Date: Wed, 10 Jul 2002 18:28:03 -0000 From: "Duncan Patton a Campbell" <campbell@neotext.ca> To: "Duncan Patton a Campbell" <campbell@neotext.ca>, "Dan Busarow" <dan@dpcsys.com> Cc: <security@FreeBSD.ORG> Subject: Re: FYI report: Reflected Distributed Denial of Service Attack Message-ID: <200207101828.g6AIS3403268@localhost.neotext.ca> In-Reply-To: <200207101819.g6AIJ2403235@localhost.neotext.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
This could be. But since I nuked /tmp... early on... The apache stuff says it does Windows98, but we have no apache on Windows and ... Duncan Patton a Campbell <campbell@neotext.ca> said: > > How does it affect a Windows 98 Box, which is what we had plugged > in, to trigger the storm? > > Dhu > > Dan Busarow <dan@dpcsys.com> said: > > > On Jul 10, Duncan Patton a Campbell wrote: > > > This a report FYI on an ongoing Reflected Distributed Denial of Service > attack > > > directed against the domain indx.ca since June 30/02. > > > > > > Background. > > > > > > The system (a website) consist of three FreeBSD 4.3 servers providing > > > a GIS goods and services locator function to the net. Indx.ca is > > > located in Burnaby B.C. on an ADSL link supplied by a Telus reseller, > > > Infoserve.net(cypherkey/aka aebc.com). > > > > > > Two boxes (ww1.indx.ca and ww2.indx.ca) provide the function's user > > > > java2:/usr/home/dan $ lynx -head -dump http://ww1.indx.ca > > HTTP/1.1 200 OK > > Date: Wed, 10 Jul 2002 16:45:41 GMT > > Server: Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a PHP/4.0.5 > > X-Powered-By: PHP/4.0.5 > > Connection: close > > Content-Type: text/html > > > > Your real problem is more than likely that you have been hit by > > the Apache worm. See if you have a file /tmp/.a on the systems. > > > > You need to upgrade to Apache 1.3.26 or 2.0.39 > > > > It happened to us too, on a box I had forgotten was running > > Apache. Even after cleaning it up and turning it off we had > > a full scale DOS that was bogging our router. We had to > > have our upstream filter the IP address that was being attacked > > on their end. > > > > Good luck! > > > > Dan > > -- > > Dan Busarow 949 443 4172 > > Dana Point Communications, Inc. dan@dpcsys.com > > Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 > > > > > > > > -- > Duncan (Dubh) Campbell ;-) > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Duncan (Dubh) Campbell ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207101828.g6AIS3403268>