Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Got PushDo SSL packets? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Got PushDo SSL packets?

Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the PushDo botnet. There has been a large rise in the detection of SSL packets hitting a number of domains, www.sans.org included.

If you are the admin of one of these 315 sites and you can grab some of these packets in a pcap and your willing to share, can you upload them via our contact form so that we can compare with what we are seeing.

Have a good weekend.

Steve Hall
ISC Handler of the day

Stephen

89 Posts
ISC Handler
Hi.
Has anyone bothered to correlate any similarities in the targets? For example are they running the same server or proxy or the same version of OpenSSL, etc.?
-Manichattan II

Anonymous
Maybe this is really a DDOS, since SSL handshake is more CPU intensive than a simple HTTP request. Question is: why waste so many bots for attacking so many different targets?

Sticky

3 Posts

Sign Up for Free or Log In to start participating in the conversation!