[Snort-users] ssp_ssl: Invalid Client HELLO after Server HELLO Detected
madeve1 at ...11827...
Thu May 14 04:13:19 EDT 2015
I've a lot of matches with the signature in subject. In particular it
involves mcafee clients vs mcafee policy orchestrator. Analyzing the packet
captures (in attachment) related to a client server communication I
noticed that there is always a tcp retransmission and an anomalous handshake.
Can someone suggest me further methods to troubleshoot this problem on the
Is there a way to "turn off" the signature for specific hosts on specific
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1113319 bytes
Desc: not available
More information about the Snort-users