Hi Mike, > Gene Heskett wrote: > > On Tuesday 24 January 2006 14:20, Mike Klinke wrote: > > > >>On Tuesday 24 January 2006 13:08, Mike McCarty wrote: > >> > >>>I'm a little shocked at this, frankly. I Googled around, and > >>>found mentions of the Slapper going back to 2002. Why is it that > >>>this exploit (and variations of it) haven't all been stamped > >>>out years ago? > >> > >>Read the link I posted yesterday, according to them, it's been > >>rewritten to exploit new ways to get in to your box. > >> > >>http://www.lurhq.com/slapperv2.html > >> > > > > If this file mentioned on the site doesn't exist on any of my systems, > > is it safe to assume relative safety against this attack? > > > > I would think so when combined with the ISP's (vz) blocking of port 80, > > but what do I know... Thats why I asked, Mike. > > I suppose you mean "Mike Klinke" and not "Mike McCarty" :-) > > I dunno. I just ran > > # find / -nmae xmlrpc.php -print You should be able to use "locate" for speed in searching, prior to that you may run "updatedb&" to update the slocate database. > and didn't come up with anything. But that's expected, since > I run behind a router set up as a firewall, completely stealth > except for the e-mail challenge port (which is closed). A > > $ ps -A | grep pache I think you would need to look for the "http" process. > $ ps -A | grep ssl You should do a "netstat -na | grep SYN", if you see alot of those then slapper is there DOS attacking people. Michael. > doesn't show anything, so Apache isn't running, and I guess > SSL isn't either. > > Mike -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
