[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DDOS attack ?!?

To: silug-discuss@silug.org
Subject: Re: DDOS attack ?!?
From: Jason Burke <jburke@luci.org>
Date: 16 Sep 2002 11:59:50 -0500
In-Reply-To: <16317346307.20020915154601@mygirlfriday.info>
Organization: Southern Illinois Linux Users Group
References: <1032122372.3d84f004566ee@www.cronkright.com> <16317346307.20020915154601@mygirlfriday.info>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

Greetings,

The slapper worm is not infecting all apache installations. It is
really an Apache-SSL exploit (since it is an SSL issue that's causing
it). What you're probably seeing is an attack on any apache server,
but it's the Apache-SSL servers that are vulnerable. You can tell if
your server is affected by checking to see if /tmp/.bugtraq or 
/tmp/bugtraq.c exists. There's a temporary fix to keep your system
safe at this URL

http://isc.incidents.org/analysis.html?id=167 

If you do get infected then your system will join in as a DDOS
client. I suspect that deleting the /tmp/.bugtraq file will stop
much of it, but I would also do a file system search for the file and
check open ports with lsof. The writeup is actually an interesting read,
and it includes the bugtraq.c source.

Jason

On Sun, 2002-09-15 at 15:46, Gary wrote:
> Hi Aaron,
> 
> On Sunday, September 15, 2002, 3:39 PM, you hammered out in part about "DDOS attack ?!?":
> 
> A> I am getting what seems to be a small scale ddos attack on my server at
> A> home and at work.  What I am getting is tons of UDP packets to port
> A> 2002.  Since my  ipchains/tables was set to REJECT instead of DENY, my
> A> box was kindly returning  ICMP "Port not reachable" packets.  I have
> A> since changed the firewall rule to  DENY so it will drop the packets
> A> and not reply.
> 
> Congrats.. you have, or are being attacked by the new linux.slapper.worm
> that started in Europe a few days ago.  It is affecting all Apache
> servers, and uses port 2002.
> 
> http://linuxtoday.com/news_story.php3?ltsn=2002-09-14-005-26-SC-SW
> 
> 
> -- 
>  
> Best regards,
>  Gary  
> 
> Today's thought: A woman drove me to drink and I didn't even have the decency to thank her.  ...W.C. Fields                      
> 
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: DDOS attack ?!?
  - From: Aaron Cronkright <aaron@cronkright.com>

References:
- DDOS attack ?!?
  - From: Aaron Cronkright <aaron@cronkright.com>
- Re: DDOS attack ?!?
  - From: Gary <gary@mygirlfriday.info>

Prev by Date: Re: dial up with winxp
Next by Date: Apt on CDROM (and nice sound editing, too)
Prev by thread: Re: DDOS attack ?!?
Next by thread: Re: DDOS attack ?!?
Index(es):
- Date
- Thread