Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

POXDAR Revisited

from [Mark Ryan del Moral Talabis] Network Security [Permanent Link]
Subject: POXDAR Revisited
Date: Thu, 27 Apr 2006 22:57:53 +0800 
We noticed some peculiar connections in one of our honeypots just the
other day. We noted some DOS attempts directed to a number of
different sites. Based on the sites it tried to connect to, our
initial conclusion was it was the POXDAR worm. What was intresting
though is that in further examination of our logs, we saw that in
addition to connecting to "predefined" sites which was the normal
POXDAR behaviour, it also tries to look for russian domains by random
"brute force" guessing. It is doubtful that this is an effective way
to look for sites to perform DOS but this behaviour floods the network
with muliple DNS requests that might possibly lead to congestion given
critical mass.

Full Analysis:
http://www.philippinehoneynet.org/data.php

Ryan Talabis
Philippine Honeynet Project

--
The Philippine Honeynet Project
http://www.philippinehoneynet.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • POXDAR Revisited, Mark Ryan del Moral Talabis <=
Previous by Date:  Re: Dialer.gzt?, Andrei Saygo
Next by Date:  Re: Dialer.gzt?, Robert Sandilands
Previous by Thread:  Dialer.gzt?, Casey DeBerry
Indexes:  [Date] [Thread] [Top] [All Lists]