Sluggers, I have a friend who's network connection is being hammered by UDP inbound requests on port 2002. From what I can read this is the slapper worm. The machine is dropping the packets with iptables but the connection is flooded (DOS).
The box itself is not sending out udp 2002 (the firewall is blocking and logging any outbound upd 2002 and there is none.) Googled around for info, realise that the ssl has to be patched but nothing tells me how to test if the box is infected itself, or if it's just listed and being hammered by other infected boxes. (It's not advertising on udp 2002, which is apparently how the boxes advertise themselves, maybe using some other port in which case does anyone know which one). Any advice appreciated. Pete -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
