ReDuh.HTTP.Tunnel

description-logoDescription

This indicates an attempt to access ReDuh HTTP Tunnel.
ReDuh creates a HTTP proxy to tunnel data in and out of a network. It is often used to bypass firewall policy that only allows HTTP traffics. ReDuh can pass other TCP sessions such as RDP and SSH through the HTTP tunnel.

affected-products-logoAffected Products

All web servers

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from the network for any suspicious activity.
Look for a suspicious PHP, ASP, or JSP drop file on the web server, based on the IPS log entry.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-05 14.626 Default_action:pass:drop
2019-03-05 14.565