[Snort-users] SSL CodeRed et al

Sean T. Ballard stballard at ...4587...
Tue May 28 08:29:04 EDT 2002

Sounds like there full of crap to me. I never see worm traffic on 443 because of the encryption.


-----Original Message-----
From: bthaler at ...2720... [mailto:bthaler at ...2720...]
Sent: Tuesday, May 28, 2002 11:20 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SSL CodeRed et al

Sorry for the dumb question, and I think I already know the answer, but:

Has anyone heard of a CodeRed or Nimda variant attacking on port 443 (SSL)?

The reason I'm asking, is that we have a web-based interface to an
application that runs its own internal web server (not IIS), and the service
keeps dying.  The developer is claiming that the problem is CodeRed or Nimda
attacking on the SSL port.

We're about to tell them that they're fll of $hlt, but I wante dto run it by
you guys first...


Brad T.


Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list