[Bro] ssl analyzer
bchen at cs.ucf.edu
bchen at cs.ucf.edu
Tue Sep 20 20:39:34 PDT 2005
Hi all,
I am using Redhat Linux 7.3 with SSL v2 (has known vulnerability) to do some
experiments. I use Mozilla Firefox to access the https service in Linux 7.3
that has a self-signed certificate. I let Bro monitor this access. The
following log is in Weird log file.
1127272310.138988 ** 192.168.1.2/47011 > 172.16.112.5/https: SSLv2: FATAL:
recordLength doesn't match data block length!
1127272315.420757 ** 192.168.1.2/47012 > 172.16.112.5/https: SSLv2: FATAL:
recordLength doesn't match data block length!
And the ssl.log is empty.
Two questions:
(1)What are these two log entries about?
(2)I found no event in the ssl analyzer was fired. I put a single print
command
in each event handler in the ssl analyzer, and no single event handler was
called. Why can this happen? Please be noted that I already load ssl in mt.bro
and I run bro like this "./bro -i eth1 mt".
Any suggestion or comment?
thanks for your time
Bing
More information about the Bro
mailing list