I have seen a few occurances of someone opening up HTTPS connections on one of our servers until they reach a point where they fail to open up any more connections 3 times. They then close down all the connections. You can see a full packet trace at http://www.webscreen-technology.com/temp/attack20030707.htm
I have seen this a number of times from various IP addresses and it is always exactly the same. Our product which detected this prevents against these types of attacks anyway so it is not a problem but I was wondering if it is a particular attack tool going round the Internet profiling different sites to see how many connections they support. -- Gareth Blades Webscreen Technology _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
