Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DDOS:SHAFT:AGENT-TO-HANDLER-PKT

Severity

 Medium

Recommended

 No

Category

 DDOS

Keywords

 Shaft Agent to Handler Packet

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DDOS: Shaft Agent to Handler Packet


This signature detects the command string "alive" in a UDP packet from port 20433. This can indicate that a Shaft agent is attempting to reply to a Shaft handler. Attackers can use Shaft, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.

Extended Description

An attacker could control the handler servers and agent hosts to execute Distributed Denial of Service attacks.

References

  • CVE: CVE-2000-0138
  • URL: http://www.adelphi.edu/~spock/shaft_analysis.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out