Thierry,
><Enter Conspiracy Theory here ;)>
>
> >I read that to mean that the intermediary was seeing reflected SYN
> >{ACK|RST} packets directed at *different* targets over time (most
> >attacks only last a few minutes at a time). In Steve's case, the
> >attackers directed the attack only at grc.com for an extended period
> >of time. Two different attackers, with two different MOs.
>
>Ack, the question would then have to be, why choose dialups as
>target, and if, why only a short period of time ("short" being relative
>to some)
This is at least consistent with the "script kiddie" mentality we've seen
with the "Bot armies" which, as Dave suggested, are often used to blast
each other off the Net in "king of the mountain" style attempts to obtain
IRC channel ownership, or to "punish" IRC hosts for imagined transgressions.
______________________________________________________________________
Steve.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 12:51:44 PST