Security Incidents mailing list archives

Re: A rise

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Sun, 18 Feb 2001 19:38:11 -0700

On Sun, 18 Feb 2001, Jeff Stutzman wrote:

I read on Friday that Ramen had been modified by adding the knark rootkit,
BIND exploit, and rpc exploit to the initial code. This might explain the
newfound interest in RPC scanning.


Indeed, I assume that the rise is due to a new worm, either the Ramen
variant mentioned, or another one.  Based on the descriptions of the Ramen
worms so far, I have been expecting to be able to connect to a couple of
different download/backdoor ports, and have so far been unsuccessful in
finding one that matches the descriptions given.

Does someone have a copy of the Ramen variant I can have?

                                                Ryan

Current thread:

A rise John (Feb 17)
- Re: A rise Jon Lewis (Feb 17)
- Re: A rise Ryan Russell (Feb 17)
  - Re: A rise Jeff Stutzman (Feb 18)
    - Re: A rise Ryan Russell (Feb 19)
    - Re: A rise Ryan Russell (Feb 19)
    - Re: A rise Glenn Forbes Fleming Larratt (Feb 19)
- <Possible follow-ups>
- Re: A rise Leon Rosenstein (Feb 19)