Just an FYI - Apache Worm on the loose

Phil Rosenthal pr at isprime.com
Wed Jul 10 22:42:16 UTC 2002


If you want to be really proactive... Just filter out port 80, and then
you can't get hacked...

--Phil

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Stephen J. Wilcox
Sent: Wednesday, July 10, 2002 6:30 PM
To: Scott Francis
Cc: Jason Legate; nanog at nanog.org
Subject: Re: Just an FYI - Apache Worm on the loose



If you want to be proactive, filter this port across your backbone and
you will very quickly see what hosts have been compromised.. on the
other hand individual customers seem to use all their bandwidth so they
tend to phone in pretty quick!

Steve


On Wed, 10 Jul 2002, Scott Francis wrote:

> On Tue, Jul 09, 2002 at 02:26:23PM -0700, jlegate at alienchick.com said:
> > There is an Apache worm out there, and it uses port 2001/udp to 
> > operate.  You may wanna scan your own boxes for this open port.
> 
> Announced last week on BUGTRAQ and elsewhere. 
> http://online.securityfocus.com/archive/1/279529
> 
> (and was it _really_ necessary to post a hex dump of the entire thing?

> The actual source is available linked from the BUGTRAQ post above ...)
> 





More information about the NANOG mailing list