The Ultimate Worm
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: The Ultimate Worm

  1. #1
    Member
    Join Date
    May 2003
    Posts
    35

    The Ultimate Worm

    imagine a worm if you will, spreading through iis, netbios, sql, exchange, .asp pages, samba, aim file exploit, and a false ms update, the purpose, only to wait until a certain time to start randomly pinging every host on the internet. Seem impossible? Right now there are over 100,000 bots that i have seen, many more which i have not, or are not public, most of which compromised by the methods ive said. 100,000 machines sending an average of 1000k/sec (average from oc-3 to dsl/cable), would create a mass flood of 1000MB/s, as servers stall, more drop, and the internet becomes a standstill. Think my figures are exagerated? I dont beleive so, seeing how many fast servers/iis/exchange have been compromised, this massive DDoS could drop the internet.
    sectac
    The Hack Back Revolution
    irc.dal.net:#guesswhatyourhacked

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    thats why it should be ok to root lamers

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    in theory that is a nice idea... but for it to work... seems unlikely
    Learn like you are going to live forever, live like you are going to die tomorrow.

    Propoganda

  4. #4
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    in my opinion its because ICMP is so useful yet so hard to control. you can flood the hell out of someone and its hard to stop because of the nature of the thing. Like when yahoo was attacked, its hard to stop because even if you block it, the firewall is taking processes to tell it no and so in one way or another its still able to flood.

    Some firewalls let you limit hot many pings you can have ine a certain amount of time but i duno how well this works yet because no ones flooded me in the last week since i put it on....hmmm, ill have to test that and let you all know.

  5. #5
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Meh, if you change it from Ping to a fake SYN you all of a sudden amplify your attack by a factor of 4 atleast....the servers attemting to find the source as well as the agregation through well rooted routers (heehee) would cause massive amounts of traffic....all in all...well over 1000Mb/s I'm thinkin 5-6Gb/s or above that even.....the thing is...if you where smart about it...you would incoorperate an OS detect into your Worm so that you could infect Dialup's with only what they needed...thus making millons to weak bot's...but when combined...well....it would be a ****-storm like no other...

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  6. #6
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    *near end of movie "hackers"*

    Boss: Whats going on plague?

    Candy Ass Lamer: A **** storm duke

    lol.

  7. #7
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    It's not really because ICMP is hard to control... It's probably easier to control then a stream of UDP packets. A firewall can theoraticaly drop everything without sending a reply or even bother about it more then 1*10^-9 sec, but if one just sends 1000 MB/sec random 100101010010010111 the 4 MB downstream cable connection of yours just can't handle it. Whatever the firewall does, the junk first has to go through that 4 MB pipe before it ever reaches the firewall. Much stronger connections then cable can be "slowed down" so much by sending crap you just can't reach the servcies anymore. The servers stay up (unless the router overheats or the like), but you can't reach it. About taking out the internet with those DDoS attacks is a bit exagerated I think. We are all DDoSing the internet every day with our crap data getting p0rn vids and spam. The amount of bots not is the same as the ammount of compromised servers and even then it's sometimes not even enough to "take out" one webserver. The internet is designed to handle so freaking much data... I think, unless you attack specific targets, you have to have so freaking much combined bandwith the even slow down the internet... ow well... I'm talking like everyone can see I'm not a natice english speaker again... I'd better quit already...
    Double Dutch

  8. #8
    Member
    Join Date
    May 2003
    Posts
    35
    very true, unlikly? if fizzer had been used for what i described, or if the sql worm had hid itself better, it could have easly done the same thing. Its better to preair for something that is going to happen, than to ignore it and assume that it wont happen. Yea, using ACK SYN or a basic SYN flood, it would be a horrible storm of traffic and drop many different servers and systems.
    sectac
    The Hack Back Revolution
    irc.dal.net:#guesswhatyourhacked

  9. #9
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    And just think, then all the linux users will finally reign supreme when the old empire crumbles.

    Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    I doubt the scenario that you mentioned would work because the routers would regulate the speed of the data transfers to something more manageable. To really slow down the internet, I think you would have to take out the top level dns servers so that the ip traffic couldn't be resolved (hostname to ip), and even then, the dns entrys are cached, and there's also several backup top level dns servers. Your talking about a DDOS on servers with fibre optic connections, I doubt a few dos attacks would take out that kind of bandwidth, especially when they start blocking the incomming traffic and bringing backup servers online to handle the extra load.



    Good luck with that ultimate worm!


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •