Joe Rhett wrote: > > [... about Slapper worm affecting immune servers ...] > > Thus my confusion on this topic -- people are feeling the brunt, and there > are numerous posts about changes to minimize the effect. But all of these > fixes are either (1) breaking something else or (2) security through > obscurity. We should definitely be investigating a real fix, and I'm not > seeing anything which indicates this.
The fix for the classic denial-of-service attack will likely not come from the OpenSSL community or the Apache community. If somebody is flooding you with traffic and taking your servers down, the best you can do is to block the packets before they hit your server. The fact that the Internet carries those packets to your server is a feature, not a bug to be fixed. If the hole the worm is looking for is patched and you can prevent the worm from even looking at you by changing the way Apache identifies itself, you're fixed. Any admin who is aware enough to change their server's identity string will also have patched the hole. The worm's authors are unlikely to try to find some other way to recognize Apache servers because there's no payoff for the effort. Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (425) 865-3297 Math & Computing Technology \ [EMAIL PROTECTED] POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
