[Snort-users] Urgent!! ddos-stacheldraht server-spoof

Phil Wood cpw at ...440...
Sat Mar 31 01:03:25 EST 2001


I think it's napster shit.

On Sat, Mar 31, 2001 at 08:29:25AM +0530, Siddhartha Jain wrote:
> Hi,
> 
> I got 302 "ddos-stacheldraht server-spoof" alerts from 235 unique IPs to 4
> destination IPs in 3 days. Is every alert one packet containing the attack
> signature? Does this look like the beginning of a real ddos? This is typical
> packet triggering the alert :-
> 
> [**] IDS193/ddos-stacheldraht server-spoof [**]
> 03/30-21:10:18.123939 0:3:31:BA:A8:A8 -> 0:A0:C9:FC:2D:7C type:0x800
> len:0x3C
> ss.ss.ss.ss -> dd.dd.dd.dd ICMP TTL:238 TOS:0x0 ID:16641 IpLen:20 DgmLen:32
> DF
> Type:8  Code:0  ID:666   Seq:1  ECHO
> ????
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> ----------snip --------------------
> 
> 
> Siddhartha
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list