 |
Saturday, January 11, 2003 |
|
Mystery solved: I think... looks like our name server has the Slapper virus and has been hacked to run psyBNC, an IRC 'bouncer'. The psyBNC code was installed minutes after Slapper showed up so I guess the two are related. This post about Slapper mentions that arbitrary code can be run once Slapper is in. I'd read that Slapper only affected machines with Apache's open_ssl mod installed, so I thought I was safe (since I don't knowingly install it). As usual for a mere casual user in the Linux world, I did not know that when I opted for a 'server' install on the modest hardware of adelie.gulker.com (its humble PIII does better without current X server graphic environment), that meant that open_ssl would be installed. Anyway, it did, and the Red Hat 7.3 install does not apparently contain the patch that would have kept Slapper out. So I got 'Slapped'.
When Slapper kicked in, packet sniffer showed it scanning IP addresses for http servers, and connecting to other psyBNC hosts and lord knows what else (it seems to have a particulary cozy relationship with a machine at a technical college in Vladivostok)... the traffic was saturating my modest 128K DSL line... which explains the service level decline last couple days... and I wonder if the Covad card crash had anything to do with the traffic levels? Naw, probably just my luck... |
|
Still diggin... gonna miss the bloggers' dinner in San Francisco, at Barneys... Hey anybody know what might be the behavior of the Linux server virus I heard about awhile ago? My name server is doing really wierd things... Comments 6:47:07 PM 
|
|
We're still digging on our Net connection. When not walking with Linda or dropping her off at the airport, I've been running a packet sniffer... something interesting and anomalous... I'm trying to figure this out... somebody is connecting like crazy to my name server... Comments 5:37:10 PM
|
Updated 4/16/04; 12:16:30 PM
|
Chris Gulker'sUpdated 4/16/04; 12:16:30 PM
| January 2003 | ||||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
| Dec Feb | ||||||
AlwaysOn Network
Columns (soon)
Dotcom Garden
Lone Genius Hackers
Picture Weblog
Theory & Strategy
Weblogging
gulker.com Cam
Interesting blogs et al.:
Natalie d'Arbeloff
Azeem Azhar
Ken Bereskin
Blogging Ecosysytem
Blogging Network
BlogStreet
Boing Boing
Tim Bray
Matt Croydon
DaveNet
Rael Dornfest
Esther Dyson
Dave Farber's IP
Dave Fitch
David Galbraith
John Getze
William Gibson
Dan Gillmor
James Gleick
Bernie Goldbach
Meg Hourihan
Joi Ito
Xeni Jardin
Jeff Jarvis
Linux Journal
Mitch Kapor
Kuro5hin
Gunnar Langemark
Joshua Levy
Scott Loftesness
Macintouch
Ross Mayfield
Hans Moravec
Rafe Needleman
Nonsense Verse
OS Opinion
Tim Porter
Recommended Reading
Reverse Cowgirl
Glenn Reynolds
Roger Ridey
Phil Ringnalda
John Robb
Scott Rosenberg
Anita Rowland
Brent Simmons
Robert Scoble
Doc Searls
Jessica Shea
Gavin Sheridan
Shifted Librarian
Stefan Smalla
Bruce Sterling
Scripting News
Slashdot
Dan Shafer
John Tringham
Jon Udell
Moicho Umeda
Philipp Weltentummler
Kevin Werbach
Amy Wohl
