Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Slapper worm DoS

From: "james" <jamesh () cybermesa com>
Date: Tue, 24 Sep 2002 09:39:42 -0600
I have a client, who is an ISP, that is having real trouble with large
amounts of traffic, at times causing a DoS, on the "control channel"
ports 2002 and 4156. He has a Linux box that was infected and now is clean.
However the internet seems to know about his address
and still sends him lots of traffic. I am dropping the known worm ports for
him on our edge routers. I was thinking of asking him to change the IP of
the box, does anyone know if the worm knows the addresses of infected hosts
by IP or name ?

James Edwards
jamesh () cybermesa com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700






----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: