingthreats.net/bin/save/Main/2012079" enctype="multipart/form-data" id="threadmode0" name="threadmode0"><input type="hidden" name="crypttoken" value="b2ef8bc9531238a2fd135021b7101b0c">
<div class="commentPlugin commentPluginPromptBox" style="margin: 5px 0;">
<div><textarea rows="5" cols="80" name="comment" class="twikiTextarea" wrap="soft" style="width: 100%"
onfocus="if(this.value=='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.')this.value=''"
onblur="if(this.value=='')this.value='Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.'">Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps.</textarea>
</div>
<div style="padding: 5px 0 0 0;"><input type="submit" value="Add to Documentation" class="twikiButton"></div>
</div><!--/commentPlugin-->
<input type="hidden" name="comment_action" value="save">
<input type="hidden" name="comment_type" value="threadmode">
<input type="hidden" name="comment_index" value="0">
</form>
Name: jumpForm — /bin/view/Main/2012079
<form name="jumpForm" action="/bin/view/Main/2012079"><input id="jumpFormField" type="text" class="twikiInputField twikiInputFieldBeforeFocus" name="topic" value="" size="18"><noscript> <input type="submit" class="twikiButton" size="5" name="submit"
value="Jump"> </noscript> </form>
Name: quickSearchForm — /bin/view/Main/WebSearch
<form name="quickSearchForm" action="/bin/view/Main/WebSearch"><input type="text" class="twikiInputField twikiInputFieldBeforeFocus" id="quickSearchBox" name="search" value="" size="18"><input type="hidden" name="scope" value="all"><input
type="hidden" name="web" value="Main"><noscript> <input type="submit" size="5" class="twikiButton" name="submit" value="Search"> </noscript> </form>
Text Content
EmergingThreats> Main Web>2012079 (2018-09-13, TWikiGuest) EditAttach ALERT TCP $HOME_NET ANY -> $EXTERNAL_NET ANY (MSG:"ET POLICY WINDOWS-BASED OPENSSL? TUNNEL CONNECTION OUTBOUND 2"; FLOW:ESTABLISHED; CONTENT:"|16 03 00|"; CONTENT:"|00 26|"; DISTANCE:0; CONTENT:"|00 39 00 38 00 35 00 16 00 13 00 0A 00 33 00 32 00 2F 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03|"; DISTANCE:0; THRESHOLD: TYPE BOTH, COUNT 1, SECONDS 300, TRACK BY_DST; REFERENCE:URL,WWW.STUNNEL.ORG/DOWNLOAD/BINARIES.HTML; CLASSTYPE:POLICY-VIOLATION; SID:2012079; REV:4; METADATA:CREATED_AT 2010_12_22, UPDATED_AT 2010_12_22;) Added 2018-09-13 19:42:23 UTC Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps. -------------------------------------------------------------------------------- Added 2018-09-13 17:55:12 UTC -------------------------------------------------------------------------------- ALERT TCP $HOME_NET ANY -> $EXTERNAL_NET ANY (MSG:"ET POLICY WINDOWS-BASED OPENSSL? TUNNEL CONNECTION OUTBOUND 2"; FLOW:ESTABLISHED; CONTENT:"|16 03 00|"; CONTENT:"|00 26|"; DISTANCE:0; CONTENT:"|00 39 00 38 00 35 00 16 00 13 00 0A 00 33 00 32 00 2F 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03|"; DISTANCE:0; THRESHOLD: TYPE BOTH, COUNT 1, SECONDS 300, TRACK BY_DST; REFERENCE:URL,WWW.STUNNEL.ORG/DOWNLOAD/BINARIES.HTML; CLASSTYPE:POLICY-VIOLATION; SID:2012079; REV:4; METADATA:CREATED_AT 2010_12_22, UPDATED_AT 2010_12_22;) Added 2017-08-07 21:05:09 UTC -------------------------------------------------------------------------------- ALERT TCP $HOME_NET ANY -> $EXTERNAL_NET ANY (MSG:"ET POLICY WINDOWS-BASED OPENSSL? TUNNEL CONNECTION OUTBOUND 2"; FLOW:ESTABLISHED; CONTENT:"|16 03 00|"; CONTENT:"|00 26|"; DISTANCE:0; CONTENT:"|00 39 00 38 00 35 00 16 00 13 00 0A 00 33 00 32 00 2F 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03|"; DISTANCE:0; THRESHOLD: TYPE BOTH, COUNT 1, SECONDS 300, TRACK BY_DST; REFERENCE:URL,WWW.STUNNEL.ORG/DOWNLOAD/BINARIES.HTML; CLASSTYPE:POLICY-VIOLATION; SID:2012079; REV:4;) Added 2011-10-12 19:33:25 UTC -------------------------------------------------------------------------------- ALERT TCP $HOME_NET ANY -> $EXTERNAL_NET ANY (MSG:"ET POLICY WINDOWS-BASED OPENSSL? TUNNEL CONNECTION OUTBOUND 2"; FLOW:ESTABLISHED; CONTENT:"|16 03 00|"; CONTENT:"|00 26|"; DISTANCE:0; CONTENT:"|00 39 00 38 00 35 00 16 00 13 00 0A 00 33 00 32 00 2F 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03|"; DISTANCE:0; THRESHOLD: TYPE BOTH, COUNT 1, SECONDS 300, TRACK BY_DST; CLASSTYPE:POLICY-VIOLATION; REFERENCE:URL,WWW.STUNNEL.ORG/DOWNLOAD/BINARIES.HTML; SID:2012079; REV:4;) Added 2011-04-11 15:49:36 UTC -------------------------------------------------------------------------------- ALERT TCP $HOME_NET ANY -> $EXTERNAL_NET ANY (MSG:"ET POLICY STUNNEL ENCRYPTED TUNNEL CONNECTION OUTBOUND 2"; FLOW:ESTABLISHED; CONTENT:"|16 03 00|"; CONTENT:"|00 26|"; DISTANCE:0; CONTENT:"|00 39 00 38 00 35 00 16 00 13 00 0A 00 33 00 32 00 2F 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03|"; DISTANCE:0; CLASSTYPE:POLICY-VIOLATION; REFERENCE:URL,WWW.STUNNEL.ORG/DOWNLOAD/BINARIES.HTML; SID:2012079; REV:2;) Added 2011-04-08 18:04:14 UTC -------------------------------------------------------------------------------- Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions Topic revision: r1 - 2018-09-13 - TWikiGuest * Main * Log In * Main Web * Create New Topic * Index * Search * Changes * Preferences * User Reference * ATasteOfTWiki * TextFormattingRules * Signature Reference * WebRss Feed * EmergingFAQ * * * Copyright © Emerging Threats