On 08/25/11 06:30, Rod Whitworth wrote: > I recently saw the Full Disclosure mailing list discussion of the > Apache DoS vuln. > (http://seclists.org/fulldisclosure/2011/Aug/175) > > So I did pkg_add p5-Parallel-ForkManager on a 4.9 release i386, and ran > the perl script from killapache_pl.bin (on the FD mail list). It had > absolutely no visible effect on our Apache 1.3 running on a 5.0 > snapshot (Generic #16) > > It didn't run out of memory, the server didn't crash and the CPU load > seen by systat was minimal (<1%). > > As the title says "Why am I not surprised?"
Same here. Running the perl script results in "Host does not seem vulnerable". (OpenBSD 4.8 GENERIC.MP#359 i386) Cheers, Andreas
