Attacking every host in the path?

From: Mike Lewinski (mikeat_private)
Date: Tue Jan 08 2002 - 18:45:02 PST

  • Next message: leon: "RE: how often do 0-days REALLY happen?"

    Are there any known tools for generating attacks against every host in a
    given path?
    
    We have a client who has been attacked directly by IP address several times.
    Working with our peers we have null routed the target when the attacks were
    too large or had too many forged source addresses to otherwise defend.
    
    Today the attackers began targeting our infrastructure, and it was noticed
    when the border router reported "remote RSHELL attempts" against it to
    syslog. I suspect that this was due to random destination ports in the
    attack. Most of the source hosts were obviously bogus, but we haven't ruled
    out the attack as cover for intrusion attempts. But there were clearly
    packet floods against upstream routers several hops from the destination,
    and our peer noticed activity that appeared to be aimed at them as well.
    
    I'm aware that this could be a slightly clever individual who understands
    traceroute, but wonder if we're not seeing some new script kiddie tool.
    
    Mike
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 21:47:46 PST