Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Unencrypted SSL Traffic

I have a IPS 4215 and receive serveral notification for Unencrypted SSL Traffic, sig ID = 6005. Does anybody have any ides on how to eliminate these event.

Thanks

2 REPLIES
Cisco Employee

Re: Unencrypted SSL Traffic

We have not had reports of false positives for this signature, at least none that I can recall. Is there a chance that there is some application that might be using the standard SSL port but sending unencrypted text in that connection?

It may help if you can enabled verbose alerts for that signature so we can begin to take a closer look.

Is it always the same attacker/victim pair, the same attacker or the same victim? Might there be anything unique about the host machines involved?

Gold

Re: Unencrypted SSL Traffic

Public facing web servers will see this alert a lot. how this sig works is hidden, however...

the kids these days are trying http on just about every port, including 443. also, an apache web server configured for ssl on port 443 will respond to a non-ssl request with an HTTP 200 and an explaination of the problem.

167
Views
0
Helpful
2
Replies
CreatePlease to create content