[PLUG] Slapper.C
Patrick Beart
patrick at WebArchitecture.com
Tue Oct 1 18:30:11 UTC 2002
At 10:27 AM -0700 10/1/02, Keith Nasman wrote:
>I just found one of my servers infected with the Slapper.C(Cinik) worm.
>This machine is totally up to date as far as Red Hat Network, which means
>openssl-0.9.6b-28.
>
>I have read most of the threads in here on Slapper and I surmised that RH
>back-ported the appropriate fix. Apparently I was wrong, and now all my
>machines are exposed.
Keith:
Not to rub your nose in it, at all, but (for me) this is
where firewalls come in very handy. I made the usual modifications to
httpd.conf and checked /tmp for signs, then made changes to my
firewall (appliance) configuration. Closed ALL incoming UDP ports,
except 2.
I'm "up2date" as well, but I try to think in "layers of
security." I love my Netscreen(s), but I'm going to use iptables as
well, when I finish my server upgrades in a couple of weeks.
Sorry to hear about your problem. I certainly don't envy the
damage control process. I can say that I've been there with similar
issues in the past. I got suckered into trying WireX's "Immunix 7"
and had so many problems that it felt like I owned an Windows NT box!
:-P
Patrick Beart
--
------------------------------------------------
Web Architecture & "iWeb4Biz" 503-774-8280 Portland, OR
Internet Consulting, Intelligent Web site Development & Secure site Hosting.
http://www.WebArchitecture.com/
"This is an era when nonsense has become acceptable and sanity is
controversial."
- Thomas Sowell
------------------------------------------------
More information about the PLUG
mailing list