[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

bruce bedouglas at earthlink.net
Wed Jun 3 04:48:41 UTC 2009


nope...

not kidding... the majority of windows based attacks on an apache system
running on linux systems are obnoxiousm but not harmful... the kinds of
attacks that are looking to exploit windows buffer overflows are harmless to
linux systems..

this isn't to say that all windows attacks are harmless, but this has been
my experience, as well as what i've seen in the lit.

if you have other information regarding windows attaks on webservers, that
also impact linux boxes, please share the relevant websites, describing the
attack vectors.. i'd be interested in checking out the articles as would
others...

but go ahead and reply to me online, as others might be interested in this
thread as well...


-----Original Message-----
From: John R. Dennison [mailto:jrd at gerdesas.com]
Sent: Tuesday, June 02, 2009 9:41 PM
To: bruce
Cc: 'CentOS mailing list'
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....


On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's
possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you
have
> running on the apche server? are these apps home grown, or installed from
> some public source?

	He has multiple occurances of a process named "atack", each
	running with an argument of 100.  Looks like a DoS to me.

> do the research online to see what kind of attack you might have...

	It's irrelevant except as a learning exercise in forensics.

> it might be that your box is completely safe...

	You're kidding, right?

> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using....

	The longer that box stays on the net the more potential damage
	it can (and most likely *will* do).

> doing a complete reinstall is a draconian measure and may not be called
> for...

	You're kidding, right?





							John

--
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked
to
be put through to an engineer.

"My other computer is your windows box."
                                     Ralf Hildebrandt
<sxem> trying to play sturgeon while it's under attack is apparently not
fun.




More information about the CentOS mailing list