Security Incidents mailing list archives
Re: slapper changed to udp 1812?
From: Burak DAYIOGLU <dayioglu () metu edu tr>
Date: 03 Oct 2002 10:28:32 +0300
Hi, I have one customer site running this cinik UDP flooding code. Although we have stopped cinik and secured the machine, peers of this DDoS agent still try to send packets to UDP/1812 which fills up all the available Internet bandwidth (Even after some two hours peers are still trying to communicate). We have contacted the ISP and stopped all incoming and outgoing UDP/1812 traffic which solved the trouble. I have quickly scanned the source and was unable to locate the connection timeout parameter; anyone have any idea? thanks, -bd On Wed, 2002-10-02 at 05:42, 石翔任 wrote:
.cinik.c with VERSION 27092002
-- Burak DAYIOGLU Phone: +90 312 2103379 Fax: +90 312 2103333 http://www.dayioglu.net ICQ UIN: 72276975 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- slapper changed to udp 1812? fingers (Oct 01)
- Re: slapper changed to udp 1812? Marcelo Bartsch (Oct 01)
- Re: slapper changed to udp 1812? 石翔任 (Oct 01)
- Re: slapper changed to udp 1812? Burak DAYIOGLU (Oct 03)
- Re: slapper changed to udp 1812? 石翔任 (Oct 01)
- Re: slapper changed to udp 1812? Marcelo Bartsch (Oct 01)