So called "Slapper activity" in the logs is simply an attempt to talk http to an https port. Any browser or web spider/robot/crawler will generate this.
This detailed in the CERT update http://www.cert.org/advisories/CA-2002-27.html John -----Original Message----- From: Schmehl, Paul L To: Mikhail Iakovlev Cc: [EMAIL PROTECTED] Sent: 26/09/02 05:31 Subject: RE: [Full-Disclosure] The last word on the Linux Slapper worm Send me the exploit and I'll test it against the server. I've seen Slapper activity in the logs, but I haven't seen any compromise. As of this writing (I just checked), Red Hat only has opensssl 0.9.6b-28 available as an RPM on their update site (for Red Hat 7.2.) - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
