Re: is it even possible for a worm with dcom vuln?
From: wirepair (wirepair_at_roguemail.net)
Date: 07/28/03
- Previous message: Knud Erik Højgaard: "Re: perl/php connect-back backdoor?"
- Maybe in reply to: wirepair: "is it even possible for a worm with dcom vuln?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Jose Nazario <jose@monkey.org>, vuln-dev@securityfocus.com Date: Mon, 28 Jul 2003 12:49:48 -0700
Very true, and I just found a universal offset for all win2k sp's {i only tested sp2-4) (0x010016C6 - from svchost.exe) so I'm
seeing the potential for a worm much more now heh... god help us all :D
-wire
On Mon, 28 Jul 2003 15:42:54 -0400 (EDT)
Jose Nazario <jose@monkey.org> wrote:
>dont forget that slapper (the mod_ssl worm) did just that, it
>fingerprinted the host and then attacked. windows fingerprinting tools
>exist (ie xprobe, which uses udp and icmp packets) which are fine
>grained enough.
>
>you're right in that it wont be a FAST moving worm like sapphire, but it
>doesn't have to be all that fast to cause damage ...
>
>___________________________
>jose nazario, ph.d. jose@monkey.org
> http://monkey.org/~jose/
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf
- Previous message: Knud Erik Højgaard: "Re: perl/php connect-back backdoor?"
- Maybe in reply to: wirepair: "is it even possible for a worm with dcom vuln?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
