Re: unidentified DOS "bad traffic"

Hello,

On Thu, Mar 13, 2003 at 03:53:59PM -0600, DY wrote:
>
> Twice in the past week I have experienced a severe DOS condition on my

Looks very close to something I've experienced recently as well. My research has pointed me to the following places:

http://lists.insecure.org/lists/incidents/2002/May/0026.html http://cert.uni-stuttgart.de/archive/incidents/2002/05/msg00026.html

This is about a DoS and warez distribution IRC BOT. It uses IP protocol 255 also.

> "bad traffic," resolves (reverse) to irc-m.icq.aol.com.

Same for me! also 2 other IPs in cable.midspring.com and mdweb1.c.mad.interhost.com (Spain)

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

> 4) There was so much of this traffic that it shut my network down. My
> main router (Cisco) reported no appreciable CPU consumption during the
> attack. It just appears that the sheer volume of the [bad] packets choked
> everybody out.

Ditto.

Hope that helps,
_Alain_

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Fri Mar 14 12:24:16 2003