OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Pavel Lozhkin (pavel_at_atrivo.com)
Date: Fri Sep 20 2002 - 06:35:22 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I can't claim that the reason of that is *exactly* Slapper.....but
    linksys in firm where i'm part time security consultant has the same
    problem. It died yesterday and was replaced by CISCO (ohhh......good
    choice i guess) after IDS had detected Slapper scan.

    So that i can *CONFIRM* this

    Mike Lewinski wrote:
    > Unless the Linksys runs a service on tcp/443 (or udp/2002 perhaps), I
    > doubt it's the same problem.
    >
    > With the Cisco 675s, I believe their http implementation had it's own
    > overflows and was knocked out by the requests.
    >
    > In this case, it's more likely that the poor Linksys got crushed by the
    > load of scanning. An old 2518 we have still in service showed almost 90%
    > of available memory consumed by the worm. It also increased cpu
    > utilization from 3% to over 50%, and caused a noticeable increase in
    > interface errors on both LAN and WAN ports in another case.
    >
    > Mike
    >
    >
    > ----- Original Message -----
    > From: "James Williams" <jwilliamsmail.wtamu.edu>
    > To: <incidentssecurityfocus.com>
    > Sent: Thursday, September 19, 2002 7:11 AM
    > Subject: Linux Slapper Worm and Linksys
    >
    >
    >
    >>Has anybody heard of or seen the Slapper worm DoS a Linksys SOHO router
    >
    > out
    >
    >>of commission? A co-worker whose machine had been infected over the
    >
    > weekend
    >
    >>had his linksys router die over the same period that his box had been
    >>infected with the worm. I know that Nimda had a similar affect on the
    >
    > Cisco
    >
    >>67x Series ADSL routers running a certain firmware revision and I was
    >>wondering if the Slapper had a similar affect with the Linksys SOHO
    >
    > routers.
    >
    >>
    >>James Williams
    >>Network Systems Technician
    >>West Texas A&M University
    >>http://www.wtamu.edu
    >>Phone: (806) 651-2162
    >>Email: jwilliamsmail.wtamu.edu
    >>
    >>
    >>
    >
    > ----------------------------------------------------------------------------
    >
    >>This list is provided by the SecurityFocus ARIS analyzer service.
    >>For more information on this free incident handling, management
    >>and tracking system please see: http://aris.securityfocus.com
    >>
    >>
    >
    >
    >
    >
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com 

    -- 
Pavel
ICQ UIN 39596913 8990192

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com