Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UDP probing [ trojan? ]

From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Tue, 18 Jan 2000 14:21:50 -0500

On Mon, 17 Jan 2000 mabrown () securepipe com wrote:


It concerns me that our client may have a trojaned machine, and would
like to inform him of a solution if there is one.


[a whole lot snipped]

http://www.sans.org/y2k/DDoS.htm is a nice working draft document on
thwarting trojanned UNIX systems. the documents listed on
http://www.sans.org/y2k.htm in fact will be helpful here.

my *guess* given the flurry of packets is a worked up distributed attack
tool; with the source, it's easy to modify the ports in use and get around
vanilla trojan thwarting.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Previous By Date Next
Previous By Thread Next

Current thread: