On Thu, 11 Apr 2002 D.Stoutat_private wrote: > When I returned in the morning I found 450,000 alerts from snort detailing > a IGMP DoS attack from 6 different source hosts. I cannot find any > information about this DoS attack (DDoS if you consider 6 hosts at same > time). > . . . > Does anybody know what causes this ? I know of at least one mIRC based DDoS bot that used (or at least tried to use) IGMP for flooding: http://staff.washington.edu/dittrich/misc/power.analysis.txt -- Dave Dittrich Computing & Communications dittrichat_private University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 08:41:16 PDT