[Snort-sigs] 2522 WEB-MISC SSLv3 invalid Client_Hello attempt FP's

Kenneth G. Arnold bkarnold at ...1280...
Mon May 10 13:35:10 EDT 2004


I have close to 3000 alerts on this one today.  We are running Stronghold 
on Solaris.

At 03:00 PM 5/10/2004, Miner, Jonathan W (CSC) (US SSA) wrote:

>-----Original Message-----
>From:   snort-sigs-admin at lists.sourceforge.net on behalf of Matthew Jonkman
>Sent:   Thu 05/06/2004 05:54 PM
>To:     snort-sigs at lists.sourceforge.net
>Cc:
>Subject:        [Snort-sigs] 2522 WEB-MISC SSLv3 invalid Client_Hello 
>attempt   FP's
>I'm getting a false positive on every single ssl request to and from
>clients and servers. IIS, apache, the whole deal. And none are attacks.
>
>Anyone else seeing this? I don't have a dump of a real attack to use to
>try to pick this apart.
>
>Matt
>
>--------------------------------------------
>Matthew Jonkman, CISSP
>Senior Security Engineer


Brother Kenneth Arnold
System Administrator
Information Technology Services
Christian Brothers University
(901) 321-4333





More information about the Snort-sigs mailing list