SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER OpenSSL ECDH malformed Client Hello denial of service attempt
This event is generated when an attacker attempts to exploit a denial of service vulnerability in OpenSSL.
Detection of a Denial of Service Attack
This rule checks for attempts to exploit a denial of service vulnerability in OpenSSL.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2011-3210The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.
||Ease of Access||LOW