From: "Marco Calistri" <[EMAIL PROTECTED]>
> Hello all,my home network is composed by 2 linux machines,the number 1 is my
> internet gateway-firewall who drives a dial-up connection to my ISP,
> the number 2 is an AMPRNET (amateur radio packet radio network) server where
> are running several services as HTTP on port 80;
> linux machine 1 uses a tcp redirection of port 80 toward linux machine 2,
> whenever I start a connection to my ISP,I see some HTTP connection attempts
from
> machine 1 to machine 2
> (on reality attempts start from the infected external host).
>
> Looking into machine 2's logs I see the following:
>
> "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
Yes it is. This is the new "installs a back door and locks itself into the
machine even through reboots" version.
> Wonder if have I to worry for something about my JNOS,filesystems integrity,
> and/or even for possible virus broadcasting to other hosts from my system.
http://www.incidents.org contains all the information about the worm you could
ask for and more. It is suggested reading, if sort of academic to the Linux
community, THIS TIME.
(Short answer - no.)
{^_^}
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
