paw at noh.ucsd.edu
Wed Sep 25 03:40:00 GMT 2002
We got hit with what appeared to be Slapper.B a couple of days ago.
Thought we'd gotten it under control, but machines that were infected and
have _supposedly_ been cleaned (files removed from /tmp, rogue httpds
killed) are still pinging suspiciously.
Has anyone else seen this? I only have traffic logs to go on, so I'm
working blind. The "phone home" IPs include 126.96.36.199, 188.8.131.52,
184.108.40.206, 220.127.116.11, 18.104.22.168, and 22.214.171.124.
Network Security Manager
UCSD ACS/Network Operations
paw at ucsd.edu
6F3A AE75 F931 3A19 D207 19F3 DB9B 29DC 2C3F E015
More information about the unisog