I think this might be a variant of the Linux Slapper worm. I have reported it to AUSCERT but they have not got back to me.
Anyone running Apache SSl look for: /tmp/devnull /tmp/sslx /tmp/b/lis /tmp/.god_you_make_me_laugh_cantin-boy The only one that seems to do anything is /tmp/devnull which is trying to do a DDoS to somewhere on dest port 443. I can't find any info on this anywhere. Does anyone have any ideas what it is? I have patched openssl to the latest from RH 0.9.6b-28 -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "Flatter government, not fatter government." - me Get rid of the Australian states. ------------------------------------------ If electricity comes from electrons, does morality come from morons? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
