Slapper.B remnants?

Pat Wilson paw at noh.ucsd.edu
Wed Sep 25 03:40:00 GMT 2002


We got hit with what appeared to be Slapper.B a couple of days ago.
Thought we'd gotten it under control, but machines that were infected and
have _supposedly_ been cleaned (files removed from /tmp, rogue httpds
killed) are still pinging suspiciously.

Has anyone else seen this?  I only have traffic logs to go on, so I'm
working blind.  The "phone home" IPs include 62.76.0.42, 153.105.252.98, 
155.246.66.176, 155.246.100.66, 194.149.64.5, and 208.138.82.10.

Thanks.


Pat Wilson
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015




More information about the unisog mailing list