Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] DOS Attack
From: James Kelly <james.kelly () tcs wap org>
Date: Tue, 10 Oct 2000 12:51:04 -0400
this port is for version 1 of back oriface

jim k

"Craig T. Hancock" wrote:


Hello all I am doing some reasearch for a friend for a DOS attack on an IRIX 6.5 the attack from what I was told can 
be ported to
an unix machine. So I am trying here this is the info that I have on the attack. It is called Hack a Tick.

Hello all a machine that I administer has been involved in a DOS attack on my subnet. THe networking monitor group as 
told me that
a person was connecting to my machine via prt 31789 which is a udp port that cause a huge amount of overhead on the 
network.
The thing I don't understand is how is this attacked is cause also I don't understand how the person could have 
gotten in.
I didn't see any relevant info from the logs, but then again those could have been doctored.
Port    State       Protocol  Service
22      open        tcp        ssh
111     open        tcp        sunrpc
515     open        tcp        printer
620     open        tcp        unknown
800     open        tcp        mdbs_daemon
801     open        tcp        device
1024    open        tcp        unknown
1025    open        tcp        listen
1026    open        tcp        nterm
1030    open        tcp        iad1
1455    open        tcp        esl-lm
2049    open        tcp        nfs
4321    open        tcp        rwhois
6000    open        tcp        X11

I would like to know exactly how is this attack done, I mean I haven't been able to find out any specifics and how
is this prevented. I have checked the logs but I haven't been able to find out if the person ever got in. It looks
like no one was logged in at the time, but then again the logs could have been doctored. Here is a reference to the 
attack
this is the only info that I have been able to find.

--
_______________________________________________________________________
If life is a dream then I am real I exist in smoke and shadow I see all
and know nothing beware my mist I am kindred feel thy wraith if tho is
wronged.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]