topic Unencrypted SSL Traffic in Network Security

Unencrypted SSL Traffic

siscisco05 — Sun, 10 Mar 2019 10:25:02 GMT

I have a IPS 4215 and receive serveral notification for Unencrypted SSL Traffic, sig ID = 6005. Does anybody have any ides on how to eliminate these event.

Thanks

Re: Unencrypted SSL Traffic

wsulym — Thu, 11 Jan 2007 12:35:38 GMT

We have not had reports of false positives for this signature, at least none that I can recall. Is there a chance that there is some application that might be using the standard SSL port but sending unencrypted text in that connection?

It may help if you can enabled verbose alerts for that signature so we can begin to take a closer look.

Is it always the same attacker/victim pair, the same attacker or the same victim? Might there be anything unique about the host machines involved?

Re: Unencrypted SSL Traffic

mhellman — Thu, 11 Jan 2007 14:25:59 GMT

Public facing web servers will see this alert a lot. how this sig works is hidden, however...

the kids these days are trying http on just about every port, including 443. also, an apache web server configured for ssl on port 443 will respond to a non-ssl request with an HTTP 200 and an explaination of the problem.