Snort mailing list archives
Re: Identifying Non-SSL traffic on port 443
From: Ray Van Dolson <rvandolson () esri com>
Date: Wed, 19 May 2010 22:58:18 -0700
On Wed, May 19, 2010 at 10:19:00PM -0700, Ray Van Dolson wrote:
I need some pointers on how to create a rule to identify non-SSL traffic on port 443. I found this thread[1] from a few years back with some good ideas in it, but I'm figuring someone out there must have an already working rule set or something to add to the discussion there.
Thinking out loud here, but could one make use of the SSLPP pre processor for this? Something like: alert tcp [10.0.0.0/8] any -> [!10.0.0.0/8] 443 (ssl_state:unknown; sid:4; rev:1;) ? Ray ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Identifying Non-SSL traffic on port 443 Ray Van Dolson (May 19)
- Re: Identifying Non-SSL traffic on port 443 Ray Van Dolson (May 19)