Date: Mon, 22 Jan 2018 09:41:35 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Malicious URL ? https://[::]/ Message-ID: <nycvar.OFS.7.76.1801220930100.41328@mx.roble.com>
next in thread | raw e-mail | index | archive | help
Not necessarily BSD-related though this was discovered via a proxy server jail's process table. Source of the requests was a recently installed Firefox add-on. Not sure how to escape the pattern for search engines but nothing is found >From queries wrapped in double quotes. The absense of previous log entries or search results raises a number of questions. Is this IPv6-related? Neither the client nor the proxy have IPv6 enabled. Is it potentially malicious? If so by what mechanism? The Intel IME backdoor vector is a primary suspect for obvious reasons but am curious if anyone else has seen this? Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1801220930100.41328>