WinHTTP Web Proxy

Este tópico contém resposta, possui 2 vozes e foi atualizado pela última vez por  danegd 1 mês, 4 semanas atrás.

  • Autor
    Posts
  • #22693

    Dario Silva
    Participante

    Prezados, bom dia!

    Estou com uma duvida, o que seria esse WinHttp que aparece no IDS. Ataque?

    Prevençã.. 2019-04-12 11:09:43 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51225 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:09 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51419 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:38 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51601 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:09:44 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51231 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:12 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51425 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:09:44 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51249 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:40 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51612 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:41 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51635 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:13 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51430 -> 192.168.30.9:80
    Prevençã.. 2019-04-12 11:10:14 snort[19557]: [1:2022913:1] ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.30.9:51446 -> 192.168.30.9:80

  • #22698

    danegd
    Participante

    Estou pesquisando sobre isso tbm, ainda não achei comentários sobre o assunto

Você deve fazer login para responder a este tópico.