Re: is it even possible for a worm with dcom vuln?

From: wirepair (wirepairat_private)
Date: Mon Jul 28 2003 - 12:49:48 PDT

Next message: David Riley: "Re: Password Cracking Challenge..."

Previous message: Knud Erik Højgaard: "Re: perl/php connect-back backdoor?"
Next in thread: Victor Pereira: "is it even possible for a worm with dcom vuln?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Very true, and I just found a universal offset for all win2k sp's {i only tested sp2-4) (0x010016C6 - from svchost.exe) so I'm 
seeing the potential for a worm much more now heh... god help us all :D
-wire
  
On Mon, 28 Jul 2003 15:42:54 -0400 (EDT)
  Jose Nazario <joseat_private> wrote:
>dont forget that slapper (the mod_ssl worm) did just that, it
>fingerprinted the host and then attacked. windows fingerprinting tools
>exist (ie xprobe, which uses udp and icmp packets) which are fine
>grained enough.
>
>you're right in that it wont be a FAST moving worm like sapphire, but it
>doesn't have to be all that fast to cause damage ...
>
>___________________________
>jose nazario, ph.d.			joseat_private
>					http://monkey.org/~jose/

--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf

Next message: David Riley: "Re: Password Cracking Challenge..."
Previous message: Knud Erik Højgaard: "Re: perl/php connect-back backdoor?"
Next in thread: Victor Pereira: "is it even possible for a worm with dcom vuln?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 13:45:07 PDT