Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Thunderbird out, patches couple of vulnerabilities

Published: 2009-06-23
Last Updated: 2009-06-23 20:13:20 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

Couple of readers wrote in to say that a new version of Thunderbird has been released.

Version 2.0.0.22 fixes couple of security vulnerabilities (with highest rating medium), so if you are using this e-mail client be sure to install the updates. The list of fixes can be seen at http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.22

Thanks to everyone writing in (too many to mention!).

 

Keywords: patch Thunderbird
0 comment(s)

Help us: How to make ISC/DShield more useful

Published: 2009-06-23
Last Updated: 2009-06-23 13:58:08 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

I am looking for feedback for the next iteration of the ISC/DShield web site. What kind of information, in particular when it comes to the home page, would make the site more useful to you? If it is not already your homepage, what would it take to make it your homepage?

Use our contact form to submit feedback.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords:
0 comment(s)

Slowloris and Iranian DDoS attacks

Published: 2009-06-23
Last Updated: 2009-06-23 08:46:42 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)

In last couple of days we posted two diaries (http://isc.sans.org/diary.html?storyid=6601 and http://isc.sans.org/diary.html?storyid=6613)  with information about Slowloris, a tool that was released last week that performs a resource exhaustion DoS attack on Apache web servers.

There has been a lot of chat about the tool on the web, so it was just a matter of time when we would see it using in real DoS attacks. Last week I posted a diary about two groups launching DDoS attacks on Iranian web sites (http://isc.sans.org/diary.html?storyid=6583). Both of these attacks were relatively simple and used existing, old tools for performing DoS attacks.
However, over the weekend some forums and web sites asking people to run DDoS attacks "expanded" their selection of tools by including Slowloris – nothing we didn't really expect to see.

Regarding Slowloris, we received a lot of information from our readers about various scenarios when Slowloris does and does not work. First of all, Adrian Ilarion Ciobanu posted several diary comments pointing to his written two years ago describing similar attack to Slowloris. Adrian posted some interesting stuff too about Apache DoS attacks at http://pub.mud.ro/~cia/computing/apache-httpd-denial-of-service-example.html. Frank Breedijk wrote in to say that he tested Slowloris with Cisco CSS load balancers which appear to be immune.

Finally, an unofficial patch has been released at http://synflood.at/tmp/anti-slowloris.diff - I haven't tested it but the patch is supposed to dynamically change the TimeOut value depending on the load (which depends on the number of Apache processes that are currently processing HTTP requests).

--
Bojan
 

0 comment(s)
Diary Archives