PDA

Click to See Complete Forum and Search --> : Help!!

the SHAVEN
September 24th, 2001, 07:11 PM
:confused: i recently detected a smurf attack on my firewall log
what is this? and what should i do the next time this happens?
Negative
September 24th, 2001, 10:41 PM
You won't believe this, but Mr. Google (http://www.cert.org/advisories/CA-1998-01.html) did it AGAIN!!! Bam! TouchDown!
greyhairedwolf
October 12th, 2001, 01:00 PM
thanks for the link to the Cert Centre it is useful
TheHobbit
October 14th, 2001, 04:34 PM
Mr.Google?
Negative
October 14th, 2001, 05:11 PM
Yups, Mr. Google...
You can find him here (http://www.google.com)

Also meet his family:

Open Directory Project (http://dmoz.org/)
Yahoo (http://www.yahoo.com)
LookSmart (http://www.looksmart.com)
IxQuick (http://www.ixquick.com)
Ask Jeeves (http://www.ask.co.uk)
About (http://www.about.com)
All the Web (http://www.alltheweb.com)
Altavista (http://www.altavista.com)
Hotbot (http://hotbot.lycos.com)
Northern Light (http://www.northernlight.com/power.html)
Teoma (http://www.teoma.com)
WebCrawler (http://www.webcrawler.com)
Direct Hit (http://www.directhit.com)
Disinformation (http://www.disinfo.com)
DogPile (http://www.dogpile.com/)

Edit: added Dogpile (Thx Wolf)
obi
October 14th, 2001, 08:30 PM
Yups, Mr. Google...


chuckle :D
greyhairedwolf
October 14th, 2001, 11:46 PM
Did you get the info that you need if not here is a simple explanation thanks to the folks at Symantec.

Symantec Security Response
http://securityresponse.symantec.com/



Smurf DoS Attack
Ping is a software tool available on most operating systems and commonly used to check if a specified machine is reachable. When the ping tool is executed, an ICMP (Internet Control Message Protocol) echo request packet (includes the return IP address) is sent to the destination computer. If the destination computer receives the TCP packet, it replies to confirm the ping request.
In the case of a Smurf DoS attack, the ping's packet return IP address is forged with the IP of the targeted machine. The ping is issued to the entire IP broadcast address. This causes every machine to respond to the bogus ping packets and reply to the targeted machine, which floods it.

This is called a Smurf attack because the DoS tool used to perform the attack is called Smurf.

One way to reduce risk of this attack is to disable IP-directed broadcast, which is often not used or needed. Some OS can be even be configured to prevent the machine from responding to ICMP packets.


Type: Virus
Write-up by: Motoaki Yamamura


And if we are adding search engines of our list or resources Neg that I have to add DogPile (http://www.dogpile.com/)
ZeroOne
October 15th, 2001, 06:08 PM
Originally posted by Negative
Yups, Mr. Google...
You can find him here (http://www.google.com)
Also meet his family:
Open Directory Project (http://dmoz.org/)

=========8<------------------

DogPile (http://www.dogpile.com/)

I find it pretty useless thing to list search engines... Google finds everything, and if it's not enough, you can use All the Web (http://www.alltheweb.com/), Ask Jeeves (http://www.ask.com/), Yahoo (http://www.yahoo.com/) or, a new list entry, Researchville (http://www.researchville.com/).

-ZeroOne :cool: