01-10-2007 02:58 PM - edited 03-10-2019 03:25 AM
I have a IPS 4215 and receive serveral notification for Unencrypted SSL Traffic, sig ID = 6005. Does anybody have any ides on how to eliminate these event.
Thanks
01-11-2007 04:35 AM
We have not had reports of false positives for this signature, at least none that I can recall. Is there a chance that there is some application that might be using the standard SSL port but sending unencrypted text in that connection?
It may help if you can enabled verbose alerts for that signature so we can begin to take a closer look.
Is it always the same attacker/victim pair, the same attacker or the same victim? Might there be anything unique about the host machines involved?
01-11-2007 06:25 AM
Public facing web servers will see this alert a lot. how this sig works is hidden, however...
the kids these days are trying http on just about every port, including 443. also, an apache web server configured for ssl on port 443 will respond to a non-ssl request with an HTTP 200 and an explaination of the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide