Sorry .... didn't realize that inserting lines was done in HTML. I realize that Psyche is for RH8. I have 3 Linux machines in my Network all interconnected and running RH8 as well as RH6.2. My RH8 box DOES have both Apache and SSL/SSH, so I figured the RH8 box is more likely the culprit. That is why I posted the message here rather on zoot. Let's face it - Linux worms and viruses affect EVERYONE, and they don't care about your distro - only about your vulnerabilities. RH8 list users just seem to be far more up-to-date in their knowledge. However, I don't want to step on anybody's toes, so I will not post zoot stuff here again. As per the Slapper issue, thanks for the tips - I will definitely look into them. Apologies again for the inconvenience. As soon as I find any more info on what this shindig is all about, I will let everyone know just for safety's sake. Better safe than sorry. Jason ----- Original Message ----- From: "Tony Nugent" <tony@xxxxxxxxxxxxxxxxx> To: "Redhat 8. 0 Psyche Mailing List" <psyche-list@xxxxxxxxxx> Sent: Friday, March 14, 2003 12:15 PM Subject: Re: Linux Slapper worm - New variants ? > On Fri Mar 14 2003 at 11:08, "Jason Dale" wrote: > > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > Please, no html to mailing lists. please? > > > My ISP has advised me of possible Linux slapper worm activity on one of > > our Linux servers, running Red Hat Linux 6.2 > > rh6.2 is highly stable, but it does require many updates to keep it > secure. (I thought that this list was for rh8.0, zoot-list is for > 6.2, but no matter). > > > This machine does NOT have apache or any ssl / ssh package installed. > > To my knowledge, Linux slappers exploit vulnerabilities in openssl > > libraries. > > Hmmm... I haven't notice any recent mention of this on bugtraq. > > > I have searched my system for the files of the variants .A, .B and .C. > > Nothing unusual has been found. I checked the /tmp directory. > > > Does anyone know of a tool I can use to scan my system to be sure? > > Are there any new variants out there that are not discussed on Redhat or > > Symantec? > > > chkrootkit -- "locally checks for signs of a rootkit" > > http://www.spenneberg.org/chkrootkit-mirror/index.html > > > Any suggestions welcome > > > > Are there any commands that I can run on the command line to check for > > any erratic network card activity ? which logs can I check? > > tcpdump, or iptables on a nearby router. > > There are other tools too, such as portsentry: > > http://www.psionic.com/products/portsentry.html > > > Jason > > Do let us know what becomes of all this. > > Cheers > Tony > > > > -- > Psyche-list mailing list > Psyche-list@xxxxxxxxxx > https://listman.redhat.com/mailman/listinfo/psyche-list -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/psyche-list
