[Snort-sigs] Identifying Non-SSL traffic on port 443
Ray Van Dolson
rvandolson at ...3497...
Thu May 20 01:58:18 EDT 2010
On Wed, May 19, 2010 at 10:19:00PM -0700, Ray Van Dolson wrote:
> I need some pointers on how to create a rule to identify non-SSL
> traffic on port 443.
> I found this thread from a few years back with some good ideas in
> it, but I'm figuring someone out there must have an already working
> rule set or something to add to the discussion there.
Thinking out loud here, but could one make use of the SSLPP pre
processor for this?
alert tcp [10.0.0.0/8] any -> [!10.0.0.0/8] 443 (ssl_state:unknown; sid:4; rev:1;)
More information about the Snort-sigs