Security Incidents mailing list archives
Re: HTTP CONNECT attempts
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 16 Apr 2002 23:21:17 -0400 (EDT)
On Tue, 16 Apr 2002, Dmitri Smirnov wrote:
need an advice. I've got more them 20 "HTTP CONNECT" IDS alerts (BugTraq id 4131) from 3 diff. sources for today and yesterday. Looks like some tool is out and people started to use it. The only problem is: I don't understand why people are trying to use port 80 to connect to port 443 (which is usually open to a world in my case).
Spammers or irc kiddies looking for proxies, perhaps? -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- HTTP CONNECT attempts Dmitri Smirnov (Apr 16)
- Re: HTTP CONNECT attempts Michal Zalewski (Apr 17)
- Re: HTTP CONNECT attempts nexus-mail (Apr 17)
- Re: HTTP CONNECT attempts Stephen (Apr 17)
- <Possible follow-ups>
- Re: HTTP CONNECT attempts zeno (Apr 16)