[Snort-openappid] openVPN 443

valentin.giraud at ...128... valentin.giraud at ...128...
Tue Apr 12 04:53:46 EDT 2016


Hi Costas and thank you for the answer.

I do have a pcap (in attached document) of the traffic i am trying to 
detect.
I thought openappid could manage encrypted traffic (and detect openVPN).
To enable SSLPP, I tried to disable:  trustservers and 
noinspect_encrypted. But it did not work.


Le 11.04.2016 19:34, Costas Kleopa (ckleopa) a écrit :
> Do you have any pcap with this kind of traffic?
> If the traffic is encrypted then it maybe a challenge to identify the
> actual OpenVPN traffic.
> 
>> On Apr 11, 2016, at 7:11 AM, valentin.giraud at ...128... wrote:
>> 
>> Hi,
>> 
>> I am trying to detect openVPN on the port 443 (it already works with 
>> the
>> port 1194). Is it supposed to be detect by the default rules ? Or do i
>> have to write my own custom rules?
>> 
>> Valentin.
>> 
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications 
>> Manager
>> Applications Manager provides deep performance insights into multiple 
>> tiers of
>> your business applications. It resolves application problems quickly 
>> and
>> reduces your MTTR. Get your free trial! 
>> http://pubads.g.doubleclick.net/
>> gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
>> _______________________________________________
>> Snort-openappid mailing list
>> Snort-openappid at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-openappid
>> 
>> Please visit http://blog.snort.org to stay current on all the latest 
>> Snort news!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openVPN443.pcapng
Type: application/octet-stream
Size: 33820 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20160412/29f2ed58/attachment.obj>


More information about the Snort-openappid mailing list