RE: What's on udp/2002 ?

["Matthew F. Caldwell" <mattc () guarded net>]

This is the control channel for the P2P network of the SLAPPER WORM.
The first instance of the worm we detected originated from a European
University. 

Vulnerabilities:
----------------
Viruses/Worms: Late on September 13th, a new virus known as
Linux.Slapper.Worm or the Apache/mod_ssl Worm was discovered. The worm
tries to exploit a buffer overflow vulnerability in the OpenSSL
component of SSL-enabled Apache web servers. Once active, the worm can
be used as a backdoor to start up a range of denial-of-service attacks.

Recommendations:
----------------
Virsues/Worms: Some Antivirus firms have updated definitions to combat
this threat. Please check with your antivirus provider immediately and
carefully review the advisory at
http://www.cert.org/advisories/CA-2002-27.html.


Matthew F. Caldwell, CISSP
Chief Security Officer
GuardedNet, Inc 


-----Original Message-----
From: Guido Van De Velde [mailto:Guido.VanDeVelde () cc kuleuven ac be] 
Sent: Wednesday, September 18, 2002 8:54 AM
To: incidents () securityfocus com
Subject: What's on udp/2002 ?

At least something very interesting, according to our fw logs.
Anyone any idea ?

TIA
-- 
guido


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com