Snort mailing list archives
SSLv2 alerts
From: "Chong Lee Poh" <Chong.LeePoh () allianz com my>
Date: Thu, 3 Jun 2010 13:34:44 +0800
Hi there, Previously, I get high no. of alerts of "WEB-MISC SSLv2 openssl get shared ciphers overflow attempt {tcp}". It is a false alarm to me because I am not running SSLv2. Recently, after I updated the rules dated 2010-04-15, my no. of snort logs detected has reduced tremendously. I noticed that the recent rule no longer detects "WEB-MISC SSLv2 openssl get shared ciphers overflow attempt {tcp}". May I know why? Thanks. /Chong This e-mail and any attachments therewith are intended only for the use of the address. This e-mail may contain confidential and privileged information. Any unauthorized use, copying or disclosure of information contained in this e-mail or its attachments is strictly prohibited and may be unlawful. If you have received this e-mail in error, please contact the sender via return e-mail and delete this e-mail and attachments thereafter. Any confidentiality or privilege is not waived or lost because this e-mail has been sent to you by mistake. Any liability for viruses is excluded to the fullest extent permitted by law. ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13, (continued)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Nigel Houghton (Apr 14)
- Re: Sourcefire VRT Certified Snort RulesUpdate2010-04-13 evilghost () packetmail net (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Jeff Nathan (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Jeff Nathan (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- Message not available
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- How to search for SID? Chong Lee Poh (Apr 15)
- Re: How to search for SID? Rodrigo Montoro(Sp0oKeR) (Apr 16)
- Re: How to search for SID? Joel Esler (Apr 16)
- SSLv2 alerts Chong Lee Poh (Jun 02)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Nigel Houghton (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 chris . kniseley (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 infosec posts (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)