Reply With QuoteI posted the same thing earlier in the Front Page forum ...
A new worm that attacks Linux Web servers has compromised more than 3,500 machines, creating a rogue peer-to-peer network that has been used to attack other computers with a flood of data, security experts said Saturday.
http://news.com.com/2100-1001-957988.html
And Symantec had released a new advisory.
I posted the same thing earlier in the Front Page forum ...
I checked the front page news and didn't see it. I don't usually check the front page forum and stuff and I thought this kind of stuff is better suited for security forum than news forum...
:-\
Hay anyone been hit by this? Does unloading the ssl module really do the trick as symantec states?
Here's the bugtraq.c's comments incase anyone is interested:
/************************************************** ************************
**
*
*
* Peer-to-peer UDP Distributed Denial of Service
(PUD) *
* by
contem@efnet *
*
*
* Virtually connects computers via the udp protocol on
the *
* specified port. Uses a newly created peer-to-peer protocol
that *
* incorperates uses on unstable or dead computers. The program
is *
* ran with the parameters of another ip on the virtual network.
If *
* running on the first computer, run with the ip 127.0.0.1 or
some *
* other type of local address.
Ex: *
*
*
* Computer A: ./program
127.0.0.1 *
* Computer B: ./program
Computer_A *
* Computer C: ./program
Computer_A *
* Computer D: ./program
Computer_C *
*
*
* Any form of that will work. The linking process works
by *
* giving each computer the list of avaliable computers,
then *
* using a technique called broadcast segmentation combined with
TCP *
* like functionality to insure that another computer on the
network *
* receives the broadcast packet, segments it again and
recreates *
* the packet to send to other hosts. That technique can be used
to *
* support over 16 million simutaniously connected
computers. *
*
*
* Thanks to ensane and st for donating shells and test
beds *
* for this program. And for the admins who removed me because
I *
* was testing this program (you know who you are) need to
watch *
* their
backs. *
*
*
* I am not responsible for any harm caused by this
program! *
* I made this program to demonstrate peer-to-peer communication
and *
* should not be used in real life. It is an education program
that *
* should never even be ran at all, nor used in any way, shape
or *
* form. It is not the authors fault if it was used for any
purposes *
* other than
educational. *
*
*
************************************************** *************************
*/
[quote author=tolstoy link=board=5;threadid=4987;start=0#49854 date=1032316757]
Hay anyone been hit by this? Does unloading the ssl module really do the trick as symantec states? [/quote]
I'm watching carefully my logs on my web server and had disabled any mentioning of SSL in httpd.conf and disabled my HTTPS service for now.
No patch had been issued AFAIK.
I think you need to upgrade to the latest version of OpenSSL. Afaik, that will fix it.
The fix has been around for some time, and as segfault stated, the most recent versions of ssl software have the corrections. Thats the thing that got me -- all of the irresponsible admins (apparently over 3500). I would hope that anyone running a service at least spends an hour or so a week reading about any patches that may have come out. Much less the fact that Security Focus hands you the bug reports in an email every Monday, Wednesday, and Friday ....
Has anyone here had any firsthand experience?
Posting Permissions
Bookmarks