[Snort-users] DDoS signature ?

Polar Bear polus2000 at ...131...
Fri Aug 25 13:13:57 EDT 2000


Hello everyone,

Does anybody run into a tool which generates following
signature:

UDP TTL:51 TOS:0x0 ID:36211 
Len: 41
 /.zx/.:DOS:fin:10.10.1.20:1

I guess it's a DDoS tool. It sends comand to an agent
to flood the target (10.10.1.20) 

other signatures:

UDP TTL:51 TOS:0x0 ID:43689 
Len: 19
2F 2E 7A 78 2F 2E 3A 73 74 6F 70 00 00 00 00 00 
/.zx/.:stop.....
00 00                                            ..

-------
UDP TTL:51 TOS:0x0 ID:41119 
Len: 19
2F 2E 7A 78 2F 2E 3A 50 49 4E 47 00 00 00 00 00 
/.zx/.:PING.....
00 00

What can it be?
Thanks.
PB

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/



More information about the Snort-users mailing list