| VID |
24017 |
| Severity |
40 |
| Port |
18753 |
| Protocol |
UDP |
| Class |
BackDoor |
| Detailed Description |
The remote host appears to be running Shaft, which is a trojan that can be used to control your system or make it attack another network (this is actually called a distributed denial of service attack tool). Denial of service is a technique to deny access to a resource by overloading it, such as packet flooding in the network context.
"Shaft" belongs in the family of tools discussed earlier, such as Trinoo, TFN, Stacheldraht, and TFN2K. Like in those tools, The "Shaft" network is made up of one or more handler programs ("shaftmaster") and a large set of agents ("shaftnode"). An attacker uses a telnet program ("client") to connect to and communicate with the handlers. It is very likely that this host has been compromised.
* References:
http://www.securityfocus.com/data/library/node-analysis.txt
http://www.chi-publishing.com/isb/backissues/ISB_2000/ISB0504/ISB0504SDNLDD.pdf |
| Recommendation |
Restore your system from backups, contact CERT and your local authorities |
| Related URL |
CVE-2000-0138 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
