OpenSSL worm in the wild
Robin Whittle
rw at firstpr.com.au
Sun Sep 15 17:08:31 PDT 2002
My RH7.2 machine was hit by this worm at 9PM Australian EST Sunday night
(6AM US East Coast time not counting summertime) and I had not noticed
mention of it on BugTraq. Web searches found no mention of it, but the
worm arrives as nicely written source in /tmp/, so I figured it out,
turned off SSL and rebooted.
About 6 hours later, a CERT page appeared and I expected this to be
announced on BugTraq, but since it hasn't yet, here is the URL for the
"Apache/mod_ssl worm, linux.slapper.worm and bugtraq.c worm.":
http://www.cert.org/advisories/CA-2002-27.html
It depends on the SSL vulnerabilities described on 30 July which I had
erroneously not dealt with on my machine:
http://www.cert.org/advisories/CA-2002-23.html
"Linux.slapper" indeed! My 56k link to the Net was flooded with UDP
port 2002 packets from other machines. The financial cost of this over
a few days at ~USD$0.09 a Megabyte would have been serious and the link
almost unusable, but my ISP (Telstra Internet) quickly responded to my
3AM request and filtered UDP port 2002 at their router.
- Robin
http://www.firstpr.com.au http://fondlyandfirmly.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list