You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jon Travis <jt...@covalent.net> on 2002/07/01 20:01:50 UTC

Re: Apache Worm

On Sun, Jun 30, 2002 at 11:24:30PM +0200, dirkx@covalent.net wrote:
> 
> On Sun, 30 Jun 2002, Pier Fumagalli wrote:
> 
> > Rasmus Lerdorf <ra...@apache.org> wrote:
> >
> > > I assume everyone has seen this?
> > >
> > > http://dammit.lt/apache-worm/
> >
> > Me and Fede are running through the decompiled assembly code right now...
> > Will let you know what we find out (it looks kinda odd from the look of it).
> 
> I found several. Source under private cover.

You mean apache-worm.c, posted on that URL 5 lines up from your reply?  
That's been out there for a while.

-- Jon

Re: Apache Worm

Posted by Graham Leggett <mi...@sharp.fm>.

Pier Fumagalli wrote:

> Nope... I believe Dirk is referring to the fact that that is ONE of the
> exploits, but there are some others coming around... :( :( :(

There is hope though. As the exploit exists at the hop-by-hop level, and 
because a significant portion of port 80 of the internet is hidden 
behind transparent proxies, it will probably cause the spread of any 
Apache worms to be restricted to where Apache servers can be contacted 
directly. We hope, anyway.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm 
	"There's a moon
					over Bourbon Street
						tonight..."

Re: Apache Worm

Posted by Pier Fumagalli <pi...@betaversion.org>.

Jon Travis <jt...@covalent.net> wrote:

> On Sun, Jun 30, 2002 at 11:24:30PM +0200, dirkx@covalent.net wrote:
>> 
>> On Sun, 30 Jun 2002, Pier Fumagalli wrote:
>> 
>>> Rasmus Lerdorf <ra...@apache.org> wrote:
>>> 
>>>> I assume everyone has seen this?
>>>> 
>>>> http://dammit.lt/apache-worm/
>>> 
>>> Me and Fede are running through the decompiled assembly code right now...
>>> Will let you know what we find out (it looks kinda odd from the look of it).
>> 
>> I found several. Source under private cover.
> 
> You mean apache-worm.c, posted on that URL 5 lines up from your reply?
> That's been out there for a while.

Nope... I believe Dirk is referring to the fact that that is ONE of the
exploits, but there are some others coming around... :( :( :(

    Pier

--
[Perl] combines all the worst aspects of C and Lisp:  a billion of different
sublanguages in  one monolithic executable.  It combines the power of C with
the readability of PostScript. [Jamie Zawinski - DNA Lounge - San Francisco]