Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DDOS:SHAFT:AGENT-TO-HANDLER

Severity

 Medium

Recommended

 No

Category

 DDOS

Keywords

 Shaft Agent to Handler

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DDOS: Shaft Agent to Handler


This signature detects the command string "alive" in a UDP packet from port 18753. This can indicate that a Shaft handler is soliciting a response from a Shaft agent. Attackers can use Shaft, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.

Extended Description

An attacker could control the handler servers and agent hosts to execute Distributed Denial of Service attacks.

References

  • CVE: CVE-2000-0138
  • URL: http://xforce.iss.net/xforce/alerts/id/advise48
  • URL: http://marc.info/?l=bugtraq&m=95715370208598&w=2

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out