[Oisf-users] SSL Connections breaking in nfqueue mode.
Albert Whale
Albert.Whale at IT-Security-inc.com
Tue Apr 10 20:18:32 UTC 2018
Can someone please tell me why the connecting to HTTPS websites are
problematic when using the nfqueue run mode? This doesn't happen when I
am using af-packet mode.
In fact in nfqueue mode, I also get the following alerts from fast.log:
04/10/2018-13:05:49.504292 [**] [1:2210007:2] ITS Safe STREAM 3way
handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
192.168.1.180:61378
04/10/2018-13:05:50.534691 [**] [1:2210007:2] ITS Safe STREAM 3way
handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
192.168.1.180:61378
04/10/2018-13:05:51.570889 [**] [1:2210007:2] ITS Safe STREAM 3way
handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
192.168.1.180:61378
04/10/2018-13:05:53.632130 [**] [1:2210007:2] ITS Safe STREAM 3way
handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
192.168.1.180:61378
This is the error displayed in safari when I am running in-line IPS mode:
Any ideas or suggestions?
--
--
Albert E. Whale, CEH CHS CISA CISSP
Phone: 412-515-3010 | Email: Albert.Whale at IT-Security-inc.com
Cell: 412-889-6870
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/690ae276/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bohimnnhonmpjjin.png
Type: image/png
Size: 36421 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/690ae276/attachment-0001.png>
More information about the Oisf-users
mailing list