Security Incidents mailing list archives

Re: HTTP CONNECT attempts

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 16 Apr 2002 23:21:17 -0400 (EDT)

On Tue, 16 Apr 2002, Dmitri Smirnov wrote:

need an advice. I've got more them 20 "HTTP CONNECT" IDS alerts (BugTraq
id 4131)  from 3 diff. sources for today and yesterday. Looks like some
tool is out and people started to use it. The only problem is: I don't
understand why people are trying to use port 80 to connect to port 443
(which is usually open to a world in my case).


Spammers or irc kiddies looking for proxies, perhaps?

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

HTTP CONNECT attempts Dmitri Smirnov (Apr 16)
- Re: HTTP CONNECT attempts Michal Zalewski (Apr 17)
- Re: HTTP CONNECT attempts nexus-mail (Apr 17)
- Re: HTTP CONNECT attempts Stephen (Apr 17)
- <Possible follow-ups>
- Re: HTTP CONNECT attempts zeno (Apr 16)