slapper worm varient "cinik"

From: James P. Kinney III (jkinneyat_private)
Date: Tue Sep 24 2002 - 16:02:01 PDT

Next message: John Campbell: "RE: new IIS worm? (rcp lsass.exe)"

Previous message: webbiat_private: "RE: new IIS worm? (rcp lsass.exe)"
Next in thread: Anton A. Chuvakin: "Re: slapper worm varient "cinik""
Reply: Anton A. Chuvakin: "Re: slapper worm varient "cinik""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was attacked by a variant of the slapper worm called "cinik". I got
lucky and caught the intruder in the act and managed to get the source
code before it was removed and I shut him out. 

Apparently the intruder got rather upset I spoiled his fun and about 15
minutes after I shut him out, I was a victim of a udp-based DOS attack.

I have the source code and binaries and some intruder data if you are
interested. I tried to send it earlier, but the message size exceeded
your limit.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinneyat_private>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7

application/pgp-signature attachment: This is a digitally signed message part

Next message: John Campbell: "RE: new IIS worm? (rcp lsass.exe)"
Previous message: webbiat_private: "RE: new IIS worm? (rcp lsass.exe)"
Next in thread: Anton A. Chuvakin: "Re: slapper worm varient "cinik""
Reply: Anton A. Chuvakin: "Re: slapper worm varient "cinik""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 11:30:32 PDT