Re: Have I been kitted?From: Muhammad Faisal Rauf Danka (firstname.lastname@example.org)
- Previous message: James Golovich: "RE: Have I been kitted?"
- Maybe in reply to: Terry Browning: "Have I been kitted?"
- Next in thread: Matthew Berg: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Jun 2002 09:24:31 -0700 (PDT) From: Muhammad Faisal Rauf Danka <email@example.com> To: firstname.lastname@example.org
hehe, yeah sometimes trickie attackers do come around, they're script kiddies in nature as they don't know much about what the exploit is doing, for them it just gets them root. But at times they are good users of linux/unix etc.
I once saw a backdoor which spawns a rootshell on any custom port on recieving a ping packet with a particular pattern in it.
like ping -p opensesame backdoored.box.ip
and then telneting to the port defined in backdoor.
This isn't a biggie as such backdoors do exist, but i saw an ipchains rule disallowing icmp from all and only from a few ip's which were attacker's already rooted boxes.
And once i saw an attacker trying to debug a backdoor's faulty DES schema on one of EFNET's channel.
So there are certain levels concerning unix/linux/programming skills among skiddies too. They should never be under-estimated.
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
Pakistan Computer Emergency Responce Team (PakCERT)
Chief Security Analyst
Applied Technology Research Center (ATRC)
--- Matthew Berg <email@example.com> wrote:
>On Sun, 2002-06-09 at 16:19, Terry Browning wrote: