Security Incidents mailing list archives
Re: What is this?
From: Max Gribov <max () DATATWIRL YI ORG>
Date: Wed, 14 Feb 2001 16:37:08 -0500
stacheldraht is a distributed denial of service attack tool, similar to trin00 or tfn. http://archives.neohapsis.com/archives/bugtraq/1999-q4/0521.html above, is a piece of bugtraq archive with stacheldraht analysis. if your network is infected, it means all infected machines on your network will be happily flooding some innocent server somewhere on the internet sometime soon. On Wed, 14 Feb 2001, Simeon Johnston wrote:
We have been getting this in our snort logs for some time now and I am wondering exactly what it is. I searched for it on security focus and they say is that it is part of some ddos packages. It has been going to our firewall and to another machine in our DMZ. These are the only machines that were hit. Is there any danger from this? Is there a way to tell what port it is on? Is this a snort configuration problem? Any known vulnerabilities? I am running RedHat 6.2 on the firewall w/ IPChains. IDS193/ddos-stacheldraht server-spoof: (sender hear) -> (receiver here)
Current thread:
- What is this? Simeon Johnston (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
- Re: What is this? Andreas Östling (Feb 14)
- ddos-stacheldraht server-spoof alerts ( Was: What is this?) Rod Longanilla (Feb 14)
- Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Jacek Lipkowski (Feb 15)
- Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Stephen P. Berry (Feb 16)
- [no subject] Osvaldo J. Filho (Feb 16)
- Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Daniel Keisling (Feb 16)
- Re: What is this? Andreas Östling (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
- Re: What is this? Simeon Johnston (Feb 15)