Slapper.B remnants?

Pat Wilson paw at
Wed Sep 25 03:40:00 GMT 2002

We got hit with what appeared to be Slapper.B a couple of days ago.
Thought we'd gotten it under control, but machines that were infected and
have _supposedly_ been cleaned (files removed from /tmp, rogue httpds
killed) are still pinging suspiciously.

Has anyone else seen this?  I only have traffic logs to go on, so I'm
working blind.  The "phone home" IPs include,,,,, and


Pat Wilson
Network Security Manager
UCSD ACS/Network Operations
paw at
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015

More information about the unisog mailing list