[PLUG] Slapper.C
Keith Nasman
keith at ahapala.net
Tue Oct 1 19:07:39 UTC 2002
On Tue, 1 Oct 2002, Patrick Beart wrote:
> At 10:27 AM -0700 10/1/02, Keith Nasman wrote:
> >I just found one of my servers infected with the Slapper.C(Cinik) worm.
> >This machine is totally up to date as far as Red Hat Network, which means
> >openssl-0.9.6b-28.
> >
> >I have read most of the threads in here on Slapper and I surmised that RH
> >back-ported the appropriate fix. Apparently I was wrong, and now all my
> >machines are exposed.
>
> Keith:
>
> Not to rub your nose in it, at all, but (for me) this is
> where firewalls come in very handy. I made the usual modifications to
> httpd.conf and checked /tmp for signs, then made changes to my
> firewall (appliance) configuration. Closed ALL incoming UDP ports,
> except 2.
>
Please, rub my nose, I have to learn it :-) Before I turn off all UDP,
which ports have to be open? DNS needs 53, right?
Keith
More information about the PLUG
mailing list