[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Ramen worm

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: [Sheflug] Ramen worm
From: "Barrie Bremner" <nospam [at] ecosse.net>
Date: 7 Feb 2001 20:33:48 -0000
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Fairtlough writes:

 > Anyway, is there a quick fix I can do to block all
 > but Web and email traffic to my machine?  Clearly I need to take urgent
 > action.

Ah...I missed this bit when I responded earlier.

You should really (I do it when config'ing the machine after install)
shutdown every service/server running on your box.
It should close up most of the common holes found on boxen.

Download nmap as well - use that to portscan your own machine once you
have finished.

I'm not sure exactly which files Ramen modifies - but unless someone
else contradicts me - I'd be looking at doing a clean install.

Take the machine offline - physically disconnect it from any networks.
 If you have any other RedHat machines on a LAN - ensure that they
haven't been infected too.

When you do bring the machine back up turn every server off.

Only then reconnect to a network and go and get all the errata and
install them.

You're using Gentu aren't you?
If you want I can burn you a RH6.2 or RH7 disks, and most, if not all
the of errata, plus latest kernel sources (2.2.18 and 2.4.1) and nmap.

Paul, I'm not entirely sure what your email scanner is picking up
(probably my dodgy mailserver config...). From all the information
I've read (security portal, redhat, etc, etc) Ramen scans class B
networks for new hosts - and then attacks suceptable hosts that my -
not via email.

- -- 
Barrie J. Bremner

TheEnglishman [at] ecosse.net | OpenPGP public key ID: 5164F553
	    http://www.geocities.com/thefatenglishman
	    [Contact information available at website]

   "Linux? Is that some kind of MacOS?"
      -- BT technical support

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE6gbEoZQLiUlFk9VMRAqO6AJ9r4PWP3P2SOz9/bc1QiQ2OujRemACdFPIE
jcKhxB1n1FFYrZHubZXtQQQ=
=WVSz
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Ramen worm
  - From: Matt Fairtlough <fairtlough [at] blueyonder.co.uk>
- Re: [Sheflug] Ramen worm
  - From: Alex Hudson <home [at] alexhudson.com>

References:
- RE: [Sheflug] printing post cable modem
  - From: "French, Alastair" <Alastair.French [at] racalinst.co.uk>
- Re: [Sheflug] printing post cable modem
  - From: Matt Fairtlough <fairtlough [at] blueyonder.co.uk>
- Re: [Sheflug] printing post cable modem
  - From: Alex Hudson <home [at] alexhudson.com>
- [Sheflug] Ramen worm
  - From: Matt Fairtlough <fairtlough [at] blueyonder.co.uk>

Prev by Date: Re: [Sheflug] No ramen here, thanks...
Next by Date: Re: [Sheflug] Ramen worm
Prev by thread: [Sheflug] Ramen worm
Next by thread: Re: [Sheflug] Ramen worm
Index(es):
- Date
- Thread