Hosting Provided By

Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit...

From: Chuck Swiger <cswiger(at)mac.com>
Date: Tue Feb 11 2003 - 22:00:01 EST

root@darks wrote:
> i got them too. i belive they are some sort of httpd version scanner. most
[ ... ]

The latter, agreed. My point was not so much that someone was scanning, or even that a sufficiently old version of apache+openssl is hackable, although both seem to be valid points worth knowing. :-) What seemed to be of more concern to me is that this exploit did not require lot of failed connection attempts (ie, to deduce a cryptographic weakness) before the attack succeeded.

If I didn't have a definite time stamp for the problem-- I have virtual_adrian going and a network-based monitoring tool checking every five minutes-- it would have been hard to track down (or even notice) the relevant pieces out of a half-million lines of Apache logfiles.

Anyway, take care,
-Chuck

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Feb 12 18:45:44 2003

This message: [ Message body ]
Next message: Mark E. Donaldson: "RE: Traffic on UDP 1815"
Previous message: Sahr, Kenneth: "RE: Traffic on UDP 1815"
In reply to root(at)darks: "Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT