Re: slapper countermeasures

To: Jean Christophe ANDRÃ0/00 <jean-christophe.andre@auf.org>
Cc: debian-security@lists.debian.org
Subject: Re: slapper countermeasures
From: Michael Renzmann <mrenzmann@dylanic.de>
Date: Wed, 18 Sep 2002 00:36:17 +0200
Message-id: <[🔎] 3D87AE61.8050802@dylanic.de>
References: <[🔎] 3D8775CF.70200@dylanic.de> <[🔎] 20020917190711.GA13051@virus.home> <[🔎] 3D877F68.8010802@dylanic.de> <[🔎] 20020917193636.GA23576@virus.home> <[🔎] 3D878B0F.2030308@dylanic.de> <[🔎] 1032299905.31925.4337.camel@ufo> <[🔎] 20020917221823.GC24510@virus.home>

Hi.

Jean Christophe ANDRÃ0/00 wrote:

But may be the main point is: is it really possible to have multiple
instance of the .bugtraq program?!? If so, all of them would join the
network and should receive the mail-sleep-kill command!

I've seen two processes running on an infected server. But when thinkingabout it, this most probably was a forked part. Which would die as soonas the parent is killed. So the version you proposed, kill $ppid, shouldbe safe.


Bye, Mike

Reply to:

References:
- slapper countermeasures
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: slapper countermeasures
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
- Re: slapper countermeasures
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: slapper countermeasures
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
- Re: slapper countermeasures
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: slapper countermeasures
  - From: KevinL <darius@obsidian.com.au>
- Re: slapper countermeasures
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>

Prev by Date: Re: ot? apache directory listing mysteries
Next by Date: Re: port 6051: hacked?
Previous by thread: Re: slapper countermeasures
Next by thread: Re: slapper countermeasures
Index(es):
- Date
- Thread