Re: IDS: Re: SANS & Ranum on DoS Trojans for Solaris

From: Clarissa Cook (clarissaat_private)
Date: Wed Jan 05 2000 - 13:27:23 PST

Next message: spiff: "Re: [Fwd: SANS Flash Alert For Solaris]"

Previous message: David LeBlanc: "Re: Help, some one's hacked into my home computer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Jan 2000, Marcus J. Ranum wrote:

> Dave's tool works by emulating the master's pinging, to get any
> live agents to answerm - essentially giving themselves away. You
> give it a class B network (with various masking options so you can
> select down to class C or individual machines if you want) and it
> just searches each host for an agent, by emulating a master controller.

Actually, it has been modified to take any CIDR block rather than just
a class B and the min/max host flag:

usage: gag [options] <target>
target is CIDR block to scan in form:
        A.B.C.D/mask
Options:
        [-v] turns on verbosity
        [-D] turns on debugging
        [-s] sleep in ms

Clarissa

Next message: spiff: "Re: [Fwd: SANS Flash Alert For Solaris]"
Previous message: David LeBlanc: "Re: Help, some one's hacked into my home computer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:47 PDT