Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Info on the DoS attacks.

  • From: Joe Shaw
  • Date: Thu Feb 10 00:30:36 2000


On Wed, 9 Feb 2000, Rodney Caston wrote:

> I spoke with a person that claimed to understand the attacks that are
> going on, while I have no proof, I offer this as an example of what to
> look for on your own systems. So I am presenting this only as a possible
> example of what has taken place, and until proven correct I concede this
> is only a "rumor."

Do a search of the Bugtraq archives for trinoo, tribe, etc, or take at
look at Dave Dittrich's page at http://www.washington.edu/People/dad/.  He  
posted detailed breakdowns of the discovered DDoS daemons in December for
the CERT workshop on DDoS's from last year.

Verbose information on these attacks has been available since
November/December of 1999.

> Basically it began by combining many scripts already in use for scanning
> system security holes, the script initially scans a range of IPs scanning
> each target system for various known exploits, once a system is

> One final note, a friend from Verio suggested that in the above scenario
> that this daemon would probaly be using TCP to be communicated with as UDP
> is more difficult for alot of people to code.

Some are using ICMP, and UDP is not that hard to code, especially if the
programs are just combinations of scripts that have already been written.

> Rodney L. Caston
> Southwestern Bell 
> Internet Services

On a totally unrelated note, you guys really should start participating in
the local peering points.  Your connectivity in large metro areas like
Houston, TX would greatly benefit from it.  MAGIE and Compaq/Insync NAP
connections would make a lot of SBC DSL users very happy, since a lot of
their traffic is local content.

--
Joseph W. Shaw - jshaw@insync.net
Computer Security Consultant and Programmer
Free UNIX advocate - "I hack, therefore I am."






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.