03-27-2018 01:42 PM - edited 02-21-2020 07:34 AM
Hello,
I was wondering, whether it is possible to create an Application Detector for HTTPs connections including SSLv2 Client Hello Requests.
If not is there any alternative how to capture and eventually block those kind of events with FireSIGHT.
Thanks,
Solved! Go to Solution.
03-27-2018 11:21 PM
Hi
I am assuming you need to block any connection attempt with SSLv2.
You can do that using intrusion rules. Snort rule(1:38060) POLICY-OTHER SSLv2 Client Hello attempt is available which (if configured to block) would block any client hello packet with SSLv2
Hope this helps,
Yogesh
03-27-2018 11:21 PM
Hi
I am assuming you need to block any connection attempt with SSLv2.
You can do that using intrusion rules. Snort rule(1:38060) POLICY-OTHER SSLv2 Client Hello attempt is available which (if configured to block) would block any client hello packet with SSLv2
Hope this helps,
Yogesh
03-28-2018 02:24 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: