Short Name |
APP:ENCRYPTED-TRAFFIC-2 |
---|---|
Severity |
Info |
Recommended |
No |
Category |
APP |
Keywords |
ENCRYPTED traffic |
Release Date |
2009/01/16 |
Update Number |
1352 |
Supported Platforms |
idp-4.1.110110609+ |
This anomaly triggers when it detects traffic that appears to be encrypted and that does not match any known protocol. This anomaly can be used to detect protocols that try to avoid detection, such as skype, bittorrent, or botnets. This version of the anomaly is moderately strict, and is a compromise between false-positives and false-negatives.