SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt
An indicator of this attack is a large number of SSL sessions being created by a single client.
A large number of SSL sessions will trigger this rule
Public information/Proof of Concept available
Known false positives, with the described conditions
If a customer environment expects a large number of sessions from the same origin (possibly a proxy situation) this rule can FP. Customers could disable this rule and create it as a custom rule with a detection filter tuned to their enviroment.
Talos
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
MITRE::ATT&CK Framework::Enterprise::Reconnaissance::Gather Victim Host Information
N/A
Not Applicable
CVE-2014-8730 |
Loading description
|
CVE-2014-3566 |
Loading description
|