|
Security Incidents
mailing list archives
slapper changed to udp 1812?
From: fingers <fingers () fingers co za>
Date: Tue, 1 Oct 2002 17:43:18 +0200 (SAST)
hi
I might be totally off the mark here, but has slapper now changed to port
1812?
I'm seing huge volumes of traffic, to what seem to be slapper infected
hosts.
I see 2 infected hosts, with 2343 and 2384 unique source addresses
speaking to each of them respectively. I'm unable to do actual dumps of
the data at this stage, so if anyone could either confirm, or tell me I'm
off my rocker, would appreciate it.
I've checked a few source and destination ip's, and they all seem to be
*nix, with outdated ssl, for example:
Date: Tue, 01 Oct 2002 21:46:02 GMT
Server: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b
DAV/1.0.3 PHP/4.1.2 mod_perl/1.26
Regards
--Rob
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- slapper changed to udp 1812? fingers (Oct 01)
|
Intro
