Hi all, In the meantime I've found some datapoints. This is a slapper DOS attack, a linux work which has been modified to kill apaches or to take them down.
All apaches (also 1.27) are vulnerable. It hammers the server till all slots are filled, and then the apache server is not able to serve any customers anymore until these requests timeout. http://groups.google.com/groups?q=worm+apache+DOS+slapper&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3ebd7d0b.0210142024.75d362b6%40posting.google.com&rnum=5 http://groups.google.com/groups?q=worm+apache+DOS+slapper&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=3ebd7d0b.0210142024.75d362b6%40posting.google.com&rnum=5 And this was proposed as fast fix: # AWB - another attempt to keep apache from being DOS'd by slapper ServerTokens ProductOnly ServerSignature Off Beside that DOS, I'm able to block apache with just a telnet and a perl script. I'd consider this as severe DOD vulnerability. Martin Martin Blapp, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 061 826 93 00: +41 61 826 93 01 PGP: <finger -l [EMAIL PROTECTED]> PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
