[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] have I been 0wn3d?
- Subject: RE: [cobalt-security] have I been 0wn3d?
- From: Pete Soderling <pete@xxxxxxxxxxxxx>
- Date: Mon, 16 Sep 2002 16:03:38 -0400 (EDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Well, here's what I've done for the moment ... this is based on my quick search for the worm and what it does. I have no idea if this is only port that's exposed, but it's a start.
ipchains -A input -j DENY -p udp -l -s 0.0.0.0/0 -d 0.0.0.0/0 2002
Unless someone disagrees, I'm hoping that if i AM compromised, this will disable the backdoor while I sort out the problem ...
--pete
Microsoft - because choices are confusing.