[Snort-users] SSL CodeRed et al

bthaler at ...2720... bthaler at ...2720...
Tue May 28 08:46:02 EDT 2002


I know I wouldn't be able to see the encrypted traffic, but that's only an
issue if the worm is actually making a SSL connection, which I seriously
doubt.

If, on the other hand, the worm was just blindly sending the exploit data to
port 443, Snort would be able to pick it up.

Either way, I think they're full of crap too.  They're product isn't based
on IIS, so these worms shouldn't be an issue.







Sincerely,

Brad T.





> -----Original Message-----
> From: Sean T. Ballard [mailto:stballard at ...4587...]
> Sent: Tuesday, May 28, 2002 11:27 AM
> To: bthaler at ...2720...; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] SSL CodeRed et al
>
>
> Sounds like there full of crap to me. I never see worm traffic on
> 443 because of the encryption.
>
> -Sean
>
> -----Original Message-----
> From: bthaler at ...2720... [mailto:bthaler at ...2720...]
> Sent: Tuesday, May 28, 2002 11:20 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] SSL CodeRed et al
>
>
> Sorry for the dumb question, and I think I already know the answer, but:
>
> Has anyone heard of a CodeRed or Nimda variant attacking on port
> 443 (SSL)?
>
> The reason I'm asking, is that we have a web-based interface to an
> application that runs its own internal web server (not IIS), and
> the service
> keeps dying.  The developer is claiming that the problem is
> CodeRed or Nimda
> attacking on the SSL port.
>
> We're about to tell them that they're fll of $hlt, but I wante
> dto run it by
> you guys first...
>
>
>
>
>
>
> Regards,
>
> Brad T.
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list