[atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection
john mail at johnbond.org
Wed May 21 17:13:13 CEST 2014
On 21/05/14 16:58, Philip Homburg wrote: > I'm curious what this firewall is trying to do. If it allows > unrestricted outbound connectivity over ssh, but not ssh on port 443. > What is that rule trying to protect? Its trying to prevent exactly this. A lot of exploits/malware dial home using the same assumption you do. i.e. 443 will be open. however most of the don't use ssl. With this in mind many IDS will drop anything talking on 443 that isn't ssl/tls. They also do the same protocol analysis on other ports so trying port 80 in this case is also likely to be drooped, as the traffic is not http.