Re: weird Windows 2000/XP bug

From: Chris Carey (chris@sublimespot.com)
Date: 10/30/01


Message-ID: <000a01c16186$94296fa0$090aa8c0@woody2k>
From: "Chris Carey" <chris@sublimespot.com>
To: <vuln-dev@securityfocus.com>
Subject: Re: weird Windows 2000/XP bug
Date: Tue, 30 Oct 2001 13:05:17 -0800

Nimda and CodeRed created huge security holes on the infected machines. This
is far worse a payload than having a server reboot.

Crashing a server is silly. If you propogated n times then crashed the
server, you would lose the exponential spreading effect. Right?

-Chris

> What if something like this would be used in a worm like Nimda or CodeRed,
> would it crash all the infected servers? Bet that'd really call the
admin's
> attention. Though it'd make the propagation a little difficult...



Relevant Pages

  • Re: weird Windows 2000/XP bug
    ... >is far worse a payload than having a server reboot. ... I'm looking for a way to get Nimda infected machines to shutdown/crash. ... Preferably directly as a result of their HTTP request, ...
    (Vuln-Dev)
  • Re: Problems using zlib...
    ... Tom Harrington wrote: ... Don Bruder wrote: ... answers back with a gzipped payload - I can parse the headers and find ... How are you talking to this web server? ...
    (comp.sys.mac.programmer.help)
  • Ive built a Kerberized RPC Protocol Stack over HTTP using Java GSS API
    ... The Client seals the payload in the Session key of a service ticket for its destination. ... The Server unseals the payload, and invokes an RPC Server Stub ... The original project motivation was far simpler - Kerberos seal messages headed outbound on JMS. ...
    (comp.protocols.kerberos)
  • Re: Strange!! Pinging but not accessible.
    ... Next payload: Security Association ... Next payload: Transform ... Vendor ID: Microsoft L2TP/IPSec VPN Client ... Server for name resolution, ...
    (microsoft.public.windows.server.sbs)
  • Re: Iptables Stateful Related
    ... Also Verbindungsinfo im payload. ... Du willst verschiedene Server verwenden. ... Prev by Date: ... Next by Date: ...
    (de.comp.security.firewall)