i asked the guy for the exploit, ran it. and it seems to fork in background and afterwards it starts flooding with UDP packets 161.69.3.150 ;P not nice, not nice at all On Thu, 2002-07-25 at 04:05, ilker güvercin wrote: > > > I found a tool on my compramised machine called > bind9 and the source code is still there. > its made by team teso bind9 Exploit by by scut of > teso [http://teso.scene.at/]... > Usage: ./bind remote_addr domainname target_id > Targets: > 0 - Linux RedHat 6.0 (9.2.x) > 1 - Linux RedHat 6.2 (9.2.x) > 2 - Linux RedHat 7.2 (9.2.x) > 3 - Linux Slackware 8.0 (9.2.x) > 4 - Linux Debian (all) (9.2.x) > 5 - FreeBSD 3.4 (8.2.x) > 6 - FreeBSD 3.5 (8.2.x) > 7 - FreeBSD 4.x (8.2.x) > > Example usage: > $ host -t ns domain.com > domain.com name server dns1.domain.com > $ ./bind9 dns1.domain.com domain.com 0 > [..expl output..] > I didnt test it; its workin or not. > Anybody have knowlegde about this.Sorry for my > poor english:) > if anyone wanna test it I can send the source code. > holyat_private > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- Jay ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jul 26 2002 - 08:34:49 PDT