- Original Message -
From: Geoff Crompton [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Friday, September 13, 2002 1:42 AM
Subject: Re: suspicious apache log entries
I can see that sending an email is an approriate legal, and
responsible course of action.
* Andreas Syka [EMAIL PROTECTED] [020913 11:19]:
- Original Message -
From: Geoff Crompton [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Friday, September 13, 2002 1:42 AM
Subject: Re: suspicious apache log entries
I can see that sending an email is an
Hi all.
The rlx blade server rack (better: the management blade) where my own
server is located in has been attacked. I phoned to my ISP some minutes
ago, and he described that there was a huge packet storm fired from the
internet towards the management blade.
He described that there were
What seems to be missed in this thread is the fact that Nimda is not limited
to running on servers. Of all the machines that have used Nimda style
probing against my IP address in the last week, not one has been a server.
None of the machines respond to port 80. None of these machines have DNS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Renzmann wrote:
| Hi all.
|
| The rlx blade server rack (better: the management blade) where my own
| server is located in has been attacked. I phoned to my ISP some minutes
| ago, and he described that there was a huge packet storm fired
I am make some tests on one linux server and this errors appears 2 times
crashing my server:
Kernel: Unable to handle kernel paging request at virtual address XX
and alot of other stuffs..
But this erros just happened 2 times and not appear more on the serves ??
Ah, the test I was running
Even through we are not mentioned are we vulnerable to this attack?
- Forwarded message from Fernando Nunes [EMAIL PROTECTED] -
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Fri, 13 Sep 2002 13:20:23 -0400
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id:
Phillip Hofmeister [EMAIL PROTECTED] writes:
Even through we are not mentioned are we vulnerable to this attack?
Current rumours indicate that CAN-2002-0656 is exploited. DSA-136
addresses this vulnerability:
http://www.debian.org/security/2002/dsa-136
I still have to see the worm, so I
Hi Jason.
Jason Sopko wrote:
The Apache worm you're infected with was posted on bugtraq earlier
today. It exploits mod_ssl and can be identified by doing a ps -ax |
grep bugtraq (it runs as the name .bugtraq). The source for it is here:
http://dammit.lt/apache-worm/apache-worm.c
Thanks a lot
9 matches
Mail list logo