Snort mailing list archives
RE: SSL CodeRed et al
From: <bthaler () webstream net>
Date: Tue, 28 May 2002 11:45:03 -0400
I know I wouldn't be able to see the encrypted traffic, but that's only an issue if the worm is actually making a SSL connection, which I seriously doubt. If, on the other hand, the worm was just blindly sending the exploit data to port 443, Snort would be able to pick it up. Either way, I think they're full of crap too. They're product isn't based on IIS, so these worms shouldn't be an issue. Sincerely, Brad T.
-----Original Message----- From: Sean T. Ballard [mailto:stballard () 4glschools com] Sent: Tuesday, May 28, 2002 11:27 AM To: bthaler () webstream net; snort-users () lists sourceforge net Subject: RE: [Snort-users] SSL CodeRed et al Sounds like there full of crap to me. I never see worm traffic on 443 because of the encryption. -Sean -----Original Message----- From: bthaler () webstream net [mailto:bthaler () webstream net] Sent: Tuesday, May 28, 2002 11:20 AM To: snort-users () lists sourceforge net Subject: [Snort-users] SSL CodeRed et al Sorry for the dumb question, and I think I already know the answer, but: Has anyone heard of a CodeRed or Nimda variant attacking on port 443 (SSL)? The reason I'm asking, is that we have a web-based interface to an application that runs its own internal web server (not IIS), and the service keeps dying. The developer is claiming that the problem is CodeRed or Nimda attacking on the SSL port. We're about to tell them that they're fll of $hlt, but I wante dto run it by you guys first... Regards, Brad T. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SSL CodeRed et al Sean T. Ballard (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- <Possible follow-ups>
- SSL CodeRed et al bthaler (May 28)
- Re: SSL CodeRed et al Ryan Russell (May 28)
- Re: SSL CodeRed et al Phil Wood (May 28)
- RE: SSL CodeRed et al East, Bill (May 28)
- RE: SSL CodeRed et al Frank Knobbe (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- RE: SSL CodeRed et al Frank Knobbe (May 28)
- RE: SSL CodeRed et al Jim Grossl (May 28)
- RE: SSL CodeRed et al Wilcoxon, Steve (May 29)