[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: [d-security] woody apache/ssl - security issue?

On Wed, 2002-09-25 at 15:41, Jeff AA wrote:
> Thanks you for the heads up!
> Some quick research and I conclude we have not been infected for the
> following reasons:
> *) no compiler on the webserver
> *) no /tmp files or processes [cinik unlock uubugtraq bugtraq]
> *) tripwires not reporting altered binaries etc
> *) no unusual network traffic on ports described [1978 2002 4156]
> *) no outgoing web connections to untrusted sites reported by firewall
> Do you concur? If we are not infected, is Debian still vulnerable to a
Did you check the tripwire from a known good database using a known good
kernel (eg. booted from CDROM or somesuch) ?  If yes, it seems OK.

> DOS from this worm? ie Why is Apache crashing? Thanks for the help,

It could have been something other than the worm using the same
vulnerability.  Or it could have been a "normal" test (albeit a bit
strangely looked at these days :-)


Tycho Fruru			                tycho@fruru.com
"Prediction is extremely difficult. Especially about the future."
  - Niels Bohr

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: