Security Incidents mailing list archives
Re: ** New DDoS / Trojan **
From: nine () 14X NET (nine)
Date: Mon, 12 Jun 2000 11:33:18 -0400
This also runs on FreeBSD [other *BSDs I would suppose], jusdt about every Linux distro, and anything else with ELF support. When it contacts 208.139.192.34 [ns.netinfo.com] it is connecting itself as a leaf to the main ddos hub which is the ip stated above. I will be making the usual rounds to attemp to catch the one who is responsible for the creation and distribution of this. The person who originally sent it to me will soon [accidentally] give me more information about it, and I will report my findings back to the forum. Erik Tayler 14x Network Security http://www.14x.net On Mon, 12 Jun 2000, David Endler wrote:
This one seems to run on UNIX (specifically redhat linux I've tried), forks in the background as in.inetd, attaches to port 3001 and listens for incoming connections, then tries to contact via tcp 208.139.192.34 (ns.netinfo.com) on port 23911 with the new victim's information. -dave David Endler Senior Security Engineer iDEFENSE Risk Management Services 6100 Lincolnia Road Alexandria, VA 22312 voice: 703.914.4102 fax: 703.914.7100 dendler () idefense com www.idefense.com -----Original Message----- From: nine [mailto:nine () 14X NET] Sent: Saturday, June 10, 2000 2:12 PM To: INCIDENTS () SECURITYFOCUS COM Subject: ** New DDoS / Trojan ** Security professionals, I recently talked to someone who was bragging that this is on [so-far] thousands of computers world-wide. He says this is a leaf that connects to a hub, similar to past ddos tools. This is new, and all or most of you have never seen this before. Partners of 14x Network Security have been looking this over, and tracking down the person responsible for the attacks. We already know one person that is distributing it widely, and are hoping to track it to the source. I am releasing the binary to you all to look at, it would be interesting to hear what you all think about it. Erik Tayler 14x Network Security http://www.14x.net
Current thread:
- Re: ** New DDoS / Trojan ** David Endler (Jun 12)
- Re: ** New DDoS / Trojan ** nine (Jun 12)