DDOS: Shaft Handler to Agent
This signature detects the command string "alive tijgu" in a UDP packet from port 18753. This can indicate that a Shaft handler is attempting to communicate with a Shaft agent using the password "tijgu." When the Shaft agent starts, it reports to its default Shaft handler by sending a "new <upshifted password>" command; the default password "shift" upshifts to "tijgu." All subsequent messages carry the password. Attackers can use Shaft, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.
Extended Description
An attacker could control the handler servers and agent hosts to execute Distributed Denial of Service attacks.
Short Name
DDOS:SHAFT:HANDLER-TO-AGENT
Severity
Minor
Recommended
False
Recommended Action
None
Category
DDOS
Keywords
Agent CVE-2000-0138 Handler Shaft to
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
Port
UDP/18753
False Positive
Unknown
CVSS Score
5.0