Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
2
Replies

Unencrypted SSL Traffic

siscisco05
Level 1
Level 1

‎01-10-2007 02:58 PM - edited ‎03-10-2019 03:25 AM

I have a IPS 4215 and receive serveral notification for Unencrypted SSL Traffic, sig ID = 6005. Does anybody have any ides on how to eliminate these event.

Thanks

Labels:
0 Helpful
2 Replies 2

wsulym
Cisco Employee
Cisco Employee

‎01-11-2007 04:35 AM

We have not had reports of false positives for this signature, at least none that I can recall. Is there a chance that there is some application that might be using the standard SSL port but sending unencrypted text in that connection?

It may help if you can enabled verbose alerts for that signature so we can begin to take a closer look.

Is it always the same attacker/victim pair, the same attacker or the same victim? Might there be anything unique about the host machines involved?

0 Helpful

mhellman
Level 7
Level 7
In response to wsulym

‎01-11-2007 06:25 AM

Public facing web servers will see this alert a lot. how this sig works is hidden, however...

the kids these days are trying http on just about every port, including 443. also, an apache web server configured for ssl on port 443 will respond to a non-ssl request with an HTTP 200 and an explaination of the problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card