I got caught in an IPS trap about an hour ago. I run Suricata as my IPS and my signatures were updated earlier today. I use Emerging Threats rule. I did the update to 0.04 and tried to get to the admin interface. It was unreachable. I got to thinking about it, and went to the IPS to have a look, the rule listed as “SURICATA TLS invalid handshake message” was being fired against my mailinabox server. I captured some traffic and it seems this is a false positive. If you run into any trouble accessing the interface, and you run Snort or Suricata, you might want to look at that rule. I am re-writing it, if anyone wants the rule, reply to this message.
Scott