Security Incidents mailing list archives

Re: What is this?

From: Max Gribov <max () DATATWIRL YI ORG>
Date: Wed, 14 Feb 2001 16:37:08 -0500

stacheldraht is a distributed denial of service attack tool, similar to
trin00 or tfn.

http://archives.neohapsis.com/archives/bugtraq/1999-q4/0521.html

above, is a piece of bugtraq archive with stacheldraht analysis. if your
network is infected, it means all infected machines on your network will
be happily flooding some innocent server somewhere on the internet
sometime soon.

 On Wed, 14 Feb 2001,
Simeon Johnston wrote:

We have been getting this in our snort logs for some time now and I am
wondering exactly what it is.  I searched for it on security focus and
they say is that it is part of some ddos packages.  It has been going to
our firewall and to another machine in our DMZ.  These are the only
machines that were hit.  Is there any danger from this?  Is there a way
to tell what port it is on?  Is this a snort configuration problem?  Any
known vulnerabilities?
I am running RedHat 6.2 on the firewall w/ IPChains.

IDS193/ddos-stacheldraht server-spoof: (sender hear) -> (receiver here)

Current thread:

What is this? Simeon Johnston (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
  - Re: What is this? Andreas Östling (Feb 14)
    - ddos-stacheldraht server-spoof alerts ( Was: What is this?) Rod Longanilla (Feb 14)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Jacek Lipkowski (Feb 15)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Stephen P. Berry (Feb 16)
    - [no subject] Osvaldo J. Filho (Feb 16)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Daniel Keisling (Feb 16)
- Re: What is this? Geoff the UNIX guy (Feb 14)
- Re: What is this? Jason Potopa (Feb 15)
  - Re: What is this? Simeon Johnston (Feb 15)