I can't claim that the reason of that is *exactly* Slapper.....but linksys in firm where i'm part time security consultant has the same problem. It died yesterday and was replaced by CISCO (ohhh......good choice i guess) after IDS had detected Slapper scan. So that i can *CONFIRM* this Mike Lewinski wrote: > Unless the Linksys runs a service on tcp/443 (or udp/2002 perhaps), I > doubt it's the same problem. > > With the Cisco 675s, I believe their http implementation had it's own > overflows and was knocked out by the requests. > > In this case, it's more likely that the poor Linksys got crushed by the > load of scanning. An old 2518 we have still in service showed almost 90% > of available memory consumed by the worm. It also increased cpu > utilization from 3% to over 50%, and caused a noticeable increase in > interface errors on both LAN and WAN ports in another case. > > Mike > > > ----- Original Message ----- > From: "James Williams" <jwilliamsat_private> > To: <incidentsat_private> > Sent: Thursday, September 19, 2002 7:11 AM > Subject: Linux Slapper Worm and Linksys > > > >>Has anybody heard of or seen the Slapper worm DoS a Linksys SOHO router > > out > >>of commission? A co-worker whose machine had been infected over the > > weekend > >>had his linksys router die over the same period that his box had been >>infected with the worm. I know that Nimda had a similar affect on the > > Cisco > >>67x Series ADSL routers running a certain firmware revision and I was >>wondering if the Slapper had a similar affect with the Linksys SOHO > > routers. > >> >>James Williams >>Network Systems Technician >>West Texas A&M University >>http://www.wtamu.edu >>Phone: (806) 651-2162 >>Email: jwilliamsat_private >> >> >> > > ---------------------------------------------------------------------------- > >>This list is provided by the SecurityFocus ARIS analyzer service. >>For more information on this free incident handling, management >>and tracking system please see: http://aris.securityfocus.com >> >> > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- Pavel ICQ UIN 39596913 8990192 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 12:05:07 PDT