[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Linux Slapper worm - New variants ?



Sorry .... didn't realize that inserting lines was done in HTML.

I realize that Psyche is for RH8. I have 3 Linux machines in my
Network all interconnected and running RH8 as well as RH6.2.
My RH8 box DOES have both Apache and SSL/SSH, so I figured
the RH8 box is more likely the culprit. That is why I posted the message
here rather on zoot. Let's face it - Linux worms and viruses affect
EVERYONE, and they don't care about your distro - only about your
vulnerabilities. RH8 list users just seem to be far more up-to-date in their
knowledge. However, I don't want to step on anybody's toes, so I will
not post zoot stuff here again.

As per the Slapper issue, thanks for the tips - I will definitely look into
them.

Apologies again for the inconvenience. As soon as I find any more info on
what
this shindig is all about, I will let everyone know just for safety's sake.
Better
safe than sorry.

Jason

----- Original Message -----
From: "Tony Nugent" <tony linuxworks com au>
To: "Redhat 8. 0 Psyche Mailing List" <psyche-list redhat com>
Sent: Friday, March 14, 2003 12:15 PM
Subject: Re: Linux Slapper worm - New variants ?


> On Fri Mar 14 2003 at 11:08, "Jason Dale" wrote:
>
> > Content-Type: text/html;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
>
> Please, no html to mailing lists.  please?
>
> > My ISP has advised me of possible Linux slapper worm activity on one of
> > our Linux servers, running Red Hat Linux 6.2
>
> rh6.2 is highly stable, but it does require many updates to keep it
> secure.  (I thought that this list was for rh8.0, zoot-list is for
> 6.2, but no matter).
>
> > This machine does NOT have apache or any ssl / ssh package installed.
> > To my knowledge, Linux slappers exploit vulnerabilities in openssl
> > libraries.
>
> Hmmm... I haven't notice any recent mention of this on bugtraq.
>
> > I have searched my system for the files of the variants .A, .B and .C.
> > Nothing unusual has been found. I checked the /tmp directory.
>
> > Does anyone know of a tool I can use to scan my system to be sure?
> > Are there any new variants out there that are not discussed on Redhat or
> > Symantec?
>
>
> chkrootkit -- "locally checks for signs of a rootkit"
>
>    http://www.spenneberg.org/chkrootkit-mirror/index.html
>
> > Any suggestions welcome
> >
> > Are there any commands that I can run on the command line to check for
> > any erratic network card activity ? which logs can I check?
>
> tcpdump, or iptables on a nearby router.
>
> There are other tools too, such as portsentry:
>
>    http://www.psionic.com/products/portsentry.html
>
> > Jason
>
> Do let us know what becomes of all this.
>
> Cheers
> Tony
>
>
>
> --
> Psyche-list mailing list
> Psyche-list redhat com
> https://listman.redhat.com/mailman/listinfo/psyche-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]