[Snort-sigs] SSLv2 alerts

Chong Lee Poh Chong.LeePoh at ...3489...
Thu Jun 3 01:34:44 EDT 2010

Hi there, 

Previously, I get high no. of alerts of "WEB-MISC SSLv2 openssl get
shared ciphers overflow attempt {tcp}". It is a false alarm to me
because I am not running SSLv2. 

Recently, after I updated the rules dated 2010-04-15, my no. of snort
logs detected has reduced tremendously. I noticed that the recent rule
no longer detects "WEB-MISC SSLv2 openssl get shared ciphers overflow
attempt {tcp}". 

May I know why? 


This e-mail and any attachments therewith are intended only for the use of the address. This e-mail may contain confidential and privileged information. Any unauthorized use, copying or  disclosure of information contained in this e-mail or its attachments is strictly prohibited and may be unlawful. If you have received this e-mail in error, please contact the sender via return e-mail and delete this e-mail and attachments thereafter. Any confidentiality or privilege is not waived or lost because this e-mail has been sent to you by mistake. Any liability for viruses is excluded to the fullest extent permitted by law.

More information about the Snort-sigs mailing list