Apache warns Web server admins of DoS attack tool

Paul Preston Paul.Preston at proxar.co.uk
Thu Aug 25 18:19:56 UTC 2011


Mark,

I have just had a look at the script and it's a simple tcp wrapper which opens multiple simultaneous connections...

Don't panic - it's a kiddie script... although it will be effective if you don't follow simple security rules. Mod_security will handle it well so again, add mod_security to your servers.

Kind Regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel:  (+44) 0844 809 4335
Fax: (+44) 01732 459 423
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston at proxar.co.uk


-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of m.roth at 5-cent.us
Sent: 25 August 2011 17:34
To: CentOS mailing list; redhat
Subject: Apache warns Web server admins of DoS attack tool

Anyone have any idea how soon RHEL and CentOS will be releasing the patch package?

Excerpt:
Computerworld - Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service
(DoS) tool is circulating that exploits a bug in the program.

The tool, called "Apache Killer," showed up last Friday in a post to the "Full Disclosure" security mailing list.

Today, the Apache project acknowledged the vulnerability that the attack tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours.
--- end excerpt ---

<http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_admins_of_DoS_attack_tool>

        mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Please note that we may monitor or record telephone calls, email traffic data and also the content of email for the purposes of security and staff training. This message (and any associated file or documentation) is intended only for the use of the individual or entity to whom it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notifiedthat any dissemination, copying or distribution of this message, or files and documentation associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from oyur computer. Any views or opinions presented are solely those of the authorand do not necessarily represent those of the company.




More information about the redhat-list mailing list