Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	DDOS:TRIN00:DAEMON-TO-MASTER-2
Severity	Minor
Recommended	No
Category	DDOS
Keywords	DDOS TRIN00 Daemon to Master (PONG)
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DDOS TRIN00 Daemon to Master (PONG)

This signature detects the command string "PONG" in a UDP packet sent from port 27444. This can indicate a Trin00 daemon is attempting to reply to a Trin00 master. Attackers can use Trin00, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.

Extended Description

Trin00 enables an attacker to cause a DDoS or crash the target system by controlling master server(s) and daemon host(s).

References

CVE: CVE-2000-0138
URL: http://staff.washington.edu/dittrich/misc/trinoo.analysis

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

DDOS TRIN00 Daemon to Master (PONG)

Extended Description

References