Snort mailing list archives
Re: More info on "DDOS - TFN client command LE"
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 16 Sep 2002 20:58:17 +0000
On September 17, 2002 03:41 am, Jeff Taylor wrote:
Can anyone give me more information on this attack, "DDOS - TFN client command LE"? It just showed up in my logs from the ISP's router address.
Tribe Flood Network is a distributed denial of service client. A single alert is likely just a false from a data packet. Lots of alerts are worth some investigation. In either case looking at the offending packet(s) should offer some help. This client isn't so "fashionable" any more as more sophistcated tools exist for the same - so I'd guess a false positive. cheers, --dr -- dr () kyx net pgp: http://dragos.com/kyxpgp Advance CanSecWest/03 registration available: http://cansecwest.com "The question of whether computers can think is like the question of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002 ------------------------------------------------------- Sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More info on "DDOS - TFN client command LE" Jeff Taylor (Sep 16)
- Re: More info on "DDOS - TFN client command LE" Dragos Ruiu (Sep 16)
- <Possible follow-ups>
- RE: More info on "DDOS - TFN client command LE" Semerjian, Ohanes (Sep 16)