Hi! I've send you "Trend Micro Officescan Denial of Service" (TMOSDOS for Windows; compiled win32-exe and the Visual Basic source) which is an optimized tool for the issue explained on http://online.securityfocus.com/bid/1013 All advisories describe that a denial of service attack is possible during sending random data or open more than five connections to the target port. TMOSDOS opens just one tcp connection, sends just seven characters ("get / ") to the target and closes after a few seconds the connection: Thats more effective than the old methods. It seems that there is an third argument needed to proceed the get-request correctly. Other seven character requests (e.g. "1234567") don't cause a denial of service. Most Intrusion Detection Systems are not able to detect this attack correctly: They point always to BackOrific because the destination port is often tcp/12345. Bye, Marc -- Computer, Technik & Security http://www.computec.ch
Attachment:
tmosdos.zip
Description: Zip compressed data
