Short Name |
APP:ENCRYPTED-TRAFFIC-3 |
---|---|
Severity |
Info |
Recommended |
No |
Category |
APP |
Keywords |
ENCRYPTED traffic |
Release Date |
2009/01/16 |
Update Number |
1352 |
Supported Platforms |
idp-4.1.110110609+ |
This anomaly triggers when it detects traffic that appears to be encrypted and that does not match any known protocol. This anomaly can be used to detect protocols that try to avoid detection, such as skype, bittorrent, or botnets. This version of the anomaly is the most strict, and should create the fewest false positives.