perlb0t: Still in the Wild with UDP Flood DDoS Attacks
- by nlqip
By looking at the table of supported IP protocols, we see that the bot creates raw packets of IGMP, ICMP and TCP protocols. Those packets are just being marked with those protocol numbers, however other fields and headers are not actually set. The packet is filled with “A” characters according to the size specified by the C&C command, making the packet a malformed one.
However, even more interesting is the distinction the bot writer makes between the above protocols and other protocols the writer uses afterward. After sending malformed IGMP, UDP, ICMP and TCP packets, the bot will send 252 additional malformed packets of all other protocols (running from 3 to 255 protocol numbers, skipping previously sent protocols).
Source link
lol
By looking at the table of supported IP protocols, we see that the bot creates raw packets of IGMP, ICMP and TCP protocols. Those packets are just being marked with those protocol numbers, however other fields and headers are not actually set. The packet is filled with “A” characters according to the size specified by…
Recent Posts
- Discord rolls out end-to-end encryption for audio, video calls
- Europol takes down “Ghost” encrypted messaging platform used for crime
- Phison President Promises AI Training, Tuning With A $50K Workstation
- Canary Trap’s Bi-Weekly Cyber Roundup – Canary Trap
- Cisco CX Leader Denzil Samuels Leaves For Solution Provider Behemoth NTT Data