Re: [UPDATE]Dos Trojan on Solaris

[rmueller () UU NET (Ross Mueller)]

has anyone been able to show proof of a link between milk and the attacks
on ebay/yahoo/cnn/amazon, etc.....

..ross
0x75,0x75,0x6e,0x65,0x74

On Wed, 9 Feb 2000, Roderick Padilla wrote:

> We found milk running as a user level in one attack. We found out later
> another instance but
> running as root!!. There is a very interesting paper from Dave Dittrich,
> University of Washington
>
> http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq
>
> There are lots of rumors out there .. I am listening ...
>
> At 11:10 AM 2/9/00 -0500, Ross Mueller wrote:
> > are you sure it's milk that is the d-dos? i would bet it's a distributed
> > syn flood.... my guess is stream.c..... from the rumors i hear going
> > around...
> >
> > ..ross
> > 0x75,0x75,0x6e,0x65,0x74
> >
> > On Wed, 9 Feb 2000, Roderick Padilla wrote:
> >
> > > Thanks to all for all your responses and information. Today, is in the news
> > > (again). It was Yahoo and then EBay and Cnn.com and others. Same thing.
> > > Looks like there is no stop to this.
> > >
> > > We are very small if we compare the since of those sites, but small sites
> > > are the ones causing the problems. I would like to keep the subject going
> > > but not sure if there are answers. SUN is quiet so far on this (as usual).
> > >
> > > Please let me know if you find the source code of this "milk" or whatever
> > > name appears to be in your system. Thanks!
> > >
> > >
> > > Roderick Padilla                           Office:(404) 651-3832
> > > Systems & Network Administrator       Fax:   (404) 651-3842
> > > http://www.cis.gsu.edu/~rpadilla              Email: rpadilla () gsu edu
> > >
> > > Department of Computer Information Systems
> > > J. Mack Robinson College of Business
> > > Georgia State University
> > > PO Box 4015
> > > Atlanta, Georgia, USA  30302-4015
>
> Roderick Padilla
> rpadilla () gsu edu