Snort mailing list archives
RE: SSL CodeRed et al
From: "East, Bill" <eastb () PFFCU org>
Date: Tue, 28 May 2002 12:16:16 -0400
-----Original Message----- From: bthaler () webstream net [mailto:bthaler () webstream net] Sent: Tuesday, May 28, 2002 11:45 AM To: Sean T. Ballard; snort-users () lists sourceforge net Subject: RE: [Snort-users] SSL CodeRed et al I know I wouldn't be able to see the encrypted traffic, but that's only an issue if the worm is actually making a SSL connection, which I seriously doubt. If, on the other hand, the worm was just blindly sending the exploit data to port 443, Snort would be able to pick it up. Either way, I think they're full of crap too. They're product isn't based on IIS, so these worms shouldn't be an issue.
Encrypted or no, if either worm was hitting the server, you would see the attack strings in IIS's logfiles. I would not rule out someone rewriting the worms to use SSL, but on the other hand I have not seen that traffic (yet). -- be - MOS I've already told you more than I know. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SSL CodeRed et al Sean T. Ballard (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- <Possible follow-ups>
- SSL CodeRed et al bthaler (May 28)
- Re: SSL CodeRed et al Ryan Russell (May 28)
- Re: SSL CodeRed et al Phil Wood (May 28)
- RE: SSL CodeRed et al East, Bill (May 28)
- RE: SSL CodeRed et al Frank Knobbe (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- RE: SSL CodeRed et al Frank Knobbe (May 28)
- RE: SSL CodeRed et al Jim Grossl (May 28)
- RE: SSL CodeRed et al Wilcoxon, Steve (May 29)