[Oisf-users] SSL Connections breaking in nfqueue mode.
Chris Boley
ilgtech75 at gmail.com
Tue Apr 10 21:52:39 UTC 2018
When you do a packet capture via wireshark on your endpoint client having
the connection issues, what does it saying?
On Tue, Apr 10, 2018 at 4:18 PM Albert Whale <
Albert.Whale at it-security-inc.com> wrote:
> Can someone please tell me why the connecting to HTTPS websites are
> problematic when using the nfqueue run mode? This doesn't happen when I am
> using af-packet mode.
>
> In fact in nfqueue mode, I also get the following alerts from fast.log:
>
> 04/10/2018-13:05:49.504292 [**] [1:2210007:2] ITS Safe STREAM 3way
> handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
> Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
> 192.168.1.180:61378
> 04/10/2018-13:05:50.534691 [**] [1:2210007:2] ITS Safe STREAM 3way
> handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
> Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
> 192.168.1.180:61378
> 04/10/2018-13:05:51.570889 [**] [1:2210007:2] ITS Safe STREAM 3way
> handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
> Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
> 192.168.1.180:61378
> 04/10/2018-13:05:53.632130 [**] [1:2210007:2] ITS Safe STREAM 3way
> handshake SYNACK with wrong ack [**] [Classification: Generic Protocol
> Command Decode] [Priority: 3] {TCP} 17.249.105.246:443 ->
> 192.168.1.180:61378
>
>
> This is the error displayed in safari when I am running in-line IPS mode:
>
> Any ideas or suggestions?
> --
> --
>
> Albert E. Whale, CEH CHS CISA CISSP
> Phone: 412-515-3010 | Email: Albert.Whale at IT-Security-inc.com
> Cell: 412-889-6870
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/faee971d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bohimnnhonmpjjin.png
Type: image/png
Size: 36421 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/faee971d/attachment-0001.png>
More information about the Oisf-users
mailing list