[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ3 and Apache DoS

Subject: Re: [cobalt-security] RaQ3 and Apache DoS
From: "Rick Ewart" <cobalt@xxxxxxxxx>
Date: Thu, 20 Jun 2002 11:34:08 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Chad wrote:
> We have a few RaQ3's running the standard fare Apache
> 1.3.6 (shame, shame) in our racks.. One has been hit
> by two DoS attacks in the last 72 hours... First HTTP
>stops responding, then followed a few mins later by
> other services starting to fail as well... Within
> about 5-10 mins everything goes tits-up...
>
> The solution, reboot the box..
>
> No entries in the logs except the one that Michael
> noted which shows up in the error log as a "child pid
> exit signal Segmentation fault"

I was thinking - if you are running logcheck, it might be a good idea to add
the phrase:
exit signal Segmentation fault
to your logcheck.violations section to help identify if anyone gives it a
shot... Early warning, possibly.

Also, any idea of you can still console into them if they die?

Thanks.
Rick

Prev by Date: [cobalt-security] Remove email
Next by Date: RE: [cobalt-security] Be very careful! BIND patch in RaQ4-All-System-2.0.1-14185.pkg
Previous by thread: Re: [cobalt-security] RaQ3 and Apache DoS
Next by thread: [cobalt-security] RaQ3 and Apache DoS

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index