On Wed, 2002-09-25 at 15:41, Jeff AA wrote: > Thanks you for the heads up! > > Some quick research and I conclude we have not been infected for the > following reasons: > *) no compiler on the webserver > *) no /tmp files or processes [cinik unlock uubugtraq bugtraq] > *) tripwires not reporting altered binaries etc > *) no unusual network traffic on ports described [1978 2002 4156] > *) no outgoing web connections to untrusted sites reported by firewall > > Do you concur? If we are not infected, is Debian still vulnerable to a Did you check the tripwire from a known good database using a known good kernel (eg. booted from CDROM or somesuch) ? If yes, it seems OK. > DOS from this worm? ie Why is Apache crashing? Thanks for the help, It could have been something other than the worm using the same vulnerability. Or it could have been a "normal" test (albeit a bit strangely looked at these days :-) Cheers, Tycho -- Tycho Fruru tycho@fruru.com "Prediction is extremely difficult. Especially about the future." - Niels Bohr
Attachment:
signature.asc
Description: This is a digitally signed message part