slapper worm

[Mike McCarty]

Gene Heskett wrote:
> On Tuesday 24 January 2006 14:20, Mike Klinke wrote:
> 
>>On Tuesday 24 January 2006 13:08, Mike McCarty wrote:
>>
>>>I'm a little shocked at this, frankly. I Googled around, and
>>>found mentions of the Slapper going back to 2002. Why is it that
>>>this exploit (and variations of it) haven't all been stamped
>>>out years ago?
>>
>>Read the link I posted yesterday, according to them, it's been
>>rewritten to exploit new ways to get in to your box.
>>
>>http://www.lurhq.com/slapperv2.html
>>
> 
> If this file mentioned on the site doesn't exist on any of my systems, 
> is it safe to assume relative safety against this attack?
> 
> I would think so when combined with the ISP's (vz) blocking of port 80, 
> but what do I know...  Thats why I asked, Mike.

I suppose you mean "Mike Klinke" and not "Mike McCarty" :-)

I dunno. I just ran

# find / -nmae xmlrpc.php -print

and didn't come up with anything. But that's expected, since
I run behind a router set up as a firewall, completely stealth
except for the e-mail challenge port (which is closed). A

$ ps -A | grep pache
$ ps -A | grep ssl

doesn't show anything, so Apache isn't running, and I guess
SSL isn't either.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!