We are not currently aware of any flaws in the HTTP server which allow exploitation in the manner of the worms mentioned.
I think we'd all like to see an option to just shut it down. Exploitable or not, if nothing more the worms eat CPU trying to get at the webserver.
exactly. My concern is not that the system will be exploited, but that these worms automatically throw a ton of traffic at any host which SYN/ACK's on port 80, regardless of whatever webserver (or lack thereof) is at the other end. The risk is Denial of service, not exploitation, and being able to simply close the port is the best way to mitigate this problem.
-Leigh
===================================================================== Leigh Heyman,GCIA Artificial Intelligence Lab Systems Administrator Massachusetts Institute of Technology leigh@ai.mit.edu 617-253-1729