Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Got PushDo SSL packets? - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Got PushDo SSL packets?

Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the PushDo botnet. There has been a large rise in the detection of SSL packets hitting a number of domains, included.

If you are the admin of one of these 315 sites and you can grab some of these packets in a pcap and your willing to share, can you upload them via our contact form so that we can compare with what we are seeing.

Have a good weekend.

Steve Hall
ISC Handler of the day


89 Posts
ISC Handler
Has anyone bothered to correlate any similarities in the targets? For example are they running the same server or proxy or the same version of OpenSSL, etc.?
-Manichattan II

Maybe this is really a DDOS, since SSL handshake is more CPU intensive than a simple HTTP request. Question is: why waste so many bots for attacking so many different targets?


3 Posts

Sign Up for Free or Log In to start participating in the conversation!