SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER OpenSSL ECDH malformed Client Hello denial of service attempt
This event is generated when an attacker attempts to exploit a denial of service vulnerability in OpenSSL. Impact: Detection of a Denial of Service Attack Details: This rule checks for attempts to exploit a denial of service vulnerability in OpenSSL. Ease of Attack:
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2011-3210The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. |
|