[Snort-users] SSL CodeRed et al

Jim Grossl jgrossl at ...5957...
Tue May 28 14:08:03 EDT 2002

Before Cisco update the OS, the 675-8 DSL routers
were very susceptible to lockups because of CodeRed
scans. It might not be to much of a stretch for other
applications to be vulnerable. However I would have 
thought that the vendor would have fixed the problem
by now. How long have both worms been out?

Jim Grossl
Boise, Idaho USA 

-----Original Message-----
From: bthaler at ...2720... [mailto:bthaler at ...2720...]
Sent: Tuesday, May 28, 2002 9:20 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SSL CodeRed et al

Sorry for the dumb question, and I think I already know the answer, but:

Has anyone heard of a CodeRed or Nimda variant attacking on port 443 (SSL)?

The reason I'm asking, is that we have a web-based interface to an
application that runs its own internal web server (not IIS), and the service
keeps dying.  The developer is claiming that the problem is CodeRed or Nimda
attacking on the SSL port.

We're about to tell them that they're fll of $hlt, but I wante dto run it by
you guys first...


Brad T.


Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list