All I just started receiving a lot of alerts "WEB-MISC SSLv2 openssl get shared ciphers overflow attempt". I just installed a new SBS2008 server and not sure why/what is causing this. Anyone seen this before? Solution?
FYI, I X'd out the real ip address 205.***.***.***
Intrusion Protection Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: WEB-MISC SSLv2 openssl get shared ciphers overflow attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=8426
Time...........: 2009:08:19-09:52:45
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)
Source IP address: 205.***.***.*** (ext.******xx.com)
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- Query the APNIC Whois Database
Source port: 9973
Destination IP address: 192.168.168.5
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- Query the APNIC Whois Database
Destination port: 443 (https)
This thread was automatically locked due to age.
