Port 1080, 3127 and 3128
There has been an increase of attempts directed at port 1080, 3127 and 3128 for the past few days. At this point of time, no firm conclusion can be made on these activities. F-Secure reported a new worm (Vesser) that might be responsible for these activities. This worm spreads through the backdoor of Mydoom and SoulSeek P2P program. As reported, it will remove Mydoom backdoor on infected machines. It contains an IRC-based backdoor and HTTP proxy: http://www.f-secure.com/v-descs/vesser.shtml Symantec's W32.HLLW.Deadhat writeup: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html NAI also calls it Deadhat: http://vil.nai.com/vil/content/v_101000.htm Let us know if you have further details on this worm. Apache-SSL optional client certificate vulnerability A vulnerability is reported in Apache-SSL optional client certificate configuration. If configured with SSLVerifyClient set to 1 or 3 (client certificates optional) and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. The vendor has issued a fixed version of Apache-SSL (1.3.29+1.53): http://www.apache-ssl.org/advisory-20040206.txt |
Kevin 32 Posts Feb 8th 2004 |
Thread locked Subscribe |
Feb 8th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!