[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] have I been 0wn3d?

Subject: RE: [cobalt-security] have I been 0wn3d?
From: Pete Soderling <pete@xxxxxxxxxxxxx>
Date: Mon, 16 Sep 2002 16:03:38 -0400 (EDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Well, here's what I've done for the moment ... this is based on my quick search for the worm and what it does. I have no idea if this is only port that's exposed, but it's a start.

ipchains -A input -j DENY -p udp -l -s 0.0.0.0/0 -d 0.0.0.0/0 2002

Unless someone disagrees, I'm hoping that if i AM compromised, this will disable the backdoor while I sort out the problem ...

--pete

Microsoft - because choices are confusing.

Prev by Date: Re: [cobalt-security] have I been 0wn3d?
Next by Date: RE: [cobalt-security] have I been 0wn3d?
Previous by thread: Re: [cobalt-security] have I been 0wn3d?
Next by thread: [cobalt-security] Detecting openssl Apache worm (slapper) automatically on your RaQs

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index