Computing.Net > Forums > Security and Virus > What's a Shaft Synflood?

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

What's a Shaft Synflood?

Reply to Message Icon

Original Message
Name: Rich
Date: May 21, 2002 at 15:43:08 Pacific
Subject: What's a Shaft Synflood?
Comment:

I keep getting a firewall alert Saying: Minor alert E21021 DDOS Shaft Synflood Incoming was blocked. Now I tried looking it up but didn't find a exact match for E21021 but I did find a few articals on IDS252 shaft synflood incoming stateing it could be a attack or just a packet response. I did trace it with whois, as if someone couldn't have spoofed their IP. And this happens when using Kazaa Lite. Any Ideas would be greatly appreciated.


Report Offensive Message For Removal


Response Number 1
Name: murve
Date: May 22, 2002 at 20:54:38 Pacific
Reply: (edit)

Hi Rich,
here's an explanation of the trojan called Shaft Synflood:
Shaft
Aliases:
Ports: 22, 5002, 18753 (UDP), 20432, 20433 (UDP)
Files: idle - 28,969 bytes tcp.log - ??? bytes pp.pl - 2,795 bytes sniff.pid - 6 bytes s - 7,654 bytes chattr - 7,656 bytes vi - 437,428 bytes tcsh - 262,756 bytes ps - 31,312 bytes shaftmaster - 25,123 bytes shaftnode - 15,184 bytes shaftnode.c - 19,806 bytes hitlist - ??? bytes
Created: Oct 1998
Requires:
Actions: Distributed DoS tool / Steals passwords
Is able to either send UDP, TCP or ICMP floods, or all three at thesame time.
Versions:
Registers:
Notes: Works on Unix.
Country:
Program: Written in C.
hope you use this info well. you might want to check out www.thepublicworks.com for more info in their security section click on simovits consulting and trojan removal for some info on trojans.
good luck,
murve



Report Offensive Follow Up For Removal

Response Number 2
Name: Rich
Date: May 23, 2002 at 16:59:58 Pacific
Reply: (edit)

Thanks murve,
There's nothing like the vast world of information called the internet. I found some useful reading on thepublicworks. And hope to educate myself further on how identify, then dispense of such attempts.


Report Offensive Follow Up For Removal







Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home








Do you have your own blog?

Yes
No
I did before
I will soon


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History




Data Recovery Software