Security Incidents mailing list archives
Re: Slapper questions
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Fri, 25 Oct 2002 19:31:52 +0200 (CEST)
On Thu, 24 Oct 2002, Matt Harris wrote:
It seems unlikely that an automated process was scanning on port 23/tcp for anything that would use the SSL libraries which had these problems. As far as I know, no self-spawning trojan was ever created that would even check port 22 - only port 443 would be affected at least by the slapper worms I know of, since they relied 100% on an SSL-enabled web server.
Several worms are still out here that hunt for several unprotected ports. Most of them are rare now but at least one was very good into staliking and breking Cobalt Cubes and default Red Hat Linux machines. It mostly obvious by the webpage shown that the user was not really aware of the installed services as they were the distro default. Hugo. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Slapper questions Griff Palmer (Oct 23)
- Re: Slapper questions Stephen Smoogen (Oct 24)
- Re: Slapper questions Matt Harris (Oct 24)
- Re: Slapper questions Hugo van der Kooij (Oct 25)
- Re: Slapper questions Matt Harris (Oct 24)
- Re: Slapper questions Hugo van der Kooij (Oct 24)
- <Possible follow-ups>
- Re: Slapper questions Cian Whalley (Oct 28)
- Re: Slapper questions Stephen Smoogen (Oct 24)