Security Incidents mailing list archives
Re: UDP probing [ trojan? ]
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Tue, 18 Jan 2000 14:21:50 -0500
On Mon, 17 Jan 2000 mabrown () securepipe com wrote:
It concerns me that our client may have a trojaned machine, and would like to inform him of a solution if there is one.
[a whole lot snipped] http://www.sans.org/y2k/DDoS.htm is a nice working draft document on thwarting trojanned UNIX systems. the documents listed on http://www.sans.org/y2k.htm in fact will be helpful here. my *guess* given the flurry of packets is a worked up distributed attack tool; with the source, it's easy to modify the ports in use and get around vanilla trojan thwarting. jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Re: IRC-bots: what are they for ?, (continued)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Probe from UK Provider ? Jason Witty (Jan 20)
- Solaris BSM Audit Logs Wozz (Jan 17)
- Re: Strange behaviour John Turner (Jan 17)
- SMTP bombing Kaupo Palo (Jan 18)
- Log tools? Chad Day (Jan 17)
- Re: Log tools? James Phillips (Jan 17)