Did an Apache worm hit me?


Subject: Did an Apache worm hit me?
From: Buddha (buddha@gci.net)
Date: Tue Oct 01 2002 - 10:11:01 AKDT


I have the most up-to-date version of Apache for RH 7.2 using apt-get
which is *supposedly* all patched up.

I thought this was some "normal" bogus klez.h worm stuff, until I saw my
firewall's CPU listed. Not good.

Any advice on what to do? (Besides getting all services off of my
firewall...not an option until I setup the Sun Netra I just bought).

-TIA,
-Buddha

-------- Original Message --------
Subject: Mail delivery failed: returning message to sender
From: Mail Delivery System <Mailer-Daemon@buddha.pointclark.net>
Date: Tue, October 1, 2002 7:08 am
To: apache@buddha.pointclark.net

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  cinik_worm@yahoo.com
    SMTP error from remote mailer after RCPT TO:<cinik_worm@yahoo.com>:
host mx2.mail.yahoo.com [64.157.4.84]: 553 VS10-RT Possible forgery
or deactivated due to abuse - see
http://help.yahoo.com/help/us/mail/spam/spam-18.html (#5.1.1)

------ This is a copy of the message, including all the headers. ------

Return-path: <apache@buddha.pointclark.net>
Received: from apache by gateway.buddha.pointclark.net with local (Exim
3.22 #1)
        id 17wOdJ-0006YE-00
        for cinik_worm@yahoo.com; Tue, 01 Oct 2002 07:08:21 -0800
To: cinik_worm@yahoo.com
Subject: 24.237.211.169
Message-Id: <E17wOdJ-0006YE-00@gateway.buddha.pointclark.net>
From: Apache <apache@buddha.pointclark.net>
Date: Tue, 01 Oct 2002 07:08:21 -0800

PROC
processor : 0
vendor_id : AuthenticAMD
cpu family : 5
model : 8
model name : AMD-K6(tm) 3D processor
stepping : 12
cpu MHz : 501.140
cache size : 64 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6_mtrr
bogomips : 999.42

MEM
             total used free shared buffers
cached
Mem: 118208 103964 14244 80 42276
36360 -/+ buffers/cache: 25328 92880
Swap: 128512 15080 113432
HDD
Filesystem Size Used Avail Use% Mounted on
/dev/hda5 18G 13G 4.6G 74% /
/dev/hda1 99M 6.0M 87M 7% /boot
none 58M 0 57M 0% /dev/shm
/dev/hda2 387M 199M 169M 54% /var
IP
eth0 Link encap:Ethernet HWaddr 00:04:76:72:05:C0
          inet addr:24.237.211.169 Bcast:24.237.215.255
Mask:255.255.248.0 UP BROADCAST NOTRAILERS RUNNING MTU:1500
Metric:1
          RX packets:25111906 errors:3167 dropped:0 overruns:0
frame:3167 TX packets:21428523 errors:0 dropped:0 overruns:0
carrier:0 collisions:1848 txqueuelen:100
          RX bytes:900409456 (858.6 Mb) TX bytes:1694952036 (1616.4 Mb)
Interrupt:11 Base address:0xdc00

eth1 Link encap:Ethernet HWaddr 00:A0:CC:E7:D6:E9
          inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:174480559 errors:75 dropped:2 overruns:0 frame:4 TX
packets:122255677 errors:128 dropped:0 overruns:2 carrier:44
collisions:1039789 txqueuelen:100
          RX bytes:888232067 (847.0 Mb) TX bytes:2610819877 (2489.8 Mb)
Interrupt:9 Base address:0xe00

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:132029 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
          RX bytes:59887554 (57.1 Mb) TX bytes:59887554 (57.1 Mb)

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Tue Oct 01 2002 - 10:02:00 AKDT