Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Duncan Patton a Campbell (campbell_at_neotext.ca)
Date: Wed Jul 10 2002 - 13:28:03 CDT
This could be. But since I nuked /tmp... early on... The apache
stuff says it does Windows98, but we have no apache on Windows and ...
Duncan Patton a Campbell <campbellneotext.ca> said:
> How does it affect a Windows 98 Box, which is what we had plugged
> in, to trigger the storm?
> Dan Busarow <dandpcsys.com> said:
> > On Jul 10, Duncan Patton a Campbell wrote:
> > > This a report FYI on an ongoing Reflected Distributed Denial of Service
> > > directed against the domain indx.ca since June 30/02.
> > >
> > > Background.
> > >
> > > The system (a website) consist of three FreeBSD 4.3 servers providing
> > > a GIS goods and services locator function to the net. Indx.ca is
> > > located in Burnaby B.C. on an ADSL link supplied by a Telus reseller,
> > > Infoserve.net(cypherkey/aka aebc.com).
> > >
> > > Two boxes (ww1.indx.ca and ww2.indx.ca) provide the function's user
> > java2:/usr/home/dan $ lynx -head -dump http://ww1.indx.ca
> > HTTP/1.1 200 OK
> > Date: Wed, 10 Jul 2002 16:45:41 GMT
> > Server: Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a PHP/4.0.5
> > X-Powered-By: PHP/4.0.5
> > Connection: close
> > Content-Type: text/html
> > Your real problem is more than likely that you have been hit by
> > the Apache worm. See if you have a file /tmp/.a on the systems.
> > You need to upgrade to Apache 1.3.26 or 2.0.39
> > It happened to us too, on a box I had forgotten was running
> > Apache. Even after cleaning it up and turning it off we had
> > a full scale DOS that was bogging our router. We had to
> > have our upstream filter the IP address that was being attacked
> > on their end.
> > Good luck!
> > Dan
> > --
> > Dan Busarow 949 443 4172
> > Dana Point Communications, Inc. dandpcsys.com
> > Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82
> Duncan (Dubh) Campbell ;-)
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- Duncan (Dubh) Campbell ;-)
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message