Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Slapper questions

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Fri, 25 Oct 2002 19:31:52 +0200 (CEST)
On Thu, 24 Oct 2002, Matt Harris wrote:


It seems unlikely that an automated process was scanning on port 23/tcp
for anything that would use the SSL libraries which had these problems. 
As far as I know, no self-spawning trojan was ever created that would
even check port 22 - only port 443 would be affected at least by the
slapper worms I know of, since they relied 100% on an SSL-enabled web
server.


Several worms are still out here that hunt for several unprotected ports. 
Most of them are rare now but at least one was very good into staliking 
and breking Cobalt Cubes and default Red Hat Linux machines.

It mostly obvious by the webpage shown that the user was not really aware 
of the installed services as they were the distro default.

Hugo.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: