Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ssp_ssl - excessive alerts

From: vincent () ragosta net
Date: Sun, 08 Jan 2012 14:14:28 -0500
​Hello all,

I have been seeing an excessive amount of the following alerts being generated by the SSL preprocessor:

[137:1:1] ssp_ssl: Invalid Client HELLO after Server HELLO

I am currently running version 2.9.0.2 of Snort.

I came across the following post regarding this same issue:
http://groups.google.com/group/snortusers/browse_thread/thread/ee188618971c6c24

In this post, Joel Esler states the following, "You can suppress the alert."  However, he provided no information on 
why this particular alert is generating so much activity nor if there are any detriments to suppressing the alert.  
Joel, or anyone else, can you elaborate on this issue?

Thanks,

Vincent

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: