Re: Linux Slapper Worm and Linksys

[Mike Lewinski <mike () rockynet com>]

Unless the Linksys runs a service on tcp/443 (or udp/2002 perhaps), I
doubt it's the same problem.

With the Cisco 675s, I believe their http implementation had it's own
overflows and was knocked out by the requests.

In this case, it's more likely that the poor Linksys got crushed by the
load of scanning. An old 2518 we have still in service showed almost 90%
of available memory consumed by the worm. It also increased cpu
utilization from 3% to over 50%, and caused a noticeable increase in
interface errors on both LAN and WAN ports in another case.

Mike


----- Original Message -----
From: "James Williams" <jwilliams () mail wtamu edu>
To: <incidents () securityfocus com>
Sent: Thursday, September 19, 2002 7:11 AM
Subject: Linux Slapper Worm and Linksys


> Has anybody heard of or seen the Slapper worm DoS a Linksys SOHO router
out
> of commission? A co-worker whose machine had been infected over the
weekend
> had his linksys router die over the same period that his box had been
> infected with the worm. I know that Nimda had a similar affect on the
Cisco
> 67x Series ADSL routers running a certain firmware revision and I was
> wondering if the Slapper had a similar affect with the Linksys SOHO
routers.
> James Williams
> Network Systems Technician
> West Texas A&M University
> http://www.wtamu.edu
> Phone: (806) 651-2162
> Email: jwilliams () mail wtamu edu
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com