On Tue, Jun 02, 2009 at 09:48:41PM -0700, bruce wrote:
not kidding... the majority of windows based attacks on an apache system running on linux systems are obnoxiousm but not harmful... the kinds of attacks that are looking to exploit windows buffer overflows are harmless to linux systems..
this isn't to say that all windows attacks are harmless, but this has been my experience, as well as what i've seen in the lit.
if you have other information regarding windows attaks on webservers, that also impact linux boxes, please share the relevant websites, describing the attack vectors.. i'd be interested in checking out the articles as would others...
Not to be rude but what you are rambling on about?
He's running an apache instance on cent5. He has processes he can not readily identify running under apache named "atack"; where does "windows" come into the equation? What the processes are specifically doing is secondary to the problem at hand, which is that the processes exist in the first place.
Please, enlighten me as to how you can think that his box has not been compromised. Please, enlighten me as to how he (or you) can gauge the extent of the compromise (assuming no HIDS in use on the server).
I stand by my previous advice - the box is compromised, can not be trusted, and as a responsible admin he should be working on re-installing it, evaluating what web-apps he had running that led to this in the first place and taking the appropriate steps to ensure it does not happen again.
John