>From: "Keith T. Morgan" <keith.morganat_private> >We're starting to see a surge in scans for tcp 443. My guess is that someone has scripted an attack against the mod_ssl vulnerability. That I find unlikely since you exploit it by using a malformed certificate that the server must first verify. Thus to do this in a widespread fashion you would need to get Thawte/Verisign or one of the other large, "trusted" firms to issue you a cert that contains the malicious data. While possible I find this unlikely. What I would find more likely is people finally getting semi intelligent and realizing you can bypass the network IDS in most places by going to the SSL side of the web server. Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 11 2002 - 13:59:36 PST