- Use Case Reference : SUC017
- Use Case Title : Web Proxy CONNECT Request
- Use Case Detection : IDS / HTTP logs
- Attacker Class : Opportunists
- Attack Sophistication : Unsophisticated
- Identified tool(s) : No
- Source IP(s) : Random
- Source Countries : Random
- Source Port(s) : Random
- Destination Port(s) : 80/TCP
Possible(s) correlation(s) :
- Apache web open proxy scans
Source(s) :
- Emerging Threats Policy Proxy
- Emerging Threats SIG 2001675
- Mod_Proxy should I bee nervous ?
We have detect some increasing Web Proxy CONNECT Request from Russia. Majority of the source IPs are from 95.24.0.0/13 CORBINA-BROADBAND. As you can see in the yearly events graph, we have around 7 more time scans events than previous months. Also the monthly TOP 10 source IPs graph show us that all the IPs are coming from the same range located in Russia.
