[PLUG] Slapper.C

[Patrick Beart]

At 10:27 AM -0700 10/1/02, Keith Nasman wrote:
>I just found one of my servers infected with the Slapper.C(Cinik) worm.
>This machine is totally up to date as far as Red Hat Network, which means
>openssl-0.9.6b-28.
>
>I have read most of the threads in here on Slapper and I surmised that RH
>back-ported the appropriate fix. Apparently I was wrong, and now all my
>machines are exposed.

Keith:

	Not to rub your nose in it, at all, but (for me) this is 
where firewalls come in very handy. I made the usual modifications to 
httpd.conf and checked /tmp for signs, then made changes to my 
firewall (appliance) configuration. Closed ALL incoming UDP ports, 
except 2.

	I'm "up2date" as well, but I try to think in "layers of 
security." I love my Netscreen(s), but I'm going to use iptables as 
well, when I finish my server upgrades in a couple of weeks.

	Sorry to hear about your problem. I certainly don't envy the 
damage control process. I can say that I've been there with similar 
issues in the past. I got suckered into trying WireX's "Immunix 7" 
and had so many problems that it felt like I owned an Windows NT box! 
:-P





Patrick Beart
-- 
------------------------------------------------
Web Architecture  &  "iWeb4Biz"         503-774-8280       Portland, OR
Internet Consulting, Intelligent Web site Development & Secure site Hosting.
http://www.WebArchitecture.com/

"This is an era when nonsense has become acceptable and sanity is 
controversial."
                                      - Thomas Sowell
------------------------------------------------