Thanks you for the heads up! Some quick research and I conclude we have not been infected for the following reasons: *) no compiler on the webserver *) no /tmp files or processes [cinik unlock uubugtraq bugtraq] *) tripwires not reporting altered binaries etc *) no unusual network traffic on ports described [1978 2002 4156] *) no outgoing web connections to untrusted sites reported by firewall
Do you concur? If we are not infected, is Debian still vulnerable to a DOS from this worm? ie Why is Apache crashing? Thanks for the help, Regards Jeff > -----Original Message----- > From: Tycho Fruru [mailto:[EMAIL PROTECTED]] > Sent: 25 September 2002 14:18 > To: Christian Hammers > Cc: Jeff Armstrong; [EMAIL PROTECTED] > Subject: Re: [d-security] woody apache/ssl - security issue? > > > On Wed, 2002-09-25 at 15:13, Christian Hammers wrote: > > Hello > > > > On Wed, Sep 25, 2002 at 02:03:43PM +0100, Jeff Armstrong wrote: > > > Symptoms: > > > Apache stops dishing pages - no log or error messages > > > netstat shows Apache still listening > > > /etc/init.d/apache stop fails to kill all apache processes > > > have to killapp apache and kill -9 some individual > apache processes > > > no cores, no messages in syslog, daemon.log or messages > > Can't remember the kill charactersitics but the other > symptoms, failing > > w/o giving any clue, are also happening if the filesystem > is full and > > apache cannot write new logfile entries. It starts to work > again as soon > > as it has free space again. > > > > The logfile entries you've shown are absolutely harmless, I > use exactly > > the same strings for testing if a webserver responses. > hmm. To me they don't seem harmless. Looks more like you've been > visited by a slapper worm (which leaves the same trails in your > logfiles) > > Cheers, > > Tycho > > -- > Tycho Fruru [EMAIL PROTECTED] > "Prediction is extremely difficult. Especially about the future." > - Niels Bohr > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]