[Snort-sigs] ssp_ssl - excessive alerts

vincent at ...3611... vincent at ...3611...
Sun Jan 8 14:14:28 EST 2012


​Hello all,

I have been seeing an excessive amount of the following alerts being generated by the SSL preprocessor:

[137:1:1] ssp_ssl: Invalid Client HELLO after Server HELLO

I am currently running version 2.9.0.2 of Snort.

I came across the following post regarding this same issue:
http://groups.google.com/group/snortusers/browse_thread/thread/ee188618971c6c24

In this post, Joel Esler states the following, "You can suppress the alert."  However, he provided no information on why this particular alert is generating so much activity nor if there are any detriments to suppressing the alert.  Joel, or anyone else, can you elaborate on this issue?

Thanks,

Vincent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120108/98b2a5da/attachment.html>


More information about the Snort-sigs mailing list