Security Incidents mailing list archives
Re: ** New DDoS / Trojan **
From: DEndler () IDEFENSE COM (David Endler)
Date: Mon, 12 Jun 2000 10:18:03 -0400
This one seems to run on UNIX (specifically redhat linux I've tried), forks in the background as in.inetd, attaches to port 3001 and listens for incoming connections, then tries to contact via tcp 208.139.192.34 (ns.netinfo.com) on port 23911 with the new victim's information. -dave David Endler Senior Security Engineer iDEFENSE Risk Management Services 6100 Lincolnia Road Alexandria, VA 22312 voice: 703.914.4102 fax: 703.914.7100 dendler () idefense com www.idefense.com -----Original Message----- From: nine [mailto:nine () 14X NET] Sent: Saturday, June 10, 2000 2:12 PM To: INCIDENTS () SECURITYFOCUS COM Subject: ** New DDoS / Trojan ** Security professionals, I recently talked to someone who was bragging that this is on [so-far] thousands of computers world-wide. He says this is a leaf that connects to a hub, similar to past ddos tools. This is new, and all or most of you have never seen this before. Partners of 14x Network Security have been looking this over, and tracking down the person responsible for the attacks. We already know one person that is distributing it widely, and are hoping to track it to the source. I am releasing the binary to you all to look at, it would be interesting to hear what you all think about it. Erik Tayler 14x Network Security http://www.14x.net
Current thread:
- Re: ** New DDoS / Trojan ** David Endler (Jun 12)
- Re: ** New DDoS / Trojan ** nine (Jun 12)