Re: Have I been kitted?

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 06/20/02


Date: Thu, 20 Jun 2002 09:24:31 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: focus-linux@securityfocus.com

hehe, yeah sometimes trickie attackers do come around, they're script kiddies in nature as they don't know much about what the exploit is doing, for them it just gets them root. But at times they are good users of linux/unix etc.
I once saw a backdoor which spawns a rootshell on any custom port on recieving a ping packet with a particular pattern in it.
like ping -p opensesame backdoored.box.ip
and then telneting to the port defined in backdoor.
This isn't a biggie as such backdoors do exist, but i saw an ipchains rule disallowing icmp from all and only from a few ip's which were attacker's already rooted boxes.
And once i saw an attacker trying to debug a backdoor's faulty DES schema on one of EFNET's channel.
So there are certain levels concerning unix/linux/programming skills among skiddies too. They should never be under-estimated.

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk

--- Matthew Berg <galt@gothpoodle.com> wrote:
>On Sun, 2002-06-09 at 16:19, Terry Browning wrote:
>

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag