On Tuesday 24 January 2006 15:29, Mike McCarty wrote: >Mike McCarty wrote: >> Gene Heskett wrote: >>> On Tuesday 24 January 2006 14:20, Mike Klinke wrote: >>>> On Tuesday 24 January 2006 13:08, Mike McCarty wrote: >>>>> I'm a little shocked at this, frankly. I Googled around, and >>>>> found mentions of the Slapper going back to 2002. Why is it that >>>>> this exploit (and variations of it) haven't all been stamped >>>>> out years ago? >>>> >>>> Read the link I posted yesterday, according to them, it's been >>>> rewritten to exploit new ways to get in to your box. >>>> >>>> http://www.lurhq.com/slapperv2.html >>> >>> If this file mentioned on the site doesn't exist on any of my >>> systems, is it safe to assume relative safety against this attack? >>> >>> I would think so when combined with the ISP's (vz) blocking of port >>> 80, but what do I know... Thats why I asked, Mike. >> >> I suppose you mean "Mike Klinke" and not "Mike McCarty" :-) >> >> I dunno. I just ran >> >> # find / -nmae xmlrpc.php -print > >What I get for typing that in instead of cut and paste. >Of course, that was "name" not "nmae". > Chuckle. A classic example of hindsight being 20-10 or better. It happens to the best of us. >Mike -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved. -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
