Jay Austad <austad at signal15.com> writes: > I don't think you'll see anything in the logs, as the exploit is > actually in the SSL negotiation phase, before the time that anything > would make an http request. Since apache doesn't log just connection > attempts, you won't see it. If you turned on some debugging > somewhere, you might see traces of it. It's possible that something > like snort would not be able to see it either, because the exploit may > take place after a secure session is set up. I'm not sure at what > point of the ssl negotiation that the exploit actually takes place. As I read the advisory, there's an initial probe where what it's really looking for is configuration info, which logs a specific request. -- David Dyer-Bennet, dd-b at dd-b.net / http://www.dd-b.net/dd-b/ John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net Dragaera mailing lists, see http://dragaera.info