Firewall Wizards mailing list archives
Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris
From: Clarissa Cook <clarissa () UU NET>
Date: Wed, 5 Jan 2000 16:27:23 -0500 (EST)
On Wed, 5 Jan 2000, Marcus J. Ranum wrote:
Dave's tool works by emulating the master's pinging, to get any live agents to answerm - essentially giving themselves away. You give it a class B network (with various masking options so you can select down to class C or individual machines if you want) and it just searches each host for an agent, by emulating a master controller.
Actually, it has been modified to take any CIDR block rather than just a class B and the min/max host flag: usage: gag [options] <target> target is CIDR block to scan in form: A.B.C.D/mask Options: [-v] turns on verbosity [-D] turns on debugging [-s] sleep in ms Clarissa
Current thread:
- SANS & Ranum on DoS Trojans for Solaris Vin McLellan (Jan 05)
- Re: SANS & Ranum on DoS Trojans for Solaris Marcus J. Ranum (Jan 05)
- Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris Clarissa Cook (Jan 06)
- Re: SANS & Ranum on DoS Trojans for Solaris Marcus J. Ranum (Jan 05)