Snort mailing list archives

Re: More info on "DDOS - TFN client command LE"

From: Dragos Ruiu <dr () kyx net>
Date: Mon, 16 Sep 2002 20:58:17 +0000

On September 17, 2002 03:41 am, Jeff Taylor wrote:

Can anyone give me more information on this attack, "DDOS - TFN client
command LE"?  It just showed up in my logs from the ISP's router
address.


Tribe Flood Network is a distributed denial of service client.

A single alert is likely just a false from a data packet. 
Lots of alerts are worth some investigation.  In either case
looking at the offending packet(s) should offer some help.

This client isn't so "fashionable" any more as more sophistcated
tools exist for the same - so I'd guess a false positive.

cheers,
--dr

-- 
dr () kyx net   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002



-------------------------------------------------------
Sponsored by: AMD - Your access to the experts on Hammer Technology!
Open Source & Linux Developers, register now for the AMD Developer
Symposium. Code: EX8664 http://www.developwithamd.com/developerlab
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

More info on "DDOS - TFN client command LE" Jeff Taylor (Sep 16)
- Re: More info on "DDOS - TFN client command LE" Dragos Ruiu (Sep 16)
- <Possible follow-ups>
- RE: More info on "DDOS - TFN client command LE" Semerjian, Ohanes (Sep 16)