Re: Apache 1.3.XX

From: Russell Fulton (R.FULTONat_private)
Date: Thu Jan 31 2002 - 19:05:17 PST

Next message: anon-ymousat_private: "Re: optic rootkit (was Re: xsf/xchk) Maybe t0rn"

Previous message: Russell Fulton: "Re: Apache 1.3.XX"
In reply to: Russell Fulton: "Re: Apache 1.3.XX"
Next in thread: Blake Frantz: "Re: Apache 1.3.XX"
Next in thread: Sten: "Re: Apache 1.3.XX"
Reply: Blake Frantz: "Re: Apache 1.3.XX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2002-02-01 at 10:30, Russell Fulton wrote:

> 
> Hmmm.... we saw an attack two days ago against an apache server which 
> consisted of GETs and POST followed by long strings of Xs followed by shell
> code.  

I have just got the logs from the admin and I find I lied, no shell code
was logged by apache, just the long string of 'X'S (about 8186 of them).
So either there was no shell code or apache truncated the string when it
logged it.

Apologies for the confusion.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: anon-ymousat_private: "Re: optic rootkit (was Re: xsf/xchk) Maybe t0rn"
Previous message: Russell Fulton: "Re: Apache 1.3.XX"
In reply to: Russell Fulton: "Re: Apache 1.3.XX"
Next in thread: Blake Frantz: "Re: Apache 1.3.XX"
Next in thread: Sten: "Re: Apache 1.3.XX"
Reply: Blake Frantz: "Re: Apache 1.3.XX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 12:44:16 PST