[Dshield] DDoS

Quibell, Marc Marc.Quibell at icn.state.ia.us
Mon Aug 13 17:19:13 GMT 2001


A person has a server that looks like it's been compromised. It is sending
out 1500 byte pings to a few specific machines, two of which are:
maxmouse.sparkhost.com and adsl-61-141-111.mia.bellsouth.net. The machine is
NT 4.0, and masks it's source address. I tracked it down by MAC address.
Before I go looking on the internet, what is this? Somebody use a trojan
horse and have complete access to use this host as a zombie for a concerted
attack? What are filez I should be looking for? Thanks...

Q




More information about the list mailing list