|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: DoS "Probing" on one of our hosts
From: Christopher Kunz (chrislist
de-punkt.de)
Date: Wed Jul 02 2003 - 02:10:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello again,
the plot thickens. Indeed, we now assume that the attacks we encountered
during the weekend were tests for something bigger, because we have been
tested again. This time, however, the 97 mBit spike was outgoing, not
incoming.
We backtraced the traffic to two of our game server machines and saw
that they were the only hosts on the network segment with Unreal
Tournament (UT) servers. That rang a bell. I did a quick search through
my Bugtraq folder and found this:
http://www.pivx.com/luigi/adv/ueng-adv.txt
Generally, this says whoever hosts Unreal servers is f-ed. Now the
bigger picture shows up - it seems that there are now several exploits
for the specific bounce and DoS attacks for UT and UT2003, the successor
to Unreal Tournament and kiddies are starting to use it.
I sure hope that this is not the start of a large-scale attack against
our and our uplink's network, since it seems almost impossible to
backtrack the source to a UDP bounce attack. Anyone got a clue if that
is possible using the uplink provider's backbone traffic management system?
--ck
--
php development | hosting | housing | professional game server hosting
http://www.de-punkt.de [ chrisde-punkt.de ] http://www.stormix.de
+49 511 1237504 | +49 511 1237505 | laportestr. 2a, 30449 hannover.de
Filoo auf dem Linuxtag 2003 (F15) - http://www.de-punkt.de/lt2003.php
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]