Click HERE to learn more about classes Stephen is teaching for SANS

Got PushDo SSL packets?

Published: 2010-01-30. Last Updated: 2010-01-30 11:09:16 UTC
by Stephen Hall (Version: 1)
2 comment(s)

Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the PushDo botnet. There has been a large rise in the detection of SSL packets hitting a number of domains, www.sans.org included.

If you are the admin of one of these 315 sites and you can grab some of these packets in a pcap and your willing to share, can you upload them via our contact form so that we can compare with what we are seeing.

Have a good weekend.

Steve Hall
ISC Handler of the day

Keywords: PushDo
2 comment(s)
Click HERE to learn more about classes Stephen is teaching for SANS

Comments

Hi.
Has anyone bothered to correlate any similarities in the targets? For example are they running the same server or proxy or the same version of OpenSSL, etc.?
-Manichattan II

Manichattan II

Feb 1st 2010
1 decade ago

Maybe this is really a DDOS, since SSL handshake is more CPU intensive than a simple HTTP request. Question is: why waste so many bots for attacking so many different targets?

Sticky©

Feb 2nd 2010
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives