> Now I do doubt anyone who would release this would have access to a OC-12 > line to release the payload. But that doesn't mean he/she couldn't hack > into a site that does. Or hack into multiple sites and release the payload > from multiple sites at one time. Sayyyy....have any universities been compromised lately? But the real point here is not the initial release; it's the scanning for vulnerable IPs that happens BEFORE that, to develop the "master list" of targets. Any compromised site having full saturation of an OC-12-ish line due to a vulnerability scan of 0.0.0.0/0 is probably going to notice it, no matter HOW braindead they might be. But a distributed scan, in lieu of a DDoS, would work, although it does pose its own problems. Just build a zombie that will scan instead of DoS, and have some method by which you can reliably recover its results. Oooooh, here you go...have it both scan AND DDoS...have it DDoS you with ICMP that contains the slightly obfuscated/copyprotected (I hear Adobe's been doing great things with XOR lately, perhaps they want to chime in?) results of the scans. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 10:57:34 PDT