Re: Apache FreeBSD exploit released

From: Brett Glass (brett@lariat.org)
Date: 06/23/02


Date: Sat, 22 Jun 2002 16:57:36 -0600
To: <jps@funeralexchange.com>, <kzaraska@student.uci.agh.edu.pl>
From: Brett Glass <brett@lariat.org>

At 04:48 PM 6/22/2002, jps@funeralexchange.com wrote:

>Anyone know of any ports or tools i could use on my servers to watch out
>for something like this?

You can probably use some of the ideas I presented at the January BSDCon.
Either the Apache SetEnvIf regexes or the SNOBOL log monitor will work
for this one. See http://www.brettglass.com/logmonitors/paper.html for more.

--Brett

P.S. -- I'm still working on the replacement logging system mentioned in
that paper. It has an entirely new architecture; the hard part has been
backward compatibility with older Unices and with programs that expect to
communicate with syslogd.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: HACKING SOFTWARE
    ... You know there is more to just running nmap on people's servers. ... ICMP requests and I have no open ports what so ever (not just firewalled - ... That's CIA crap!" ...
    (alt.2600)
  • Re: Visa PCI Firewall Requirements and Windows Networks
    ... GP without the risk of open ports or a DC in the DMZ. ... Outbound access should be minimized but if windows update is your ... alternative tools on trusted servers to patch your machine. ... > behind the second firewall. ...
    (Focus-Microsoft)
  • Re: HACKING SOFTWARE
    ... You know there is more to just running nmap on people's servers. ... ICMP requests and I have no open ports what so ever (not just firewalled - ... the hell to compile a recent version of Nmap, so I use a real old Windows ...
    (alt.2600)
  • Re: Win32 The RPC server is unavailable
    ... correct DNS servers and the port are unblocked. ... WMI errors the seem to be RPC related. ... All od the port are unblocked between the servers and the ... Usually RPC errors are due to name resolution or blocked ports. ...
    (microsoft.public.windows.server.networking)
  • RE: Slow user logon on Terminal server after migration to Windows 2003
    ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ...
    (microsoft.public.windows.server.active_directory)