----- Forwarded message from Elias Levy <[EMAIL PROTECTED]> -----
> From: Elias Levy <[EMAIL PROTECTED]>
> Reply-To: Elias Levy <[EMAIL PROTECTED]>
> X-Mailer: Mutt 1.0.1i
> Date: Fri, 11 Aug 2000 19:10:11 -0700
> To: [EMAIL PROTECTED]
> Subject: Apache Distributed Denial of Service
>
> From: "Security Operations Center 1 - farm9" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Apache Distributed Denial of Service
> Date: Thu, 10 Aug 2000 18:02:52 -0700
> Message-ID: <[EMAIL PROTECTED]>
>
> Apache Distributed Denial of Service
>
> August 10, 2000
> 4:51 pm PST
>
> We are seeing what we believe is a Windows-based DDOS attack against Apache
> servers involving over 500 hosts. If you are seeing this at your site
> and/or know more about the attacking software please contact the farm9
> Security Operations Center at [EMAIL PROTECTED]
>
> On Thursday August 8, 2000 at 10:46 am PST, one of our clients began
> receiving numerous Distributed Denial of Service (DDOS) attacks originating
> from over 500 different IP address. The attack is continuous and ongoing
> through the time of this writing.
>
> Originator systems are all windows based and are located at a mixture of
> individual, commercial and military site. E-mail notification was sent on
> 8/10/00 to some originator IP addresses.
>
> The attack was unsuccessful due to the fact that the targeted system is
> running a later version of Apache that is not vulnerable to the attack.
>
> Contact has been initiated with the network managers and postmasters of the
> informing the system owners that attacks were originating from their
> machines. Responses from originator sites are still pending.
>
> The signature for this type of attack is that IP packets have the SLASHES in
> the data frames that are sent to the target system. This attack signature is
> consistent with the HTTP_Apache_DOS Attack.
>
> HTTP Apache Attack Description
> Technical Description: By requesting a URL which contains thousands of
> slashes ('/'), an Apache Web server can be put into a state where it will
> use an increasing amount of CPU time. This can deny service to other users.
>
> Why this is important: This attack can cause your web server to become
> inaccessible, or at least painfully slow.
>
> Systems affected: Apache Web server prior to 1.2.5
> What to do: Upgrade your Apache server to 1.2.5 or later.
>
> Prepared by:
> Farm9.com, Inc.
> Security Operations Center
> [EMAIL PROTECTED]
> Contact: Guy Morgan [EMAIL PROTECTED] or George Milliken
> [EMAIL PROTECTED]
>
> ###
>
> Regards,
> Incident Response Coordinator
> Security Operations Center
> [EMAIL PROTECTED]
>
>
> www.farm9.com
> Intrusion Prevention
> And Incident Response
>
>
> ----- End forwarded message -----
>
> --
> Elias Levy
> SecurityFocus.com
> http://www.securityfocus.com/
> Si vis pacem, para bellum
>
>
----- End forwarded message -----
--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
