Security Incidents mailing list archives

What is this?

From: Simeon Johnston <simeonuj () eetc com>
Date: Wed, 14 Feb 2001 10:40:18 -0600

We have been getting this in our snort logs for some time now and I am
wondering exactly what it is.  I searched for it on security focus and
they say is that it is part of some ddos packages.  It has been going to
our firewall and to another machine in our DMZ.  These are the only
machines that were hit.  Is there any danger from this?  Is there a way
to tell what port it is on?  Is this a snort configuration problem?  Any
known vulnerabilities?
I am running RedHat 6.2 on the firewall w/ IPChains.

IDS193/ddos-stacheldraht server-spoof: (sender hear) -> (receiver here)

Current thread:

What is this? Simeon Johnston (Feb 14)
- Re: What is this? Max Gribov (Feb 14)
  - Re: What is this? Andreas Östling (Feb 14)
    - ddos-stacheldraht server-spoof alerts ( Was: What is this?) Rod Longanilla (Feb 14)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Jacek Lipkowski (Feb 15)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Stephen P. Berry (Feb 16)
    - [no subject] Osvaldo J. Filho (Feb 16)
    - Re: ddos-stacheldraht server-spoof alerts ( Was: What is this?) Daniel Keisling (Feb 16)
- Re: What is this? Geoff the UNIX guy (Feb 14)
- Re: What is this? Jason Potopa (Feb 15)
  - Re: What is this? Simeon Johnston (Feb 15)