I wouldn't read too much into the missing "S" in the write-up. It's unclear from... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nl on Dec 14, 2020 \| parent \| context \| favorite \| on: Highly Evasive Attacker Leverages SolarWinds Suppl... I wouldn't read too much into the missing "S" in the write-up. It's unclear from that one rule but the majority of the Snort rules for this exploit stop HTTPS. Note the "port 443" in the rules.

marcan_42 on Dec 15, 2020 [–]

And those rules are matching TLS ciphertext (record headers and SNI). The path rule is matching plaintext, so it's obviously not inspecting TLS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact