worm infection on linux host ? was: port 80 access while downloading over ppp ?

To: debian-laptop@lists.debian.org
Subject: worm infection on linux host ? was: port 80 access while downloading over ppp ?
From: mi <Michael.Wordehoff@gmx.de>
Date: Thu, 10 Jul 2003 23:39:04 +0200
Message-id: <[🔎] 200307102339.04440.Michael.Wordehoff@gmx.de>
Reply-to: Michael.Wordehoff@gmx.de
In-reply-to: <[🔎] Pine.LNX.4.55.0307101619210.31339@zuklin05.desy.de>
References: <[🔎] 200307101406.29932.Michael.Wordehoff@gmx.de> <[🔎] 200307101548.03447.jesus@roncero.org> <[🔎] Pine.LNX.4.55.0307101619210.31339@zuklin05.desy.de>

Thanks all.
It was nearly for sure the "Code Red II" worm. So it's still around....
I'll try nmap and snort, thanks, James.
This was a good opportunity to learn sth new.
I'm not sure if i should block those worMS at all !
I wonder if any serious danger to a _linux_  machine (no server) is out there.
I didn't hear that by now. What could they do ? Does anybody know ?

I hope checking permissions and suid's, enforcing sudo, no passwords laying 
around and such things would be enough ? 
But a worm still could scan or delete user-data ?

-- 
                                             

                                    mi <mrl>

Reply to:

Follow-Ups:
- Re: worm infection on linux host ? was: port 80 access while downloading over ppp ?
  - From: mi <Michael.Wordehoff@gmx.de>

References:
- port 80 access while downloading over ppp ?
  - From: mi <Michael.Wordehoff@gmx.de>
- Re: port 80 access while downloading over ppp ?
  - From: Jesús Roncero <jesus@roncero.org>
- Re: port 80 access while downloading over ppp ?
  - From: debianlaptop@ferrando.co.uk

Prev by Date: Linksys EtherFast 10/100 + 56K Modem PC Card (PCMLM56)
Next by Date: Re: worm infection on linux host ? was: port 80 access while downloading over ppp ?
Previous by thread: Re: port 80 access while downloading over ppp ?
Next by thread: Re: worm infection on linux host ? was: port 80 access while downloading over ppp ?
Index(es):
- Date
- Thread