SSL: SSLv3 Brute Force Attempt

This signature is to detect large number of SSLv3 handshake attempt to SSL server from a particular client. Excessive attempts can indicate a Brute force attack against the SSL server.

Extended Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Affected Products

Openssl openssl

References

BugTraq: 70574

CVE: CVE-2014-3566

Short Name
SSL:SSL-V3-BRUTE-FORCE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
Attempt Brute CVE-2014-3566 Force SSLv3 bid:70574
Release Date
10/20/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Ibm

Redhat

Fedoraproject

Openssl

Opensuse

Novell

Mageia

Oracle

Netbsd

Debian

Apple

CVSS Score

4.3

Found a potential security threat?