Security Onion and Elsa issues
So the other day while reviewing alerts in Squert I noticed a lot of alerts triggering for ‘ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack.’ The rule for this is: alert tcp $EXTERNAL_NET [443,465,993,995,25] -> $HOME_NET any (msg:”ET POLICY SSLv3 outbound connection from client vulnerable to POODLE…