Re: [Full-Disclosure] Re: Windows Dcom Worm planned DDoS

From: Sebastian Niehaus (killedbythoughtsat_private)
Date: Tue Aug 12 2003 - 23:59:48 PDT

Next message: ashat_private: "[Full-Disclosure] DameWare Mini-RC Shatter"

Previous message: Joey: "Re: [Full-Disclosure] Windows Dcom Worm Killer"
In reply to: martin f krafft: "[Full-Disclosure] Re: Windows Dcom Worm planned DDoS"
Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

martin f krafft <madduckat_private> writes:
> also sprach Sebastian Niehaus <killedbythoughtsat_private>:

> > Could be a nice feature of a worm to modify the "hosts" file and
> > prevent infected maschines to do DNS lookups.
> 
> Unless you use a rooted host for that, it would reveal your
> identity. And if you use a rooted host, you run the risk of the worm
> failing if you loose control over the host.

So we need a daemon to fetch the "hosts" file from somwhere (IRC?)<w
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: ashat_private: "[Full-Disclosure] DameWare Mini-RC Shatter"
Previous message: Joey: "Re: [Full-Disclosure] Windows Dcom Worm Killer"
In reply to: martin f krafft: "[Full-Disclosure] Re: Windows Dcom Worm planned DDoS"
Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 01:50:41 PDT