Short Name |
DDOS:SHAFT:AGENT-TO-HANDLER-PKT |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
DDOS |
Keywords |
Shaft Agent to Handler Packet |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects the command string "alive" in a UDP packet from port 20433. This can indicate that a Shaft agent is attempting to reply to a Shaft handler. Attackers can use Shaft, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.
An attacker could control the handler servers and agent hosts to execute Distributed Denial of Service attacks.