slapper worm
Mike McCarty
mike.mccarty at sbcglobal.net
Tue Jan 24 20:29:28 UTC 2006
Mike McCarty wrote:
> Gene Heskett wrote:
>
>> On Tuesday 24 January 2006 14:20, Mike Klinke wrote:
>>
>>> On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
>>>
>>>> I'm a little shocked at this, frankly. I Googled around, and
>>>> found mentions of the Slapper going back to 2002. Why is it that
>>>> this exploit (and variations of it) haven't all been stamped
>>>> out years ago?
>>>
>>>
>>> Read the link I posted yesterday, according to them, it's been
>>> rewritten to exploit new ways to get in to your box.
>>>
>>> http://www.lurhq.com/slapperv2.html
>>>
>>
>> If this file mentioned on the site doesn't exist on any of my systems,
>> is it safe to assume relative safety against this attack?
>>
>> I would think so when combined with the ISP's (vz) blocking of port
>> 80, but what do I know... Thats why I asked, Mike.
>
>
> I suppose you mean "Mike Klinke" and not "Mike McCarty" :-)
>
> I dunno. I just ran
>
> # find / -nmae xmlrpc.php -print
What I get for typing that in instead of cut and paste.
Of course, that was "name" not "nmae".
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the fedora-legacy-list
mailing list