[Techtalk] "Slapper" worm targeting Linux/Apache servers]
Raven Brooke
linuxchiq at linuxchiq.com
Fri Sep 20 15:41:14 EST 2002
On Fri, 20 Sep 2002, Dave North wrote:
Yes, patch applied, Apache restarted, subsequent slapper infection.
The reason seems to be that OpenSSL has both server and client components,
some of which don't get initialized by a HANGUP or HUP signal. A reboot is
the best way to do this.
Cheers,
Raven
>
> Raven:
> > A *reboot* is required in order for this patch to work. Having just
> > rebuilt a server that was infected by slapper after the patch was
> > applied but the box not rebooted, I can testify that this is indeed
> > the case.
>
> I'm surprised! My understanding was restarting apache was adequate to the
> task. Did you do that and suffer a subsequent infection?
> Though I am a big fan of rebooting when it's logical ... playing
> the uptime game is perhaps not always the best approach.
>
> d
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
--
SELECT * FROM users WHERE clue > 0
0 rows returned.
More information about the Techtalk
mailing list