Snort mailing list archives
Re: Re: Code Red and port 443 (was RE: Code Red HELP!!!!)
From: Marsiske Stefan <stefan.marsiske () sysdata siemens hu>
Date: Wed, 8 Aug 2001 16:14:59 +0200
but in either case, your snort logs will show only your sslproxy (hw/sw) as a sourceip. you loose the info of the attacking host. right? On Wed, Aug 08, 2001 at 09:52:08AM -0400, Mike Johnson wrote:
Thierry Coopman [calvin () skynet be] wrote:The only way to avoid this is to have a reverse SSL proxy sending the requests, but the source of the *evil* requests will always be originating from the proxy, so you need to match them up with the proxy logs. The proxy can be used to filter unwanted traffic out of the requests too (like de XXXXXXXXX string to buffer overflow the server...If you were really this concerned about your SSL traffic, you've got a couple options. You can buy on of Intel's (someone else may make them, as weel) SSL accelerators that sit in front of your server. It acts as the SSL endpoint and spits plain text out the back end to your web servers. So, the traffic is protected across the big nasty Internet, but it's clear text to your web servers. You would then put snort on the part of the network where the traffic is in clear text. Your other option is to try something similar with stunnel. Mike -- Never trust a man who puts anything other than a finger up his nose. - _Snatch_ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
---end quoted text--- -- Stefan [http://web.interware.hu/stef] UPDATED:001031 gpg-key: http://web.interware.hu/stef/gpg.txt quote: "Hackers do not feel that leisure time is automatically any more meaningful than work time. The desirability of both depends on how they are realized. From the point of a view of a meaningful life, the entire work/leisure duality must be abandoned. As long as we are living our work or our leisure, we are not even truly living. Meaning cannot be found in work or leisure but has to arise out of the nature of the activity itself. Out of passion. Social value. Creativity." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Cod Red HELP!!!!, (continued)
- RE: Cod Red HELP!!!! van Oosterom, Peter (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Mark Spieth (Aug 07)
- Re: Cod Red HELP!!!! Ralf Hildebrandt (Aug 07)
- RE: Cod Red HELP!!!! Nigel Morse (Aug 07)
- RE: Cod Red HELP!!!! s I n (Aug 07)
- RE: Cod Red HELP!!!! Carolyn Beckman (Aug 07)
- Code Red and port 443 (was RE: Code Red HELP!!!!) George D. Nincehelser (Aug 07)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Carolyn Beckman (Aug 07)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Thierry Coopman (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Mike Johnson (Aug 08)
- Re: Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Marsiske Stefan (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Mike Johnson (Aug 08)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Erek Adams (Aug 08)
- RE: Cod Red HELP!!!! s I n (Aug 07)
- Re: Code Red and port 443 (was RE: Code Red HELP!!!!) Jason Haar (Aug 08)
- RE: Cod Red HELP!!!! van Oosterom, Peter (Aug 07)
- RE: Cod Red HELP!!!! s I n (Aug 07)
- Re: RE: Cod Red HELP!!!! Kyle R Maxwell (Aug 07)
- Re: RE: Cod Red HELP!!!! s I n (Aug 08)
- Re: RE: Cod Red HELP!!!! Erek Adams (Aug 08)
- Re: RE: Cod Red HELP!!!! tibuq (Aug 08)
- Re: Cod Red HELP!!!! Advanced Hosting UNIX Admin Daniel Fairchild (Aug 10)