Date: Fri, 18 Oct 2002 15:14:21 +0200 (CEST) From: Martin Blapp <mb@imp.ch> To: <freebsd-questions@freebsd.org> Cc: <security@freebsd.org>, <dan@freebsd.org> Subject: Re: Apache DOS, help needed Message-ID: <20021018150116.B90671-100000@levais.imp.ch> In-Reply-To: <20021018123333.P90671-100000@levais.imp.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, In the meantime I've found some datapoints. This is a slapper DOS attack, a linux work which has been modified to kill apaches or to take them down. All apaches (also 1.27) are vulnerable. It hammers the server till all slots are filled, and then the apache server is not able to serve any customers anymore until these requests timeout. http://groups.google.com/groups?q=worm+apache+DOS+slapper&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3ebd7d0b.0210142024.75d362b6%40posting.google.com&rnum=5 http://groups.google.com/groups?q=worm+apache+DOS+slapper&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3ebd7d0b.0210142024.75d362b6%40posting.google.com&rnum=5 And this was proposed as fast fix: # AWB - another attempt to keep apache from being DOS'd by slapper ServerTokens ProductOnly ServerSignature Off Beside that DOS, I'm able to block apache with just a telnet and a perl script. I'd consider this as severe DOD vulnerability. Martin Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org> ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 061 826 93 00: +41 61 826 93 01 PGP: <finger -l mbr@freebsd.org> PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021018150116.B90671-100000>