On Fri Mar 14 2003 at 11:08, "Jason Dale" wrote: > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable Please, no html to mailing lists. please? > My ISP has advised me of possible Linux slapper worm activity on one of > our Linux servers, running Red Hat Linux 6.2 rh6.2 is highly stable, but it does require many updates to keep it secure. (I thought that this list was for rh8.0, zoot-list is for 6.2, but no matter). > This machine does NOT have apache or any ssl / ssh package installed. > To my knowledge, Linux slappers exploit vulnerabilities in openssl > libraries. Hmmm... I haven't notice any recent mention of this on bugtraq. > I have searched my system for the files of the variants .A, .B and .C. > Nothing unusual has been found. I checked the /tmp directory. > Does anyone know of a tool I can use to scan my system to be sure? > Are there any new variants out there that are not discussed on Redhat or > Symantec? chkrootkit -- "locally checks for signs of a rootkit" http://www.spenneberg.org/chkrootkit-mirror/index.html > Any suggestions welcome > > Are there any commands that I can run on the command line to check for > any erratic network card activity ? which logs can I check? tcpdump, or iptables on a nearby router. There are other tools too, such as portsentry: http://www.psionic.com/products/portsentry.html > Jason Do let us know what becomes of all this. Cheers Tony -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/psyche-list
