Re: HTTPS scans
From: Kurt Seifried (bugtraq@seifried.org)Date: 03/11/02
- Previous message: Eric Brandwine: "Re: nouser - rootkit ?"
- In reply to: Keith T. Morgan: "HTTPS scans"
- Next in thread: H C: "Re: HTTPS scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <bugtraq@seifried.org> To: "Keith T. Morgan" <keith.morgan@terradon.com>, <incidents@securityfocus.com> Date: Mon, 11 Mar 2002 12:20:45 -0700
>From: "Keith T. Morgan" <keith.morgan@terradon.com>
>We're starting to see a surge in scans for tcp 443. My guess is that
someone has scripted an attack against the mod_ssl vulnerability.
That I find unlikely since you exploit it by using a malformed certificate
that the server must first verify. Thus to do this in a widespread fashion
you would need to get Thawte/Verisign or one of the other large, "trusted"
firms to issue you a cert that contains the malicious data. While possible I
find this unlikely. What I would find more likely is people finally getting
semi intelligent and realizing you can bypass the network IDS in most places
by going to the SSL side of the web server.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Eric Brandwine: "Re: nouser - rootkit ?"
- In reply to: Keith T. Morgan: "HTTPS scans"
- Next in thread: H C: "Re: HTTPS scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
