Unless the Linksys runs a service on tcp/443 (or udp/2002 perhaps), I doubt it's the same problem. With the Cisco 675s, I believe their http implementation had it's own overflows and was knocked out by the requests. In this case, it's more likely that the poor Linksys got crushed by the load of scanning. An old 2518 we have still in service showed almost 90% of available memory consumed by the worm. It also increased cpu utilization from 3% to over 50%, and caused a noticeable increase in interface errors on both LAN and WAN ports in another case. Mike ----- Original Message ----- From: "James Williams" <jwilliamsat_private> To: <incidentsat_private> Sent: Thursday, September 19, 2002 7:11 AM Subject: Linux Slapper Worm and Linksys > Has anybody heard of or seen the Slapper worm DoS a Linksys SOHO router out > of commission? A co-worker whose machine had been infected over the weekend > had his linksys router die over the same period that his box had been > infected with the worm. I know that Nimda had a similar affect on the Cisco > 67x Series ADSL routers running a certain firmware revision and I was > wondering if the Slapper had a similar affect with the Linksys SOHO routers. > > > James Williams > Network Systems Technician > West Texas A&M University > http://www.wtamu.edu > Phone: (806) 651-2162 > Email: jwilliamsat_private > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 12:21:01 PDT