Re: buddylinks worm

From: Clint Bodungen (clint_at_secureconsulting.com)
Date: 02/11/04

  • Next message: falcon_at_secureconsulting.net: "Re: buddylinks worm"
    To: <incidents@securityfocus.com>
    Date: Wed, 11 Feb 2004 13:14:53 -0600
    
    

    They are back up now but you are right... they are getting DOS'd... but not
    because of the amount of requests. They are running a vulnerable version of
    thttpd, which is susceptible to DOS. thttpd 2.21b on Debian to be exact.

    ----- Original Message -----
    From: "Jason Yates" <jaywhy2@comcast.net>
    To: "Jeremy Junginger" <jj@act.com>
    Cc: <incidents@securityfocus.com>
    Sent: Tuesday, February 10, 2004 6:07 PM
    Subject: Re: buddylinks worm

    > >
    >
    > I contacted internap.com there upstream provider. There support guy I
    > talked to told me email abuse@internap.com and they'll look into it. I
    > emailed the information; but I really didn't think anything would happen
    > of it. The support rep didn't seem like he really cared. I guess I was
    > wrong though. I can't ping buddylinks.net anymore. Although I wouldn't
    > credit internap.com yet though; it just as likely they got DOS'd by the
    > amount of requests and crashed.
    >

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------


  • Next message: falcon_at_secureconsulting.net: "Re: buddylinks worm"

    Relevant Pages

    • US citing security to censor more public records - No censorship in the U.S.? Who says?
      ... the public to see government records under the Freedom of Information ... protect national security and internal deliberations. ... over all or parts of the records in about 65 percent of all requests. ...
      (soc.culture.china)
    • [NT] Microsoft DCOM RPC Race Condition (MS04-012)
      ... Get your security news from a reliable source. ... the way Microsoft Windows handles DCOM RPC requests. ... based DCOM activation requests has been prone to failure in the past. ... may be overwritten depending on the block the memory management supplies ...
      (Securiteam)
    • [UNIX] Apache/Tomcat Denial of Service and Information Leakage Vulnerability
      ... Beyond Security would like to welcome Tiscali World Online ... Apache has been the most popular web server on the Internet for the ... A client may connect to the target machine and deliver several requests ... and again sends a second response back to mod_jk. ...
      (Securiteam)
    • Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
      ... PS-- Have you managed to get hired in an actual security position yet or are ... influence a large number of users to make requests which disrupt, ... Since the favicon.ico object, for some reason, influences the account ... attacks, frightening, and how would they be prevented? ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable
      ... PS-- Have you managed to get hired in an actual security position yet or are ... influence a large number of users to make requests which disrupt, ... Since the favicon.ico object, for some reason, influences the account ... attacks, frightening, and how would they be prevented? ...
      (Full-Disclosure)