slapper worm

[Mike McCarty]

Michael Mansour wrote:
> Hi Mike,
> 
> 
I wrote the stuff in >>

>>I suppose you mean "Mike Klinke" and not "Mike McCarty" :-)
>>
>>I dunno. I just ran
>>
>># find / -nmae xmlrpc.php -print
> 
> 
> You should be able to use "locate" for speed in searching, prior to that you
> may run "updatedb&" to update the slocate database.

I am aware of "locate". Thanks!

>>and didn't come up with anything. But that's expected, since
>>I run behind a router set up as a firewall, completely stealth
>>except for the e-mail challenge port (which is closed). A
>>
>>$ ps -A | grep pache
> 
> 
> I think you would need to look for the "http" process.

$ ps -A | grep ttp
$

> You should do a "netstat -na | grep SYN", if you see alot of those then
> slapper is there DOS attacking people.

$ netstat -na | grep SYN
$

Thanks for the advice. But, as I am behind a stealth firewall,
I feel relatively secured against *this* type of attack.

Umm, what does "there DOS attacking people"? I had problems
parsing that.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!