Re: [Sheflug] Ramen worm

["Chris J/#6" <nospam [at] nccnet.co.uk>]

> 
> Maybe this is connected with the network and printing problems I have had.
> Did I read that this worm makes security patches as well as replacing
> index.html??
> Or am I just fantasising?  Anyway, is there a quick fix I can do to block all
> but Web and email traffic to my machine?  Clearly I need to take urgent
> action.
> 
> Matt.
> 

A good tech description of the worm:
	http://www.linuxsecurity.com/articles/host_security_article-2462.html

Also cast your eyes to www.linuxsecurity.com and also keep uptodate with 
security patches for your dist (or if its a custom dist, each 
package/program).

wu-ftpd's a bit of a security hole anyhow - won't be long before another hole 
is found - it's like sendmail in that regard :) [though sendmail has improved 
itself over the past couple of years or so, I still don't trust it]. A good 
alternative to wu.ftpd is proftpd (www.proftpd.net).

A quick fix to web and mail - shutdown all irrelevant services. If you need 
them on an internal net, setup a firewall :) And that, dear reader, is 
another thread of posts on here [as trying to guess someone else's setup is 
doomed to failure] :)

Chris...

-- 
Chris Johnson            \  "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk        \  for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/   ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000   \______


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.