Re: IGMP DOS Attack

From: Dave Dittrich (dittrichat_private)
Date: Thu Apr 11 2002 - 23:57:00 PDT

  • Next message: Jonathon.Kalaugher@sbg-ap.com: "FW: Footprints of ASP ISAPI filter buffer overflows"

    On Thu, 11 Apr 2002 D.Stoutat_private wrote:
    
    > When I returned in the morning I found 450,000 alerts from snort detailing
    > a IGMP DoS attack from 6 different source hosts. I cannot find any
    > information about this DoS attack (DDoS if you consider 6 hosts at same
    > time).
    >  . . .
    >   Does anybody know what causes this ?
    
    I know of at least one mIRC based DDoS bot that used (or at least
    tried to use) IGMP for flooding:
    
    	http://staff.washington.edu/dittrich/misc/power.analysis.txt
    
    --
    Dave Dittrich                           Computing & Communications
    dittrichat_private             University Computing Services
    http://staff.washington.edu/dittrich    University of Washington
    
    PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
    Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 08:41:16 PDT