If anyone can verify that this is acutally a problem, I'll apply the Squid ACLs on my Proxy today... I wasn't too worried since I don't run any II$ servers, but if there is an accidental effect of denial-of-service... Anyone know if this might acutally be a problem, or the nature of it? Sean -----Original Message----- From: Toby Dickenson [mailto:tdickenson@devmail.geminidataloggers.co.uk] Sent: Thursday, September 20, 2001 7:34 AM To: Paul Zwarts Cc: zope@zope.org Subject: Re: [Zope] memory leaks and worms On Thu, 20 Sep 2001 15:24:02 +0200, "Paul Zwarts" <paz@oratrix.com> wrote:

Has anyone had experience with the results of Nimda and CodeRed over zope? I have a suspicion that these worms cause memory leaks on the python process. Although the exploits are designed for MicroSnooze servers, Zope of course tries to parse them anyhow, sometime throwing exceptions at a lower level than the standard_error_page, thus disallowing me to write dtml or python to intercept it. The result, _I_think_ is a memory leak because zope isnt cleaning itself up. But I'm at loss how to prove this....

If you have your Zope connected to the internet then there are lots of good reasons to use a front-end proxy, such as Squid or Apache/mod_proxy, rather than exposing a 'raw' ZServer. medusa's http implementation (used by ZServer) is not as robust as it could be, and there are several denial-of-service attacks which are blocked by Squid and Apache in their default configurations. The Squid mailing list today had some posts discussing rules for blocking such requests. I hope this helps, Toby Dickenson tdickenson@geminidataloggers.com _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )