Subject: Re: Apache buffer overflow attempt
From: James Zuelow (e5z8652@zuelow.net)
Date: Sun Oct 13 2002 - 15:34:35 AKDT
On Sun, 13 Oct 2002 01:16:34 -0800
"The Alaskan Bear" <akbear@akbearsden.com> wrote:
>
> This wouldn't happen to be the affects of the worm that is out and is directed at the Apache SSL would it?
> I know there has been a lot of reports about a worm that has been put out that was strictly created to actually
> go after Linux Apache and the linux version only. I have not seen any of the output on it, but I wouldn't be
> surprised if this is some of the output from it.
>
> --
> Ted Montgomery
> The Alaskan Bear's Den
I don't know for sure but from what I've read about the various slapper variants, the worm does a "normal" request first to determine the server type and whether or not SSL is enabled. Since this server is neither Linux nor SSL, slapper should not attempt an attack. I didn't see any traffic from the source ip before the attack at all (although nothing saying that the source wasn't spoofed).
Never know - might be something brand new, also might be something too old to show up on the various security sites anymore.
Cheers,
James
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sun Oct 13 2002 - 15:32:03 AKDT