[Dshield] DDoS

Johannes B. Ullrich jullrich at euclidian.com
Mon Aug 13 21:30:34 GMT 2001


While pings can be used for DOS attacks, there are also some harmless
explantations for 1500 Byte pings. For example, see:

http://www.incidents.org/diary/july2001.php#255


On Mon, 13 Aug 2001, Quibell, Marc wrote:

> A person has a server that looks like it's been compromised. It is sending
> out 1500 byte pings to a few specific machines, two of which are:
> maxmouse.sparkhost.com and adsl-61-141-111.mia.bellsouth.net. The machine is
> NT 4.0, and masks it's source address. I tracked it down by MAC address.
> Before I go looking on the internet, what is this? Somebody use a trojan
> horse and have complete access to use this host as a zombie for a concerted
> attack? What are filez I should be looking for? Thanks...
>
> Q
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
>

-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System





More information about the list mailing list