Re: HTTP CONNECT attempts
From: zeno (bugtraq@cgisecurity.net)Date: 04/16/02
- Previous message: Jose Nazario: "Re: Strange UDP Activity"
- Maybe in reply to: Dmitri Smirnov: "HTTP CONNECT attempts"
- Next in thread: Michal Zalewski: "Re: HTTP CONNECT attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: zeno <bugtraq@cgisecurity.net> To: Dmitri.Smirnov@roundheaven.com (Dmitri Smirnov) Date: Tue, 16 Apr 2002 17:07:03 -0400 (EDT)
Often times irc networks check using CONNECT and try to connect back to localhost to see
if the connection worked. Sometimes (rarely) attackers will scan for open proxies. Connecting back
to localhost is less noticed then to say another system.
>
> Morning,
>
> need an advice. I've got more them 20 "HTTP CONNECT" IDS alerts (BugTraq id 4131)
> from 3 diff. sources for today and yesterday. Looks like some tool is out and people started to use it.
> The only problem is: I don't understand why people are trying to use port 80 to connect to port 443 (which is usually open
> to a world in my case).
>
> Dmitri Smirnov, SSCP
> Security Team
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Jose Nazario: "Re: Strange UDP Activity"
- Maybe in reply to: Dmitri Smirnov: "HTTP CONNECT attempts"
- Next in thread: Michal Zalewski: "Re: HTTP CONNECT attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
