Security Incidents mailing list archives
Re: [UPDATE]Dos Trojan on Solaris
From: k_liner () HOTMAIL COM (spookah .)
Date: Fri, 11 Feb 2000 08:57:20 PST
Milk is a non-spoofing ping flooder, which makes it extremly unlikly its being used to dos the websites. If non spoofed packets were hitting them, im sure the boxes dosing would have been taken down already. spookah Network Technician Linux Administrator
From: Ross Mueller <rmueller () UU NET> Reply-To: Ross Mueller <rmueller () UU NET> To: INCIDENTS () SECURITYFOCUS COM Subject: Re: [UPDATE]Dos Trojan on Solaris Date: Wed, 9 Feb 2000 11:41:37 -0500 has anyone been able to show proof of a link between milk and the attacks on ebay/yahoo/cnn/amazon, etc..... ..ross 0x75,0x75,0x6e,0x65,0x74 On Wed, 9 Feb 2000, Roderick Padilla wrote:We found milk running as a user level in one attack. We found out later another instance but running as root!!. There is a very interesting paper from Dave Dittrich, University of Washington http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq There are lots of rumors out there .. I am listening ... At 11:10 AM 2/9/00 -0500, Ross Mueller wrote:are you sure it's milk that is the d-dos? i would bet it's adistributedsyn flood.... my guess is stream.c..... from the rumors i hear going around... ..ross 0x75,0x75,0x6e,0x65,0x74 On Wed, 9 Feb 2000, Roderick Padilla wrote:Thanks to all for all your responses and information. Today, is inthe news(again). It was Yahoo and then EBay and Cnn.com and others. Samething.Looks like there is no stop to this. We are very small if we compare the since of those sites, but smallsitesare the ones causing the problems. I would like to keep the subjectgoingbut not sure if there are answers. SUN is quiet so far on this (asusual).Please let me know if you find the source code of this "milk" orwhatevername appears to be in your system. Thanks! Roderick Padilla Office:(404) 651-3832 Systems & Network Administrator Fax: (404) 651-3842 http://www.cis.gsu.edu/~rpadilla Email:rpadilla () gsu eduDepartment of Computer Information Systems J. Mack Robinson College of Business Georgia State University PO Box 4015 Atlanta, Georgia, USA 30302-4015Roderick Padilla rpadilla () gsu edu
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
- Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
- <Possible follow-ups>
- Re: [UPDATE]Dos Trojan on Solaris spookah . (Feb 11)