Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DDOS:SHAFT:HANDLER-TO-AGENT

Severity

 Medium

Recommended

 No

Category

 DDOS

Keywords

 Shaft Handler to Agent

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DDOS: Shaft Handler to Agent


This signature detects the command string "alive tijgu" in a UDP packet from port 18753. This can indicate that a Shaft handler is attempting to communicate with a Shaft agent using the password "tijgu." When the Shaft agent starts, it reports to its default Shaft handler by sending a "new <upshifted password>" command; the default password "shift" upshifts to "tijgu." All subsequent messages carry the password. Attackers can use Shaft, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.

Extended Description

An attacker could control the handler servers and agent hosts to execute Distributed Denial of Service attacks.

References

  • CVE: CVE-2000-0138
  • URL: http://www.adelphi.edu/~spock/shaft_analysis.txt

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out