Tool needs slight modification to work on Apache/Nginx - they don't allow renegotiation. I've tested it on Courier IMAP - and it overloads machine in less than a minute. Here you may find patched tool so that you don't kill your server but see if it's vulnerable or not: http://pastebin.com/bKLue33X
__________________
If it moves, crypt it. Unless it's static - than you should double-crypt it.
|