[Snort-users] Ramen Worm.......got packets?

Jan Muenther jan at ...206...
Fri Jan 19 05:41:27 EST 2001


Hi,

> If you do a search through your snort logs or database for "Synscan", grab
                                                             
^^^^^^^^
Now check who gloriously submitted the synscan rule quite a while
ago and has mentioned several times he thinks there's an
automated tool using synscan as a scanning engine.... ;o)))

> I'm sure the number of hosts infected will only increase.  

_Definitely_. I'm always amazed at how many people consider a
default Linux installation secure... which it's NOT - talking
about RH 7.0, one might also imagine a similar thing with the lpd
exploit. I think this is probably the first of a whole new
generation of worms. 

> How long do you
> think it will be before someone turns it into a DDoS tool that propagates
> itself or into a worm that finds 2 more hosts to propagate to before doing a
> "rm -rf /*".

Scary, but pretty probable. While ramen appears to be more or
less a prank, there are loads of 31337 h4XoRs out there who might
be ready and willing to do more damaged once they figure out how
to do it. Just think about IRC and what's become of it.

*sigh*

Jan
-- 
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...




More information about the Snort-users mailing list