""ET P2P TOR 1.0 Inbound Circuit Traffic""

SID: 2002952

Revision: 5

Class Type: policy-violation

Metadata: created_at 2010_07_30, updated_at 2010_07_30

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 1024:

Flow: established

Contents:

• Value: "TOR"

• Value: ""

Within: 35

PCRE:

Special Options:

• rawbytes

source