Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible DDos Network Creation with ssh crc exploit

From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 13 Nov 2001 22:32:02 -0700 (MST)
On Wed, 14 Nov 2001, Nick FitzGerald wrote:


Or this?

   http://www.securityfocus.com/archive/75/177265

Searching Google for "carko ddos" got quite a few hits...


More to the point:
http://www.securityfocus.com/archive/75/177587

To summarize, "Carko" was a very slightly customized version of
"Stacheldraht v1.666 + antigl + yps Distributed Denial of Service Tool",
as found in the Packetstorm archives, among other places.  In another
instance, a file named carko was something entirely different.  In neither
case was there a self-spreading vector.  In other words, there was at
least one attacker out there who broke into systems by hand, and liked to
name files "carko".  At the time, the attacker seemed to be gaining access
primarily through an unreleased exploit for the snmpXdmid hole.  After
some checking, it was discovered that there were at least 5 different
snmpXdmid exploits in existance.

I believe Sun finally patched the hole last month.

                                        Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: