[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: bugtraq.c httpd apache ssl attack



On Sat, Sep 14, 2002 at 08:00:15PM +0200, Guille -bisho- wrote:
> In 3 dias, about 1500 diferent IP address tried to contact my machine at 
> UDP port 2002. Fortunally i have iptables configured.

That's interesting.  I haven't seen any traffic to udp port 2002 in the
past couple of days at all.  The worm uses the following code to pick
targets at random:
			if (d == 255) {
				if (c == 255) {
					a=classes[rand()%(sizeof classes)];
					b=rand();
					c=0;
				}
				else c++;
				d=0;
			}

I find it hard to believe that 1500 different hosts randomly chose your
machine, while 0 randomly chose any of mine.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpHUWkg6Vx8O.pgp
Description: PGP signature


Reply to: