Snort mailing list archives
ssp_ssl: Invalid Client HELLO after Server HELLO Detected
From: Maurizio <madeve1 () gmail com>
Date: Thu, 14 May 2015 10:13:19 +0200
Hi,I've a lot of matches with the signature in subject. In particular it involves mcafee clients vs mcafee policy orchestrator. Analyzing the packet captures (in attachment) related to a client server communication I noticed that there is always a tcp retransmission and an anomalous handshake. Can someone suggest me further methods to troubleshoot this problem on the network? Is there a way to "turn off" the signature for specific hosts on specific ports?
Thank you
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ssp_ssl: Invalid Client HELLO after Server HELLO Detected Maurizio (May 15)
- Re: ssp_ssl: Invalid Client HELLO after Server HELLO Detected Al Lewis (allewi) (May 16)