slapper worm
Gene Heskett
gene.heskett at verizon.net
Wed Jan 25 05:53:06 UTC 2006
On Tuesday 24 January 2006 15:18, Mike McCarty wrote:
>Gene Heskett wrote:
>> On Tuesday 24 January 2006 14:20, Mike Klinke wrote:
>>>On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
>>>>I'm a little shocked at this, frankly. I Googled around, and
>>>>found mentions of the Slapper going back to 2002. Why is it that
>>>>this exploit (and variations of it) haven't all been stamped
>>>>out years ago?
>>>
>>>Read the link I posted yesterday, according to them, it's been
>>>rewritten to exploit new ways to get in to your box.
>>>
>>>http://www.lurhq.com/slapperv2.html
>>
>> If this file mentioned on the site doesn't exist on any of my
>> systems, is it safe to assume relative safety against this attack?
>>
>> I would think so when combined with the ISP's (vz) blocking of port
>> 80, but what do I know... Thats why I asked, Mike.
>
>I suppose you mean "Mike Klinke" and not "Mike McCarty" :-)
>
Well (chuckle), I was replying to Mike Klinke, but anyone who knows the
answer is welcome to chime in with their 2 cents.
>I dunno. I just ran
>
># find / -nmae xmlrpc.php -print
>
>and didn't come up with anything. But that's expected, since
>I run behind a router set up as a firewall, completely stealth
>except for the e-mail challenge port (which is closed). A
>
>$ ps -A | grep pache
>$ ps -A | grep ssl
>
>doesn't show anything, so Apache isn't running, and I guess
>SSL isn't either.
>
>Mike
IIRC the httpd is running on that box as I used localhost:631 to
configure cups not too long ago, which reminds me, I need to redo that
because I've traded gutenprint-5.0.0beta2 for gutenprint-5.0.0-rc2 on
this, the print server. But thats a RH7.3 box so the apache is a
1.3.something, but uptodate AFAIK.
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
More information about the fedora-legacy-list
mailing list