Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris

Subject: Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris
From: Clarissa Cook (clarissaUU.NET)
Date: Wed Jan 05 2000 - 15:27:23 CST

• Next message: Predrag Zivic: "Fwd: RE: PIX sux? (know Stateful vs Application)"
• Previous message: Randy Witlicki: "FIXED - Re: Firewalls, PC static routes, gateways"
• In reply to: Marcus J. Ranum: "Re: SANS & Ranum on DoS Trojans for Solaris"
• Reply: Clarissa Cook: "Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Jan 2000, Marcus J. Ranum wrote:

> Dave's tool works by emulating the master's pinging, to get any
> live agents to answerm - essentially giving themselves away. You
> give it a class B network (with various masking options so you can
> select down to class C or individual machines if you want) and it
> just searches each host for an agent, by emulating a master controller.

Actually, it has been modified to take any CIDR block rather than just
a class B and the min/max host flag:

usage: gag [options] <target>
target is CIDR block to scan in form:
        A.B.C.D/mask
Options:
        [-v] turns on verbosity
        [-D] turns on debugging
        [-s] sleep in ms

Clarissa

• Next message: Predrag Zivic: "Fwd: RE: PIX sux? (know Stateful vs Application)"
• Previous message: Randy Witlicki: "FIXED - Re: Firewalls, PC static routes, gateways"
• In reply to: Marcus J. Ranum: "Re: SANS & Ranum on DoS Trojans for Solaris"
• Reply: Clarissa Cook: "Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Jan 06 2000 - 12:41:35 CST