Very true, and I just found a universal offset for all win2k sp's {i only tested sp2-4) (0x010016C6 - from svchost.exe) so I'm seeing the potential for a worm much more now heh... god help us all :D -wire On Mon, 28 Jul 2003 15:42:54 -0400 (EDT) Jose Nazario <joseat_private> wrote: >dont forget that slapper (the mod_ssl worm) did just that, it >fingerprinted the host and then attacked. windows fingerprinting tools >exist (ie xprobe, which uses udp and icmp packets) which are fine >grained enough. > >you're right in that it wont be a FAST moving worm like sapphire, but it >doesn't have to be all that fast to cause damage ... > >___________________________ >jose nazario, ph.d. joseat_private > http://monkey.org/~jose/ -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 13:45:07 PDT