Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTPS scans

From: "Kurt Seifried" <bugtraq () seifried org>
Date: Mon, 11 Mar 2002 12:20:45 -0700
From: "Keith T. Morgan" <keith.morgan () terradon com>
We're starting to see a surge in scans for tcp 443.  My guess is that

someone has scripted an attack against the mod_ssl vulnerability.

That I find unlikely since you exploit it by using a malformed certificate
that the server must first verify. Thus to do this in a widespread fashion
you would need to get Thawte/Verisign or one of the other large, "trusted"
firms to issue you a cert that contains the malicious data. While possible I
find this unlikely. What I would find more likely is people finally getting
semi intelligent and realizing you can bypass the network IDS in most places
by going to the SSL side of the web server.

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: