Sample box (more info)

[lucifer () lightbearer com]

To update folks who have asked (too many to reply to directly, with any
ease; my apologies if anyone is annoyed by this method):

The box has not *yet* been scorched, it turns out; I've asked them to
keep it until the research can be finished. Given the past record, and
the fact that this server is somewhat important, I seriously doubt that
they're going to be willing to just hand it over to the Feds - any more
than any of you want to hand over your laptops.

Errata: the machine was not actually on a 2xT1, as it had been moved
since I was last aware of it's location; it was, during the attack,
behind a 512k ADSL line, I have been told.

I have a copy of what has been dug out of the box so far, which is the
actual packet-generating tool, a binary called "imp"; for those about to
ask me for the code, don't bother - because it's fairly generic, and I
*think* it has been circulating for a good while; either way, it's nothing
to write home about. All it's doing is sending a flood of SYN, ACK, FIN,
or RST packets (which, I'm still trying to determine, although it appears
likely to have been SYN; we're trying to dig out the actual trigger code,
still).

A reminder: this is not *proven* to have partcipated in the attacks that
have been going on, per se, since we don't have enough information to know
just what the attacks look like.
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer () lightbearer com              http://www.lightbearer.com/~lucifer
             KF6WAY (Tech) - 146.475 MHz (FM/Phone)