For those that may not have heard, there is already a new version of slapper out in the wild. I run multiple servers and had forgotten I ran SSL on one of them, so I got infected with it. :-( Anyway the new variant is called: cinik. It stores itself in the same directory (/tmp) but now all the filenames are .cinik.c .cinik, etc.
This thing runs on UDP port 1978. This is also a broken one in that it will simply take down your internet connection totally even before an attack is launched. I would HIGHLY suggest people block off UDP port 1978 if they don't NEED it for something else. This variant still uses the same backdoor the original slapper worm did, so an upgrade of SSL should fix the problem. Some work has definately been done on this to make it a little harder to find. (It even says so in the opening comments.) hehehe. Just a heads up for everyone. - Matt -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
