perlb0t: Still in the Wild with UDP Flood DDoS Attacks
- by nlqip
By looking at the table of supported IP protocols, we see that the bot creates raw packets of IGMP, ICMP and TCP protocols. Those packets are just being marked with those protocol numbers, however other fields and headers are not actually set. The packet is filled with “A” characters according to the size specified by the C&C command, making the packet a malformed one.
However, even more interesting is the distinction the bot writer makes between the above protocols and other protocols the writer uses afterward. After sending malformed IGMP, UDP, ICMP and TCP packets, the bot will send 252 additional malformed packets of all other protocols (running from 3 to 255 protocol numbers, skipping previously sent protocols).
Source link
lol
By looking at the table of supported IP protocols, we see that the bot creates raw packets of IGMP, ICMP and TCP protocols. Those packets are just being marked with those protocol numbers, however other fields and headers are not actually set. The packet is filled with “A” characters according to the size specified by…
Recent Posts
- The complexities of cyberattack attribution – Week in security with Tony Anscombe
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
- HACKING 101 Humble Bundle — Between The Hacks
- The U.S. IoT Cybersecurity Improvement Act Becomes Law — Between The Hacks
- BTH News 13December2020 — Between The Hacks