[8110] in bugtraq
Re: Internet Wide DOS Attack using IRC
daemon@ATHENA.MIT.EDU (Diane Bruce)
Fri Oct 2 23:36:44 1998
Date: Fri, 2 Oct 1998 20:11:38 -0700
Reply-To: Diane Bruce <db@DB.NET>
From: Diane Bruce <db@DB.NET>
X-To: cluster@VIDEOTRON.CA
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <004901bdee68$73f530a0$48fc60cf@cortex> from "Samuel Cossette" at
Oct 2, 98 08:55:01 pm
Samuel Cossette says:
>
> I have done my own investigation about it;
>
> First it's not Back Orifice, it's another fuck*** trojan, spread by a DCC
...
> With 500 "clones" they can easily split an irc server with the command
> MOTD :irc.server.net (.do raw command).
Funny you should mention this one. I coded up the anti-flood code
for ircd-hybrid-5.3p2. This is exactly why 5.3p2 is out.
It slows down MOTD requests plus some other requests...
Its been sucessful in preventing this attack from working.
-Dianora ircd-hybrid coder/EFnet admin
(for the curious, ftp.blackened.com/pub/irc/hybrid/ircd-hybrid-5.3p2.tar.gz)
--
Diane Bruce, http://www.db.net/~db http://www.db.net email db@db.net
"Yeah, but it's a great picture of a toaster oven." lathrop at primenet dot com
