[Bro] Question about tuning
bernhard at ICSI.Berkeley.EDU
Fri Feb 7 12:24:05 PST 2014
without actually looking into the analyzer source - if I am not mistaken what the message is saying is that
bro saw a server hello message being sent without the client hello being sent first (which
is required by the protocol).
I have not seen heard of this happening anywhere consistently, and cannot really
see how that usually should happen on a regular basis. Would it perhaps be possible to get a
trace of one connection that triggers this message?
On Feb 7, 2014, at 11:04 AM, Tim Ray <tray at 21ct.com> wrote:
> Getting lots of this in dpd:
> unexpected Handshake message SERVER HELLO from responder in state INITIAL
> Looks like in the SSL analyzer. By far the bulk of the messages we’re seeing. Anyone seen this and tuned it? Or is it indicative of a serious misconfiguration?
> Bro mailing list
> bro at bro-ids.org
More information about the Bro