Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 6320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(SFOS 16.01.2) IPS drops legimate traffic to https sites like Google

Director KUCC

After updating to SFOS 16.01.2 , getting a lot of OpenSSL DTLS SRTP Extension Parsing Denial of Service and OpenSSL Invalid Session Ticket Denial of Service detection , if dropped , https sites like google will not appear

 

 

2016-11-30 15:48:11
Signatures
Detect
bchrs03
14.139.185.66 :TCP(41233)
10.11.32.6 :TCP(62730)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:08
Signatures
Detect
stamp103
14.139.185.66 :TCP(41018)
10.11.40.100 :TCP(61820)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:08
Signatures
Detect
chemp107
14.139.185.66 :TCP(53907)
10.11.207.66 :TCP(50179)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:08
Signatures
Detect
stamp103
14.139.185.66 :TCP(36421)
10.11.40.100 :TCP(61924)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:08
Signatures
Detect
stamp103
14.139.185.66 :TCP(41045)
10.11.40.100 :TCP(61920)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:07
Signatures
Detect
stamp103
14.139.185.66 :TCP(41016)
10.11.40.100 :TCP(61818)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
demps007
14.139.185.66 :TCP(40882)
10.11.202.33 :TCP(51149)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
btyra020
14.139.185.66 :TCP(40898)
10.11.8.63 :TCP(49210)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
geoms204
14.139.185.66 :TCP(51717)
10.11.200.3 :TCP(2769)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
gispd004
14.139.185.66 :TCP(34390)
10.11.184.31 :TCP(3275)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
stamp103
14.139.185.66 :TCP(46070)
10.11.40.100 :TCP(61737)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
zoofac02
14.139.185.66 :TCP(60798)
10.11.169.78 :TCP(55009)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
20
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
stamp103
14.139.185.66 :TCP(46023)
10.11.40.100 :TCP(61735)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
stamp103
14.139.185.66 :TCP(46074)
10.11.40.100 :TCP(61739)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
bchrs25
14.139.185.66 :TCP(50852)
10.11.32.74 :TCP(52526)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
bchrs25
14.139.185.66 :TCP(50852)
10.11.32.74 :TCP(52526)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
stamp103
14.139.185.66 :TCP(46031)
10.11.40.100 :TCP(61731)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
geoms204
14.139.185.66 :TCP(57315)
10.11.200.3 :TCP(2772)
1141015170
OpenSSL Invalid Session Ticket Denial of Service
Misc
All
All
22
07001
Open PCAP
2016-11-30 15:48:06
Signatures
Detect
ecors06
14.139.185.66 :TCP(40863)
10.11.203.21 :TCP(60797)
1141015150
OpenSSL DTLS SRTP Extension Parsing Denial of Service
Misc
All
All
22
07001
Open PCAP


This thread was automatically locked due to age.
Parents Reply Children
No Data