Date: Sun, 23 Jun 2002 00:58:22 +0200 From: Anders Nordby <anders@FreeBSD.org> To: jps@funeralexchange.com Cc: kzaraska@student.uci.agh.edu.pl, freebsd-security@freebsd.org Subject: Re: Apache FreeBSD exploit released Message-ID: <20020622225822.GA65796@totem.fix.no> In-Reply-To: <3177.66.171.47.179.1024786088.squirrel@webmail.allneo.com> References: <20020622125713.547c2546.kzaraska@student.uci.agh.edu.pl> <3177.66.171.47.179.1024786088.squirrel@webmail.allneo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Sat, Jun 22, 2002 at 05:48:08PM -0500, jps@funeralexchange.com wrote: > I have been trying to crack two of my FreeBSD boxes for the past 12 hours > with not luck so far. > # 1 Server > apache+mod_ssl-1.3.23+2.8.7 > 4.6-RC FreeBSD 4.6-RC #2: Tue Jun 4 23:33:52 CDT 2002 > > # 2 Server > apache+mod_ssl-1.3.17+2.8.0 > 4.5-STABLE FreeBSD 4.5-STABLE #1: Sun Apr 21 05:43:49 GMT 2002 I've been giving apache-nosejob.c a go too (on 4.5-RELEASE with Apache 1.3.23, which is no its target list) for some hours, no success except lots of httpds exiting on signal 11. > Segmentation fault (11) > The only way to trace the attacker i have found so far is to do a netstat > during the attack and you will see the requests coming in on the requested > port (80 by default). > Anyone know of any ports or tools i could use on my servers to watch out > for something like this?. I have already upgraded all my production > servers to the latest versions to protect them but i still would like to > have something like this in place just to be on the safe side. I just committed ports/www/mod_blowchunks, which you can use to reject and log chunked requests. Cheers, -- Anders. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020622225822.GA65796>