I get the following alert every time I use the SSLVPN:
Intrusion Protection Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=2657
Time...........: 2007:10:14-17:48:39
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Attempted Administrator Privilege Gain IP protocol....: 6 (TCP)
It seems that the SSLVPN itself is doing something that Snort thinks is an attack, yet it is not. The VPN session does not appear to be affected in any way from the dropped packet(s). Does anyone else see this when using SSLVPN? Is there a way to change only this single rule to not notify me, since it gets annoying?
This thread was automatically locked due to age.