Thread-topic: [GLUG-tech] proxy aware worm/badness using port 443?
Port 443 gets used for ssl. Eg Secure socket layer.. This will be used by ALL banking sites etc etc as it is safer than http.
-----Original Message----- From: Soren Aalto [mailto:soren@xxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 12:54 PM To: glug-tech@xxxxxxxxxxxx
I have recently noticed a lot of traffic through our proxy out to port 443. OK, big deal. Except the traffic goes to oddball IP addresses that reverse resolve to dialup pools in Germany and suchlike.
This doesn't sound right -- and I notice one client machine is making lots of these connections to various IP addresses, sometimes sucking down large amounts of data. ATM, it's looking like 200Kbps of port 443 traffic comming in, which is, for us, a *lot*.
Anybody aware of any
- clever new p2p app that goes through proxy servers using CONNECT on port 443? - horrible new worm that does this?
Am I going to have to hurt somebody...again?
-- Soren Aalto Internet Services & Development University of Zululand
--- To unsubscribe: send the line "unsubscribe glug-tech" in the subject of a mail to "glug-tech-request@xxxxxxxxxxxx". Problems? Email "glug-tech-admins@xxxxxxxxxxxx". Archives are at http://www.linux.org.za/Lists-Archives/