Re: DoS Tool Identification

From: Martin (broadcast_at_mail.ptraced.net)
Date: 02/25/04

Next message: spaceork: "Re: DoS Tool Identification"

Previous message: Seth Milder: "DoS Tool Identification"
In reply to: Seth Milder: "DoS Tool Identification"
Next in thread: spaceork: "Re: DoS Tool Identification"
Reply: spaceork: "Re: DoS Tool Identification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Feb 2004 19:10:51 -0300
To: incidents@securityfocus.com

strings bd.out reveals:

Can't execve shell!
/bin/sh
$HOMEDIRHOMEDIR
Can't fork subshell, there is no way...
Can't open a tty, all in use ?
/dev/null
Done, pid=%d
F**K: Can't fork child (%d)
F**K: Can't bind udp socket (%d)
F**K: Can't allocate udp socket (%d)
/usr/local/apache/bin/httpd
***: Can't allocate raw socket (%d)
using old...
/usr/sbin/named
BD_Init: Starting backdoor daemon...

Seems like a backdoor daemon running on an UDP port.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: spaceork: "Re: DoS Tool Identification"

Previous message: Seth Milder: "DoS Tool Identification"
In reply to: Seth Milder: "DoS Tool Identification"
Next in thread: spaceork: "Re: DoS Tool Identification"
Reply: spaceork: "Re: DoS Tool Identification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]