Re: [UPDATE]Dos Trojan on Solaris

[k_liner () HOTMAIL COM (spookah .)]

Milk is a non-spoofing ping flooder, which makes it extremly unlikly its
being used to dos the websites.  If non spoofed packets were hitting them,
im sure the boxes dosing would have been taken down already.

spookah
Network Technician
Linux Administrator

> From: Ross Mueller <rmueller () UU NET>
> Reply-To: Ross Mueller <rmueller () UU NET>
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Re: [UPDATE]Dos Trojan on Solaris
> Date: Wed, 9 Feb 2000 11:41:37 -0500
>
> has anyone been able to show proof of a link between milk and the attacks
> on ebay/yahoo/cnn/amazon, etc.....
>
> ..ross
> 0x75,0x75,0x6e,0x65,0x74
>
> On Wed, 9 Feb 2000, Roderick Padilla wrote:
>
> > We found milk running as a user level in one attack. We found out later
> > another instance but
> > running as root!!. There is a very interesting paper from Dave Dittrich,
> > University of Washington
> >
> > http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq
> >
> > There are lots of rumors out there .. I am listening ...
> >
> > At 11:10 AM 2/9/00 -0500, Ross Mueller wrote:
> > > are you sure it's milk that is the d-dos? i would bet it's a
> distributed
> > > syn flood.... my guess is stream.c..... from the rumors i hear going
> > > around...
> > >
> > > ..ross
> > > 0x75,0x75,0x6e,0x65,0x74
> > >
> > > On Wed, 9 Feb 2000, Roderick Padilla wrote:
> > >
> > > > Thanks to all for all your responses and information. Today, is in
> the news
> > > > (again). It was Yahoo and then EBay and Cnn.com and others. Same
> thing.
> > > > Looks like there is no stop to this.
> > > >
> > > > We are very small if we compare the since of those sites, but small
> sites
> > > > are the ones causing the problems. I would like to keep the subject
> going
> > > > but not sure if there are answers. SUN is quiet so far on this (as
> usual).
> > > > Please let me know if you find the source code of this "milk" or
> whatever
> > > > name appears to be in your system. Thanks!
> > > >
> > > >
> > > > Roderick Padilla                           Office:(404) 651-3832
> > > > Systems & Network Administrator       Fax:   (404) 651-3842
> > > > http://www.cis.gsu.edu/~rpadilla              Email:
> rpadilla () gsu edu
> > > > Department of Computer Information Systems
> > > > J. Mack Robinson College of Business
> > > > Georgia State University
> > > > PO Box 4015
> > > > Atlanta, Georgia, USA  30302-4015
> >
> > Roderick Padilla
> > rpadilla () gsu edu

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com