[Snort-users] SSL CodeRed et al

Wilcoxon, Steve swilcoxon at ...1927...
Wed May 29 07:22:07 EDT 2002


I have seen cases where nimba could crash non-IIS servers because the server couldn't handle some of the strange URL's correctly and started using up resources. When Nimba first came out we had a middle tier java based server that crashing (every 1-2 hours) until we tracked it down to Nimba. Our solution was to have the traffic to that server go through an Apache server that was doing URL filtering and then ProxyPass/ProxyPassReverse. We also notified the manufacturer of the S/W about the problem, but no fix from them yet.

> -----Original Message-----
> From: bthaler at ...2720... [mailto:bthaler at ...2720...]
> Sent: Tuesday, May 28, 2002 10:20 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] SSL CodeRed et al
> 
> 
> Sorry for the dumb question, and I think I already know the 
> answer, but:
> 
> Has anyone heard of a CodeRed or Nimda variant attacking on 
> port 443 (SSL)?
> 
> The reason I'm asking, is that we have a web-based interface to an
> application that runs its own internal web server (not IIS), 
> and the service
> keeps dying.  The developer is claiming that the problem is 
> CodeRed or Nimda
> attacking on the SSL port.
> 
> We're about to tell them that they're fll of $hlt, but I 
> wante dto run it by
> you guys first...
> 
> 
> 
> 
> 
> 
> Regards,
> 
> Brad T.
> 
> 
> _______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list