Re: suspicious apache log entries

2002-09-13 Thread Andreas Syka
- Original Message - From: Geoff Crompton [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Friday, September 13, 2002 1:42 AM Subject: Re: suspicious apache log entries I can see that sending an email is an approriate legal, and responsible course of action.

Re: suspicious apache log entries

2002-09-13 Thread skalar
* Andreas Syka [EMAIL PROTECTED] [020913 11:19]: - Original Message - From: Geoff Crompton [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Friday, September 13, 2002 1:42 AM Subject: Re: suspicious apache log entries I can see that sending an email is an

rlx blade server attacked

2002-09-13 Thread Michael Renzmann
Hi all. The rlx blade server rack (better: the management blade) where my own server is located in has been attacked. I phoned to my ISP some minutes ago, and he described that there was a huge packet storm fired from the internet towards the management blade. He described that there were

RE: suspicious apache log entries

2002-09-13 Thread John Corrigan
What seems to be missed in this thread is the fact that Nimda is not limited to running on servers. Of all the machines that have used Nimda style probing against my IP address in the last week, not one has been a server. None of the machines respond to port 80. None of these machines have DNS

Re: rlx blade server attacked

2002-09-13 Thread Jason Sopko
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Renzmann wrote: | Hi all. | | The rlx blade server rack (better: the management blade) where my own | server is located in has been attacked. I phoned to my ISP some minutes | ago, and he described that there was a huge packet storm fired

what this kernel error means?

2002-09-13 Thread César Augusto Seronni Filho
I am make some tests on one linux server and this errors appears 2 times crashing my server: Kernel: Unable to handle kernel paging request at virtual address XX and alot of other stuffs.. But this erros just happened 2 times and not appear more on the serves ?? Ah, the test I was running

Fwd: bugtraq.c httpd apache ssl attack

2002-09-13 Thread Phillip Hofmeister
Even through we are not mentioned are we vulnerable to this attack? - Forwarded message from Fernando Nunes [EMAIL PROTECTED] - Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 13 Sep 2002 13:20:23 -0400 Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Id:

Re: Fwd: bugtraq.c httpd apache ssl attack

2002-09-13 Thread Florian Weimer
Phillip Hofmeister [EMAIL PROTECTED] writes: Even through we are not mentioned are we vulnerable to this attack? Current rumours indicate that CAN-2002-0656 is exploited. DSA-136 addresses this vulnerability: http://www.debian.org/security/2002/dsa-136 I still have to see the worm, so I

Re: rlx blade server attacked

2002-09-13 Thread Michael Renzmann
Hi Jason. Jason Sopko wrote: The Apache worm you're infected with was posted on bugtraq earlier today. It exploits mod_ssl and can be identified by doing a ps -ax | grep bugtraq (it runs as the name .bugtraq). The source for it is here: http://dammit.lt/apache-worm/apache-worm.c Thanks a lot