|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: DoS
From: Tom Vogt (tom
lemuria.org)Date: Wed Apr 26 2000 - 19:58:02 CDT
- Next message: Crispin Cowan: "Re: Buffer Overflows and DoS"
- Previous message: Tom Vogt: "Re: Secure Linux Distro"
- Maybe reply: Tom Vogt: "Re: DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Douglas Ostling <quasiquasisoft.com> wrote:
> that lies unresponsive for hours and suspected overflow was to blame.
> Which situation is more desirable? What does it take for a program to
> recover effectively from an overflow?
I doubt you can safely recover from there. you would first have to estimate
the situation and see what exactly was smashed, and you would possibly have
to restore it in order to continue operation.
the best response for a server might be to kill that process and try to
continue with the others (e.g. kill the one apache that was smashed, but
leave the others running).
if you have only one process, or the main/father process was successfully
attacked, shutting down or a full restart are your only safe options, since
you don't know what damage you sustained, and in order to find that out
you'd have to go exactly where you don't want to go.
-- Welcome to the Information Superspyway
- Next message: Crispin Cowan: "Re: Buffer Overflows and DoS"
- Previous message: Tom Vogt: "Re: Secure Linux Distro"
- Maybe reply: Tom Vogt: "Re: DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]