Unusual CRL traffic?
One of our readers, Brian, wrote in this morning saying that he was seeing an unusually high volume of traffic attempting to check certificate revocation lists (CRLs) from lots of different IPs (so it doesn't look like a denial of service attack, there are lots of both sources and destinations). I haven't heard of anything that going on that would cause this behavior, but thought I'd ask our readers if they were seeing anything similar. Could a patch have caused it? Microsoft did patch IE 10 days ago, but that would be quite a lag time. If anyone else is seeing this and could grab a sample of the traffic (so we could look at User-Agents, etc.) please respond below or through our contact page. Thanx in advance for your assistance.
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
Comments
Anonymous
Aug 26th 2014
1 decade ago
Anonymous
Aug 27th 2014
1 decade ago