Snort mailing list archives
RE: SSL CodeRed et al
From: "Wilcoxon, Steve" <swilcoxon () iqmarketing com>
Date: Tue, 28 May 2002 11:32:10 -0500
I have seen cases where nimba could crash non-IIS servers because the server couldn't handle some of the strange URL's correctly and started using up resources. When Nimba first came out we had a middle tier java based server that crashing (every 1-2 hours) until we tracked it down to Nimba. Our solution was to have the traffic to that server go through an Apache server that was doing URL filtering and then ProxyPass/ProxyPassReverse. We also notified the manufacturer of the S/W about the problem, but no fix from them yet.
-----Original Message----- From: bthaler () webstream net [mailto:bthaler () webstream net] Sent: Tuesday, May 28, 2002 10:20 AM To: snort-users () lists sourceforge net Subject: [Snort-users] SSL CodeRed et al Sorry for the dumb question, and I think I already know the answer, but: Has anyone heard of a CodeRed or Nimda variant attacking on port 443 (SSL)? The reason I'm asking, is that we have a web-based interface to an application that runs its own internal web server (not IIS), and the service keeps dying. The developer is claiming that the problem is CodeRed or Nimda attacking on the SSL port. We're about to tell them that they're fll of $hlt, but I wante dto run it by you guys first... Regards, Brad T. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SSL CodeRed et al Sean T. Ballard (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- <Possible follow-ups>
- SSL CodeRed et al bthaler (May 28)
- Re: SSL CodeRed et al Ryan Russell (May 28)
- Re: SSL CodeRed et al Phil Wood (May 28)
- RE: SSL CodeRed et al East, Bill (May 28)
- RE: SSL CodeRed et al Frank Knobbe (May 28)
- RE: SSL CodeRed et al bthaler (May 28)
- RE: SSL CodeRed et al Frank Knobbe (May 28)
- RE: SSL CodeRed et al Jim Grossl (May 28)
- RE: SSL CodeRed et al Wilcoxon, Steve (May 29)