Security Incidents mailing list archives
Re: IGMP DOS Attack
From: Dave Dittrich <dittrich () cac washington edu>
Date: Thu, 11 Apr 2002 23:57:00 -0700 (PDT)
On Thu, 11 Apr 2002 D.Stout () EU HNS COM wrote:
When I returned in the morning I found 450,000 alerts from snort detailing a IGMP DoS attack from 6 different source hosts. I cannot find any information about this DoS attack (DDoS if you consider 6 hosts at same time). . . . Does anybody know what causes this ?
I know of at least one mIRC based DDoS bot that used (or at least tried to use) IGMP for flooding: http://staff.washington.edu/dittrich/misc/power.analysis.txt -- Dave Dittrich Computing & Communications dittrich () cac washington edu University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- IGMP DOS Attack D . Stout (Apr 11)
- Re: IGMP DOS Attack Kurt Seifried (Apr 11)
- Re: IGMP DOS Attack Dave Dittrich (Apr 12)
- <Possible follow-ups>
- Re: IGMP DOS Attack Justin Shore (Apr 11)
- RE: IGMP DOS Attack Headley, Kevin (Apr 11)
- Re: IGMP DOS Attack Valdis . Kletnieks (Apr 11)
- Re: IGMP DOS Attack John Kristoff (Apr 11)
- Re: IGMP DOS Attack Christopher L. Morrow (Apr 12)
- Re: IGMP DOS Attack Valdis . Kletnieks (Apr 11)
- RE: IGMP DOS Attack Cushing, David (Apr 11)