Re: slapper worm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gene Heskett wrote:
On Tuesday 24 January 2006 14:20, Mike Klinke wrote:

On Tuesday 24 January 2006 13:08, Mike McCarty wrote:

I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why is it that
this exploit (and variations of it) haven't all been stamped
out years ago?

Read the link I posted yesterday, according to them, it's been
rewritten to exploit new ways to get in to your box.

http://www.lurhq.com/slapperv2.html


If this file mentioned on the site doesn't exist on any of my systems, is it safe to assume relative safety against this attack?

I would think so when combined with the ISP's (vz) blocking of port 80, but what do I know... Thats why I asked, Mike.

I suppose you mean "Mike Klinke" and not "Mike McCarty" :-)

I dunno. I just ran

# find / -nmae xmlrpc.php -print

and didn't come up with anything. But that's expected, since
I run behind a router set up as a firewall, completely stealth
except for the e-mail challenge port (which is closed). A

$ ps -A | grep pache
$ ps -A | grep ssl

doesn't show anything, so Apache isn't running, and I guess
SSL isn't either.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux