thr3ads.net - freebsd security - Malicious URL ? https://[::]/ [Jan 2018]

If this information is useful, please help other people find it:
Share via:

Roger Marquis

2018-Jan-22 17:41 UTC

Malicious URL ? https://[::]/

Not necessarily BSD-related though this was discovered via a proxy
server jail's process table.

Source of the requests was a recently installed Firefox add-on.  Not
sure how to escape the pattern for search engines but nothing is
found>From queries wrapped in double quotes.   The absense of previous logentries or search results raises a number of questions.  Is this
IPv6-related?  Neither the client nor the proxy have IPv6 enabled.  Is
it potentially malicious?  If so by what mechanism?

The Intel IME backdoor vector is a primary suspect for obvious reasons
but am curious if anyone else has seen this?

Roger Marquis

Dag-Erling Smørgrav

2018-Jan-23 22:14 UTC

head link

Malicious URL ? https://[::]/

Roger Marquis <marquis at roble.com> writes:> Not necessarily BSD-related though this was discovered via a proxy
> server jail's process table.
Basically the IPv6 equivalent of https://127.0.0.1/.  ?[::]? is the
bracketed literal representation of the IPv6 localhost address.

DES
-- 
Dag-Erling Sm?rgrav - des at des.no

freebsd security - Jan 2018 - Malicious URL ? https://[::]/

Malicious URL ? https://[::]/

Malicious URL ? https://[::]/