Re: slapper countermeasures
KevinL écrivait :
> On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
> > "killall .bugtraq" would be suitable as well, and it would "destroy"
> > every other instance of the program that is running currently. Even if
> > detecting the current PPID does not work for whatever reason.
> Solaris is vulnerable to this bug? Solaris "killall" kills _everything_
> - not just the named process.
> 'course, given they're theoretically not running the webserver as root,
> this shouldn't be a huge issue... But it's not as social as you might
I agree... Even on Linux the killall command had not always given the same
result. I can remember some killall on (very) old RedHat that even didn't
work properly. And don't forget killall has been a script sometime! So it
may require additionals environnement variables (PATH) and so on...
But may be the main point is: is it really possible to have multiple
instance of the .bugtraq program?!? If so, all of them would join the
network and should receive the mail-sleep-kill command!