Post by Scott Guthe » Fri, 15 Mar 1996 04:00:00

Does anybody know what kill signal NCSA HTTPD 1.3 throws at
a CGI to kill it?  I'd like to catch it and clean up a bit
when the user moves on or loses interest.

Thanks, Scott


1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs. - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 - - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 - - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?


2. Looking for grafic/video card

3. fill function - SIGKILL causes problem SIGTERM doesn't

4. How to run a command in background from do block?

5. SIGKILL problem with Interactive

6. Symposium on Internet Technologies and Systems - Call for Papers

7. SigKills and Children

8. Want to buy a scanner - what should I get?

9. SIGKILL, Process is gettin killed! Need help!

10. Problem with normal signals getting promoted to SIGKILL

11. Q: How to propagate a SIGKILL ?

12. Protecting against SIGKILL