ssp_ssl: Invalid Client HELLO after Server HELLO Detected

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

I've been seeing a lot of these in the past week or so.  Nothing on my sensors have changed, but there may have been 
changes in my network that caused this new behaviour.  Any ideas on where to look, and what exactly this is telling me? 
 Many different sources and many different destinations.  I'm currently running snort v2.9.0.4.

Here's my SSL config:

preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7702 7900 7901 7902 7903 7904 7905 7906 6907 7908 
7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted

--
Shawn Jefferson, Team Lead Security and Server Services, GCIH, GCFA
British Columbia Ferry Services Inc.
Tel: (250) 978-1508
Fax: (250) 405-3533
Shawn.Jefferson () bcferries com<mailto:Shawn.Jefferson () bcferries com> | www.bcferries.com<http://www.bcferries.com>



------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users