[11637] in cryptography@c2.net mail archive
Re: OpenSSL worm in the wild
daemon@ATHENA.MIT.EDU (Robin Whittle)
Sun Sep 15 20:36:04 2002
Date: Mon, 16 Sep 2002 10:08:31 +1000
From: Robin Whittle <rw@firstpr.com.au>
To: Bugtraq <BUGTRAQ@securityfocus.com>,
Cryptography <cryptography@wasabisystems.com>,
Apache SSL <apache-ssl@lists.aldigital.co.uk>
Cc: Ben Laurie <ben@algroup.co.uk>,
cypherpunks <cypherpunks@einstein.ssz.com>
My RH7.2 machine was hit by this worm at 9PM Australian EST Sunday night
(6AM US East Coast time not counting summertime) and I had not noticed
mention of it on BugTraq. Web searches found no mention of it, but the
worm arrives as nicely written source in /tmp/, so I figured it out,
turned off SSL and rebooted.
About 6 hours later, a CERT page appeared and I expected this to be
announced on BugTraq, but since it hasn't yet, here is the URL for the
"Apache/mod_ssl worm, linux.slapper.worm and bugtraq.c worm.":
http://www.cert.org/advisories/CA-2002-27.html
It depends on the SSL vulnerabilities described on 30 July which I had
erroneously not dealt with on my machine:
http://www.cert.org/advisories/CA-2002-23.html
"Linux.slapper" indeed! My 56k link to the Net was flooded with UDP
port 2002 packets from other machines. The financial cost of this over
a few days at ~USD$0.09 a Megabyte would have been serious and the link
almost unusable, but my ISP (Telstra Internet) quickly responded to my
3AM request and filtered UDP port 2002 at their router.
- Robin
http://www.firstpr.com.au http://fondlyandfirmly.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
