Re: Why?From: Darren (darrenlsANTISPAM82@ntlworld.com)
- Next message: Rex Dieter: "Re: double the buffer? - buffer overflows"
- Previous message: RainbowHat: "Re: Is there a new DNS exploit?"
- In reply to: RainbowHat: "Re: Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Darren" <darrenlsANTISPAM82@ntlworld.com> Date: Fri, 21 Jun 2002 18:04:20 +0100
"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
> < Darren
> >"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
> >> Here is a covert channel proof of concept over Nimda imitated packets.
> >> Apache 1.3.24 has released at 22nd March so I decided to post today.
> >i have spent a lot of time chasing nimda along with other viruses like
> Chasing and researching worms and viruses is a good things.
> >have noticed that the writers have spent a huge amount of time and effort
> >creating and keeping nimda up to date. Nimda is a viral work of art. It
> >the product of lots of effort, lots of time, lots of team work. So i have
> >some questions.
> >Whats the point?
> >whats in it for the writers?
> Sorry for my poor English expressions. Maybe you are misunderstanding.
> I'm not a Nimda code anther nor doing maintenance. I'm not saying about
> new Nimda variant version to Windoze IIS users but suggesting about
> Nimda _imitated_ (masqueraded, mimic) packets to Linux or other platform
> Apache users. I'm saying about Nimda log looks covert channel backdoor.
> Because most Apache user are ignoring Nimda looks logs.
I wasn't of the impression that you were a nimda coder my friend. I was only
asking why people put so much effort into its maintenance
> Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.