Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Red and port 443 (was RE: Code Red HELP!!!!)

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 9 Aug 2001 14:49:16 +1200
On Wed, Aug 08, 2001 at 09:28:34AM +0200, Thierry Coopman wrote:

The only way to avoid this is to have a reverse SSL proxy sending the 
requests, but the source of the *evil* requests will always be 
originating from the proxy, so you need to match them up with the 
proxy logs. The proxy can be used to filter unwanted traffic out of 
the requests too (like de XXXXXXXXX string to buffer overflow the 
server...


Doesn't the likes of stunnel have a transparent mode? You set up a stunnel
server as the router for your Web servers, Internet SSL's to it, and it
talks unencrypted to the end hosts. Voila! IDS works and everyone's got
"free" SSL support :-)

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: