|
Hi all,
My ISP has advised me of possible Linux slapper worm
activity on one of
our Linux servers, running Red Hat Linux 6.2
This machine does NOT have apache or any ssl / ssh package
installed.
To my knowledge, Linux slappers exploit
vulnerabilities in openssl libraries.
I have searched my system for the files of the variants
.A, .B and .C.
Nothing unusual has been found. I checked the /tmp
directory.
Here are the slapper variants that I personally am aware
of:
# Linux.slapper '.A' variant
# -------------------------- # # UDP listening port: 2002 # uuencoded file: .uubugtraq # Source code file: .bugtraq.c # Compiled binary file: .bugtraq # Linux.slapper '.B' variant # ------------------------- # # UDP listening port: 1978 # uuencoded file: .cinik.uu # Source code file: .cinik.c # Compiled binary file: .cinik # Linux.slapper '.C' variant
# ------------------------- # # UDP listening port: 4156 # uuencoded file: .unlock.uu # Archive file (.tgz format): .unlock # Source code files: .unlock.c, .update.c # Compiled binary files: httpd, update The hassle is that we seem to have a very unstable personal mail server
that
seems to keeping giving denial of service 'attacks'. Out of the blue,
people
who connect to this server are not able to establish a connection, or the
connection just get's interrupted.
Does anyone know of a tool I can use to scan my system to be sure?
Are there any new variants out there that are not discussed on Redhat
or
Symantec?
Any suggestions welcome
Are there any commands that I can run on the command line to check for any
erratic
network card activity ? which logs can I check?
Jason
-----------------------------------------------------------------
Jason Dale Senior programmer / Unix administrator Maxxess Solutions (Pty) Ltd
AMR office park building 2 Concorde road East Bedford View 2008 Johannesburg , South Africa Contact information :
Switchboard : 27 (0) 11 455
2295
fax : 27 (0) 11 455 5737 Cell : 27 (0) 83 556 8256 ----------------------------------------------------------------- |
