[Snort-sigs] DROWN Rule

Joel Esler (jesler) jesler at ...3865...
Mon Mar 14 17:37:03 EDT 2016

Yes, that is the correct rule, and yes, it’s still only available to subscribers.

Joel Esler
Manager, Talos Group

On Mar 14, 2016, at 3:54 PM, Scott Ellis <scorellis at ...2420...<mailto:scorellis at ...2420...>> wrote:

I read on the Internet somewhere that rule 1-38060 - POLICY-OTHER SSLv2 Client Hello attempt
would detect an attempt to infiltrate via a DROWN styled assault.  Can anyone confirm this, and also help me figure out where to get it?  the following link:
is rather short on details.  Perhaps this is one of those things for which we need to purchase a subscription?

Than you
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160314/af46b0ca/attachment.html>

More information about the Snort-sigs mailing list