""ET POLICY Possible ethereum traffic""
SID: 2021983
Revision: 1
Class Type: policy-violation
Metadata: created_at 2015_10_20, updated_at 2015_10_20
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "POST" Depth: 4
-
Value: "|22|id|22 3a|"
-
Value: "|22|jsonrpc|22 3a|"
-
Value: "|22|method|22 3a|"
Within:
PCRE: "/^[^/s]*(?:eth_(?:g(?:et(?:B(?:lock(?:TransactionCountBy(?:Number|Hash)|By(?:Number|Hash))|alance)|Transaction(?:By(?:Block(?:Number|Hash)AndIndex|Hash)|(?:Receip|Coun)t)|Uncle(?:ByBlock(?:Number|Hash)AndIndex|CountByBlock(?:Number|Hash))|(?:Filter(?:Change|Log)|Log)s|Co(?:mpilers|de)|StorageAt|Work)|asPrice)|(?:(?:new(?:PendingTransaction|Block)?|uninstall)Filt|blockNumb)er|s(?:(?:end(?:Raw)?Transactio|ig)n|ubmit(?:Hashrate|Work)|yncing)|c(?:o(?:mpile(?:S(?:olidity|erpent)|LLL)|inbase)|all)|(?:estimateGa|account)s|protocolVersion|hashrate|mining)|shh_(?:new(?:Identity|Filter|Group)|get(?:FilterChan|Messa)ges|uninstallFilter|hasIdentity|addToGroup|version|post)|db_(?:get(?:String|Hex)|put(?:String|Hex))|net_(?:listening|peerCount|version)|web3_(?:clientVersion|sha3))/R"
Special Options:
-
nocase
-
nocase
-
nocase