Re: Why?From: RainbowHat (nHiATlE@blSackholeP.mAit.edMu.invalid)
- Next message: Simon Matthews: "Re: ipchains and ntp udp port 123"
- Previous message: RainbowHat: "Re: logfiles"
- In reply to: Darren: "Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid> Date: Wed, 19 Jun 2002 23:54:55 +0000 (UTC)
>"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
>> Here is a covert channel proof of concept over Nimda imitated packets.
>> Apache 1.3.24 has released at 22nd March so I decided to post today.
>i have spent a lot of time chasing nimda along with other viruses like it. I
Chasing and researching worms and viruses is a good things.
>have noticed that the writers have spent a huge amount of time and effort in
>creating and keeping nimda up to date. Nimda is a viral work of art. It is
>the product of lots of effort, lots of time, lots of team work. So i have
>Whats the point?
>whats in it for the writers?
Sorry for my poor English expressions. Maybe you are misunderstanding.
I'm not a Nimda code anther nor doing maintenance. I'm not saying about
new Nimda variant version to Windoze IIS users but suggesting about
Nimda _imitated_ (masqueraded, mimic) packets to Linux or other platform
Apache users. I'm saying about Nimda log looks covert channel backdoor.
Because most Apache user are ignoring Nimda looks logs.
-- Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet. ----+----1----+----2----+----3----+----4----+----5----+----6----+----7