Re: Fwd: bugtraq.c httpd apache ssl attack
Noah L. Meyerhans wrote:
In 3 dias, about 1500 diferent IP address tried to contact my machine at
UDP port 2002. Fortunally i have iptables configured.
That's interesting. I haven't seen any traffic to udp port 2002 in the
past couple of days at all. The worm uses the following code to pick
targets at random:
I find it hard to believe that 1500 different hosts randomly chose your
machine, while 0 randomly chose any of mine.
As described in another mail: I can confirm that there was (and still
is) a *huge* packet storm against port 2002 on the infected machine that
I found. Even after cleaning the machine up (removing .bugtraq and
closing the hole) they are bouncing in (or try to, they get smashed at