Re: Linux Slapper Worm

From: Charles Stevenson (coreat_private)
Date: Thu Sep 19 2002 - 14:23:05 PDT

Next message: Steven M. Christey: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3."

Previous message: Steven M. Christey: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3."
In reply to: Ajai Khattri: "Re: Linux Slapper Worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This method of security through obscurity will not prevent another
hacker from chaning the worm to use one of the modified versions of the
exploit which supports brute forcing. Nor does it trick Solar Eclipse's
scanner which actually overflows and checks to see if the server
response contains our data. All you did was waste your time. :)

peace,
core

-- 
    Charles Stevenson (core) <coreat_private>
    Lab Assistant, College of Eastern Utah San Juan Campus
    http://www.bokeoa.com/~core/core.asc

Next message: Steven M. Christey: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3."
Previous message: Steven M. Christey: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3."
In reply to: Ajai Khattri: "Re: Linux Slapper Worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 14:30:23 PDT