Snort mailing list archives

Re: SSL CodeRed et al

From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 28 May 2002 09:57:29 -0600 (MDT)

On Tue, 28 May 2002 bthaler () webstream net wrote:

Has anyone heard of a CodeRed or Nimda variant attacking on port 443 (SSL)?


All the known variants of those two are hardcoded to port 80.  Unless
you've got some kind of SSL accelerator that automatically forwards
attempts to port 80 to 443 and does SSL on their behalf (and that is
possible to do..) then that's not the problem.

Shouldn't matter even if they did.... why would that crash your servers?

                                        Ryan


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: SSL CodeRed et al Sean T. Ballard (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- <Possible follow-ups>
- SSL CodeRed et al bthaler (May 28)
  - Re: SSL CodeRed et al Ryan Russell (May 28)
  - Re: SSL CodeRed et al Phil Wood (May 28)
- RE: SSL CodeRed et al East, Bill (May 28)
  - RE: SSL CodeRed et al Frank Knobbe (May 28)
    - RE: SSL CodeRed et al bthaler (May 28)
- RE: SSL CodeRed et al Jim Grossl (May 28)
- RE: SSL CodeRed et al Wilcoxon, Steve (May 29)