My RH7.2 machine was hit by this worm at 9PM Australian EST Sunday night (6AM US East Coast time not counting summertime) and I had not noticed mention of it on BugTraq. Web searches found no mention of it, but the worm arrives as nicely written source in /tmp/, so I figured it out, turned off SSL and rebooted. About 6 hours later, a CERT page appeared and I expected this to be announced on BugTraq, but since it hasn't yet, here is the URL for the "Apache/mod_ssl worm, linux.slapper.worm and bugtraq.c worm.": http://www.cert.org/advisories/CA-2002-27.html It depends on the SSL vulnerabilities described on 30 July which I had erroneously not dealt with on my machine: http://www.cert.org/advisories/CA-2002-23.html "Linux.slapper" indeed! My 56k link to the Net was flooded with UDP port 2002 packets from other machines. The financial cost of this over a few days at ~USD$0.09 a Megabyte would have been serious and the link almost unusable, but my ISP (Telstra Internet) quickly responded to my 3AM request and filtered UDP port 2002 at their router. - Robin http://www.firstpr.com.au http://fondlyandfirmly.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com