Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed.

From: Joe Stewart (
Date: 03/31/04

  • Next message: Mandrake Linux Security Team: "MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities"
    Date: Tue, 30 Mar 2004 17:03:21 -0500

    On Tuesday 30 March 2004 1:18 pm, Paul wrote:
    > I am looking for more detailed information on exactly how the dDOS
    > attack will be performed, ports used, request type, packet size, etc.
    > In hopes of getting enough information to work with our providers for
    > an adequate defense.

    If the virus is started on one of the mentioned dates and the host is
    connected to the Internet, the following steps will be taken by the

    1) The hostnames of the sites to attack are decrypted and the IP
    addresses resolved.

    2) 80 threads are created for the attack - each thread picks from one of
    the five victim hostnames at random. The following steps are performed
    in each thread:

    3) A connection is made on port 80 and only the following content is
    sent (formatted for your site here and CR/LF escaped):

    GET / HTTP/1.1\r\nHost:\r\n\r\n

    4) The thread sleeps for 250 milliseconds.

    5) The process repeats from step 3 until the virus exits.


    Joe Stewart, GCIH 
    Senior Security Researcher

  • Next message: Mandrake Linux Security Team: "MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities"

    Relevant Pages

    • Re: Attack
      ... Paul K ... Russell Malone is one of the few mainstream jazz guitarists around who still predominantly down picks. ... Do you mean in his single note soloing? ... note stuff that sounds like a heavy attack, ...
    • Re: Viruses
      ... cannot infect such an operating system using a virus. ... I just said that unix based systems are immune to the "virus" ... computers there is no way to mass attack them all automatically. ...
    • Re: Go Cons Go!!
      ... You attack us, and your country automatically becomes a smoking hole in the ground that glows in the dark. ... This means you have enough nukes to destroy multiple enemies many times over as a deterrent to their attacking you. ... This, however, doesn't work with Islamist madmen who would give up their lives and their country if they could take out Israel. ... Pope John Paul II had a hand in it also by ramping up the pressure from within with regard to the people in satellite states. ...
    • Re: How much time do we have to figure this out or Ill be 50 fucking years old next month
      ... this article wasn't just about the JFK assassination. ... point in time where america really started to go in the wrong ... Paul and guiliani and shudder at the fact that the audiance applauded ... that we invited the attack because we were attacking Iraq. ...
    • Foreknowledge of 911: Dr Stan, agai
      ... as Rumsfeld said in his January ... Most people don't understand the events that led up to the 9/11 attack ... Intelligence Community, but can't reveal what he knows because his ... discuss that issue, but Paul O'Neill, a prominent member of President's ...