[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: bugtraq.c httpd apache ssl attack


Noah L. Meyerhans wrote:
In 3 dias, about 1500 diferent IP address tried to contact my machine at UDP port 2002. Fortunally i have iptables configured.
That's interesting.  I haven't seen any traffic to udp port 2002 in the
past couple of days at all.  The worm uses the following code to pick
targets at random:
I find it hard to believe that 1500 different hosts randomly chose your
machine, while 0 randomly chose any of mine.

As described in another mail: I can confirm that there was (and still is) a *huge* packet storm against port 2002 on the infected machine that I found. Even after cleaning the machine up (removing .bugtraq and closing the hole) they are bouncing in (or try to, they get smashed at the firewall).

Bye, Mike

Reply to: