Snort mailing list archives
ssp_ssl - excessive alerts
From: vincent () ragosta net
Date: Sun, 08 Jan 2012 14:14:28 -0500
​Hello all, I have been seeing an excessive amount of the following alerts being generated by the SSL preprocessor: [137:1:1] ssp_ssl: Invalid Client HELLO after Server HELLO I am currently running version 2.9.0.2 of Snort. I came across the following post regarding this same issue: http://groups.google.com/group/snortusers/browse_thread/thread/ee188618971c6c24 In this post, Joel Esler states the following, "You can suppress the alert." However, he provided no information on why this particular alert is generating so much activity nor if there are any detriments to suppressing the alert. Joel, or anyone else, can you elaborate on this issue? Thanks, Vincent
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- ssp_ssl - excessive alerts vincent (Jan 08)
- Re: ssp_ssl - excessive alerts Joel Esler (Jan 08)