|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ryan Russell (ryan
securityfocus.com)Date: Tue Nov 13 2001 - 23:32:02 CST
On Wed, 14 Nov 2001, Nick FitzGerald wrote:
> Or this?
>
> http://www.securityfocus.com/archive/75/177265
>
> Searching Google for "carko ddos" got quite a few hits...
More to the point:
http://www.securityfocus.com/archive/75/177587
To summarize, "Carko" was a very slightly customized version of
"Stacheldraht v1.666 + antigl + yps Distributed Denial of Service Tool",
as found in the Packetstorm archives, among other places. In another
instance, a file named carko was something entirely different. In neither
case was there a self-spreading vector. In other words, there was at
least one attacker out there who broke into systems by hand, and liked to
name files "carko". At the time, the attacker seemed to be gaining access
primarily through an unreleased exploit for the snmpXdmid hole. After
some checking, it was discovered that there were at least 5 different
snmpXdmid exploits in existance.
I believe Sun finally patched the hole last month.
Ryan
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]