3 Replies Latest reply on Apr 5, 2017 9:58 AM by dk5em

    P2P: Skype Logon Process Detected (Mistake in the description of the skype4-ssl signature#6)

    dk5em

      Hi,

      I think there is a mistake in the description of the skype4-ssl signature#6 or the signature itself is wrong:

       

      Signature#6

      condition 1

      ap-tcp-rsp-text matches "\x16\x03\x01\x00" ( case-sensitive )

      [AND] ap-tcp-rsp-text matches "\x40\x1b\xe4\x86" ( case-sensitive )

       

      In our matched pcap-File we can only find the second part of the condition "\x40\x1b\xe4\x86".

       

      The first part has been never found!

      But in all cases we find "\x17\x03\x01\x00"

       

       

       

      Network Security Manager Version 8.3.7.52