[PLUG] Slapper.C

Keith Nasman keith at ahapala.net
Tue Oct 1 19:07:39 UTC 2002


On Tue, 1 Oct 2002, Patrick Beart wrote:

> At 10:27 AM -0700 10/1/02, Keith Nasman wrote:
> >I just found one of my servers infected with the Slapper.C(Cinik) worm.
> >This machine is totally up to date as far as Red Hat Network, which means
> >openssl-0.9.6b-28.
> >
> >I have read most of the threads in here on Slapper and I surmised that RH
> >back-ported the appropriate fix. Apparently I was wrong, and now all my
> >machines are exposed.
> 
> Keith:
> 
> 	Not to rub your nose in it, at all, but (for me) this is 
> where firewalls come in very handy. I made the usual modifications to 
> httpd.conf and checked /tmp for signs, then made changes to my 
> firewall (appliance) configuration. Closed ALL incoming UDP ports, 
> except 2.
> 

Please, rub my nose, I have to learn it :-) Before I turn off all UDP, 
which ports have to be open? DNS needs 53, right?

Keith






More information about the PLUG mailing list