[Snort-users] ssp_ssl: Invalid Client HELLO after Server HELLO Detected

Maurizio madeve1 at ...11827...
Thu May 14 04:13:19 EDT 2015


Hi,
I've a lot of matches with the signature in subject. In particular it 
involves mcafee clients vs mcafee policy orchestrator. Analyzing the packet 
captures (in attachment) related to a client server communication  I 
noticed that there is always a tcp retransmission and an anomalous handshake.
Can someone suggest me further methods to troubleshoot this problem on the 
network?
Is there a way to "turn off" the signature for specific hosts on specific 
ports?

Thank you
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_20150514_091933~02~01.jpg
Type: image/jpeg
Size: 1113319 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150514/e382fc6b/attachment.jpg>


More information about the Snort-users mailing list