Date: Wed, 10 Jul 2002 18:19:02 -0000 From: "Duncan Patton a Campbell" <campbell@neotext.ca> To: "Dan Busarow" <dan@dpcsys.com> Cc: <security@freebsd.org> Subject: Re: FYI report: Reflected Distributed Denial of Service Attack Message-ID: <200207101819.g6AIJ2403235@localhost.neotext.ca> In-Reply-To: <Pine.BSF.4.21.0207100942250.82236-100000@java2.dpcsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
How does it affect a Windows 98 Box, which is what we had plugged in, to trigger the storm? Dhu Dan Busarow <dan@dpcsys.com> said: > On Jul 10, Duncan Patton a Campbell wrote: > > This a report FYI on an ongoing Reflected Distributed Denial of Service attack > > directed against the domain indx.ca since June 30/02. > > > > Background. > > > > The system (a website) consist of three FreeBSD 4.3 servers providing > > a GIS goods and services locator function to the net. Indx.ca is > > located in Burnaby B.C. on an ADSL link supplied by a Telus reseller, > > Infoserve.net(cypherkey/aka aebc.com). > > > > Two boxes (ww1.indx.ca and ww2.indx.ca) provide the function's user > > java2:/usr/home/dan $ lynx -head -dump http://ww1.indx.ca > HTTP/1.1 200 OK > Date: Wed, 10 Jul 2002 16:45:41 GMT > Server: Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a PHP/4.0.5 > X-Powered-By: PHP/4.0.5 > Connection: close > Content-Type: text/html > > Your real problem is more than likely that you have been hit by > the Apache worm. See if you have a file /tmp/.a on the systems. > > You need to upgrade to Apache 1.3.26 or 2.0.39 > > It happened to us too, on a box I had forgotten was running > Apache. Even after cleaning it up and turning it off we had > a full scale DOS that was bogging our router. We had to > have our upstream filter the IP address that was being attacked > on their end. > > Good luck! > > Dan > -- > Dan Busarow 949 443 4172 > Dana Point Communications, Inc. dan@dpcsys.com > Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 > > -- Duncan (Dubh) Campbell ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207101819.g6AIJ2403235>