Any word on what Slapper.C leaves in /tmp? I have a friend that might have been "slapped" by it.
On Wed, 25 Sep 2002, Martin Shears wrote: > Slapper - Port 2002 > Slapper.B aka Cinik - Port 1978 > Slapper.C aka Unlock - Port 4156 > > ~Martin~ > > On Tue, 24 Sep 2002 10:26, you wrote: > For those that may not have heard, there is already a new version of slapper > out in the wild. I run multiple servers and had forgotten I ran SSL on one > of them, so I got infected with it. :-( Anyway the new variant is called: > cinik. It stores itself in the same directory (/tmp) but now all the > filenames are .cinik.c .cinik, etc. > > This thing runs on UDP port 1978. This is also a broken one in that it will > simply take down your internet connection totally even before an attack is > launched. I would HIGHLY suggest people block off UDP port 1978 if they > don't NEED it for something else. This variant still uses the same backdoor > the original slapper worm did, so an upgrade of SSL should fix the problem. > Some work has definately been done on this to make it a little harder to > find. (It even says so in the opening comments.) hehehe. > > Just a heads up for everyone. > > - Matt > > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
