[Snort-sigs] 2522 WEB-MISC SSLv3 invalid Client_Hello attempt FP's

Miner, Jonathan W (CSC) (US SSA) jonathan.w.miner at ...2476...
Mon May 10 13:02:02 EDT 2004

Me too. *I think*

Many of the requests have come from legitimate business partners, and it does not appear that they're doing anything malicious.  I'm running iPlanet servers with Solaris.

-----Original Message-----
From:	snort-sigs-admin at lists.sourceforge.net on behalf of Matthew Jonkman
Sent:	Thu 05/06/2004 05:54 PM
To:	snort-sigs at lists.sourceforge.net
Subject:	[Snort-sigs] 2522 WEB-MISC SSLv3 invalid Client_Hello attempt   FP's
I'm getting a false positive on every single ssl request to and from 
clients and servers. IIS, apache, the whole deal. And none are attacks.

Anyone else seeing this? I don't have a dump of a real attack to use to 
try to pick this apart.


Matthew Jonkman, CISSP
Senior Security Engineer

This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list