3 Replies Latest reply on Apr 5, 2017 9:58 AM by dk5em

    P2P: Skype Logon Process Detected (Mistake in the description of the skype4-ssl signature#6)



      I think there is a mistake in the description of the skype4-ssl signature#6 or the signature itself is wrong:



      condition 1

      ap-tcp-rsp-text matches "\x16\x03\x01\x00" ( case-sensitive )

      [AND] ap-tcp-rsp-text matches "\x40\x1b\xe4\x86" ( case-sensitive )


      In our matched pcap-File we can only find the second part of the condition "\x40\x1b\xe4\x86".


      The first part has been never found!

      But in all cases we find "\x17\x03\x01\x00"




      Network Security Manager Version