[Bro] Bro behind a TLS reverse proxy
Philip Romero
promero at cenic.org
Tue Apr 10 11:28:42 PDT 2018
Brandon,
The systems I tested are on are listed below. I also asked my Systems
team to run the test on a datacenter hypervisor CentOS 7 server. Looks
like they got a "normal" response as well.
Physical Server (Old IBM System x3650 server):
$ sudo uname -a
Linux </hostname/> 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$
VirtualBox (5.2.8 r121009) VM (MacBook Pro Retina 15-inch, Mid 2015):
$ sudo uname -a
Linux </hostname/> 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37
UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$
VM test from Overt 4.1 hypervisor:
kernel - 3.10.0-693.5.2.el7.x86_64
2018-04-10 11:14:11.996559 IP6 ::1.57652 > ::1.80: Flags [S], seq
579221221, win 43690, options [mss 65476,sackOK,TS val 1190091725 ecr
0,nop,wscale 7], length 0
2018-04-10 11:14:11.996579 IP6 ::1.80 > ::1.57652: Flags [R.], seq 0,
ack 579221222, win 0, length 0
2018-04-10 11:14:11.996699 IP 127.0.0.1.43500 > 127.0.0.1.80: Flags [S],
seq 2884971053, win 43690, options [mss 65495,sackOK,TS val 1190091725
ecr 0,nop,wscale 7], length 0
2018-04-10 11:14:11.996715 IP 127.0.0.1.80 > 127.0.0.1.43500: Flags
[R.], seq 0, ack 2884971054, win 0, length 0
--
Philip Romero, CISSP, CISA
Sr. Information Security Analyst
CENIC
promero at cenic.org
Phone: (714) 220-3430
Mobile: (562) 237-9290
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180410/3bd47ba0/attachment.html
More information about the Bro
mailing list