Hosting Provided By

Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit...

From: <root(at)darks>
Date: Tue Feb 11 2003 - 20:46:48 EST

i got them too. i belive they are some sort of httpd version scanner. most probably trying to look for either IIS unicode attacks or apache ssl hole.

Original Message ----- From: "Chuck Swiger" <cswiger@mac.com> To: <incidents@securityfocus.com> Sent: Tuesday, February 11, 2003 1:45 AM Subject: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit...

> Here are the relevant pieces of the Apache logfiles:
entropy
> [04/Feb/2003 05:01:52 14857] [info] Spurious SSL handshake
entropy
> [05/Feb/2003 20:41:09 00431] [info] Spurious SSL handshake
entropy
> [06/Feb/2003 09:51:08 00435] [error] SSL handshake failed: HTTP spoken
entropy
> [07/Feb/2003 01:46:31 00431] [info] Spurious SSL handshake
entropy
> [07/Feb/2003 12:37:45 00435] [info] Spurious SSL handshake
entropy
> [09/Feb/2003 08:32:04 00913] [info] Spurious SSL handshake

--

> This list is provided by the SecurityFocus ARIS analyzer service.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Wed Feb 12 18:36:42 2003

This message: [ Message body ]
Next message: jet: "Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit..."
Previous message: Richard Rager: "Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit..."
In reply to Chuck Swiger: "logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit..."
Next in thread: Chuck Swiger: "Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit..."
Reply: Chuck Swiger: "Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT