|
> Ok, do you have email SPAM attacks _and_ SSL worm attacks?
Yes, like I said in my original email, it seemed that I was getting the
buffer space error during both the worm and spam attacks. I think I fixed
the worm problem simply by changing apache say it's something other then
apache. That way the worm doesn't even try to deliver it's code. But this
is not a perminant fix as later variants or other worms may not even pay
attention to the server type.
>
> <shameless plug>
> http://www.unixreview.com/documents/s=1234/urm0106j/0106j.htm
> </shameless plug>
>
I'll pass this on to the our guy who setup snort! Thanks for the good
reading.
> The payload will be interesting too. You need to compare the payload
> with the CVE archive of pattern matchings. Mitre has opened
> the archive
> long time ago. Find your signatures and then we might put on some
> effective countermeasures.
Yeah, going the the dump is kind of painful, it got really big really fast.
Now that I have the proc tuning done, and ntop back up and running, I'm
hoping we get the spam attack soon, so I can see if the changes we made
works!
>
|
