Re: Cark & snmpXdmid

From: Shoten (shotenat_private)
Date: Wed Apr 18 2001 - 08:40:08 PDT

Next message: Martin Markgraf: "Re: Madereet exploit"

Previous message: Curley Mr Eric P: "non-routable Scan?"
In reply to: Alfred Huger: "Cark & snmpXdmid"
Next in thread: Alfred Huger: "Re: Cark & snmpXdmid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One thing I am desperately curious about...the four IP addresses listed in
the anonymously-provided information.  I'm wondering if it's the same four
or if someone has a distributed network in place for the purpose of building
other distributed networks.  Also, how closely-tied are the four events in
terms of time...

> As was noted earlier the Cark DDoS agent is spreading via snmpXdmid:
>
> Solaris snmpXdmid Buffer Overflow Vulnerability
> http://www.securityfocus.com/bid/2417
>
> So obviously, there is an exploit in the wild for the this and it's
> getting a fair bit of play - does anyone have a packet capture if this in
> action or perhaps an actual exploit?

Next message: Martin Markgraf: "Re: Madereet exploit"
Previous message: Curley Mr Eric P: "non-routable Scan?"
In reply to: Alfred Huger: "Cark & snmpXdmid"
Next in thread: Alfred Huger: "Re: Cark & snmpXdmid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 09:18:13 PDT