Security Incidents: Re: slapper worm varient "cinik"

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: slapper worm varient "cinik"

From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Wed, 25 Sep 2002 14:38:30 -0400 (EDT)

James and all,

Apparently the intruder got rather upset I spoiled his fun and about 15
minutes after I shut him out, I was a victim of a udp-based DOS attack.

Actually, it wasn't an intruder; the UDP flood you are experiencing is a
consequence of a worm network design. Most likely the worm managed to join
the network before you shut it down and now its peers are trying to access
your machine.

For more info got to http://isc.incidents.org/analysis.html?id=169 and
http://isc.incidents.org/analysis.html?id=167

Best,
-- 
  Anton A. Chuvakin, Ph.D., GCIA
     http://www.chuvakin.org
   http://www.info-secure.org


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

slapper worm varient "cinik" James P. Kinney III (Sep 25)
- Re: slapper worm varient "cinik" Anton A. Chuvakin (Sep 25)
  - Re: slapper worm varient "cinik" Mark (Sep 26)
    - Re: slapper worm varient "cinik" James P. Kinney III (Sep 26)