Bugtraq mailing list archives

SHADOW group research indicates distributed probes and attacks

From: patrick () pine nl (Patrick Oonk)
Date: Mon, 28 Sep 1998 19:06:22 +0200


http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt

Executive Summary:
This document details attacks and probes that have been recently
observed in which multiple attackers are clearly working together toward
a common goal from different IP addresses. Often these IP addresses are
also physically separated, in different countries or even different
continents.

Current thread:

Re: 1+2=3, +++ATH0=Old school DoS, (continued)
- Re: 1+2=3, +++ATH0=Old school DoS Brett Glass (Sep 27)
  - Re: 1+2=3, +++ATH0=Old school DoS kill9 (Sep 28)
    - Re: 1+2=3, +++ATH0=Old school DoS Kevin Day (Sep 28)
    - Re: 1+2=3, +++ATH0=Old school DoS Ross Wheeler (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS *unknown* (Sep 28)
  - Re: 1+2=3, +++ATH0=Old school DoS Jason (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Tudor Bosman (Sep 28)
- Re: 1+2=3, +++ATH0=Old school DoS Daniel Hauck (Sep 27)
- Re: 1+2=3, +++ATH0=Old school DoS Pete Gonzalez (Sep 27)
  - Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
    - SHADOW group research indicates distributed probes and attacks Patrick Oonk (Sep 28)
    - Re: 1+2=3, +++ATH0=Old school DoS Adrian Gonzalez (Sep 28)
    - Modem ATH0 thread route () RESENTMENT INFONEXUS COM (Sep 28)
    - IRIX 6.2 passwordless accounts exploit? Dan Stromberg (Sep 28)
    - Re: IRIX 6.2 passwordless accounts exploit? D.A. Harris (Sep 28)
    - Re: IRIX 6.2 passwordless accounts exploit? Eugene Bradley (Sep 28)
    - Re: Solaris non-root login (was: IRIX 6.2 pass...) Richard Yates SPG (Sep 29)
    - mountd- more info (sorry) John Caldwell (Sep 28)
    - Bay Accelar 1000 series Steven Hearon (Sep 28)
    - Re: mountd- more info (sorry) RHS Linux User (Sep 29)
    - rpc.mountd vulnerabilities tiago (Sep 29)

(Thread continues...)