[Snort-sigs] SSL VPN Detection

Kotaro Takada cyanic.anubis at ...2420...
Mon Apr 11 13:44:40 EDT 2016


Are there rules that detect SSL VPN traffic (as opposed to other traffic,
e.g. HTTPS via 443)?

Compared to HTTPS, I hear that SSL VPN has some distinctive patterns in the
traffic, e.g. three-way handshake, no pause in traffic, etc.

Thank you,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160411/169474b0/attachment.html>

More information about the Snort-sigs mailing list