Computing.Net > Forums > Security and Virus > What's a Shaft Synflood?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

What's a Shaft Synflood?

Reply to Message Icon

Name: Rich
Date: May 21, 2002 at 15:43:08 Pacific
Comment:

I keep getting a firewall alert Saying: Minor alert E21021 DDOS Shaft Synflood Incoming was blocked. Now I tried looking it up but didn't find a exact match for E21021 but I did find a few articals on IDS252 shaft synflood incoming stateing it could be a attack or just a packet response. I did trace it with whois, as if someone couldn't have spoofed their IP. And this happens when using Kazaa Lite. Any Ideas would be greatly appreciated.



Sponsored Link
Ads by Google

Response Number 1
Name: murve
Date: May 22, 2002 at 20:54:38 Pacific
Reply:

Hi Rich,
here's an explanation of the trojan called Shaft Synflood:
Shaft
Aliases:
Ports: 22, 5002, 18753 (UDP), 20432, 20433 (UDP)
Files: idle - 28,969 bytes tcp.log - ??? bytes pp.pl - 2,795 bytes sniff.pid - 6 bytes s - 7,654 bytes chattr - 7,656 bytes vi - 437,428 bytes tcsh - 262,756 bytes ps - 31,312 bytes shaftmaster - 25,123 bytes shaftnode - 15,184 bytes shaftnode.c - 19,806 bytes hitlist - ??? bytes
Created: Oct 1998
Requires:
Actions: Distributed DoS tool / Steals passwords
Is able to either send UDP, TCP or ICMP floods, or all three at thesame time.
Versions:
Registers:
Notes: Works on Unix.
Country:
Program: Written in C.
hope you use this info well. you might want to check out www.thepublicworks.com for more info in their security section click on simovits consulting and trojan removal for some info on trojans.
good luck,
murve



0

Response Number 2
Name: Rich
Date: May 23, 2002 at 16:59:58 Pacific
Reply:

Thanks murve,
There's nothing like the vast world of information called the internet. I found some useful reading on thepublicworks. And hope to educate myself further on how identify, then dispense of such attempts.


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More







Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links

Ads by Google


Results for: What's a Shaft Synflood?

What's a prog named One Button? www.computing.net/answers/security/whats-a-prog-named-one-button/17631.html

What's news with Trojan Remover 494 www.computing.net/answers/security/whats-news-with-trojan-remover-494/3777.html

What's with SpyBot (v 1.4) www.computing.net/answers/security/whats-with-spybot-v-14/16703.html