Full Disclosure mailing list archives
dDoS tool
From: "Daniel F. Chief Security Engineer -" <danielf () supportteam net>
Date: Fri, 24 Jan 2003 12:06:25 -0600
Has anyone seen a dDoS tool that spoofs packets with the following sig. 17:31:00.586927 146.201.0.0.1525 > x.x.x.x.53: S 863830016:863830016(0) win 16384 17:31:00.587631 159.16.0.0.1881 > x.x.x.x.53: S 1406468096:1406468096(0) win 16384 17:31:00.588101 146.202.0.0.1487 > x.x.x.x.53: S 1303183360:1303183360(0) win 16384 17:31:00.588453 153.52.0.0.1713 > x.x.x.x.53: S 584646656:584646656(0) win 16384 17:31:00.588687 125.80.0.0.1719 > x.x.x.x.53: S 1109524480:1109524480(0) win 16384 17:31:00.588806 19.84.0.0.1098 > x.x.x.x.53: S 984547328:984547328(0) win 16384 17:31:00.589039 184.36.0.0.1410 > x.x.x.x.53: S 537985024:537985024(0) win 16384 17:31:00.589157 158.247.0.0.1446 > x.x.x.x.53: S 1401094144:1401094144(0) win 16384 All the ips that were attacking us ended in 0.0, which we all know those IPs should not be sending packets to the internet to begin with. We were seeing this for every IP 0.0.0.0 - 255.255.0.0 coming inbound. Thanks for anyhelp. -- Daniel Fairchild - Chief Security Engineer | danielf () supportteam net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- dDoS tool Daniel F. Chief Security Engineer - (Jan 24)