|
-
August 12th, 2003, 10:12 AM
#31
Banned
Tedob1 I am sorry, I did not mean to imply you are a script kiddie, I have been around the board for quite a while but I only recently signed up. I read some of your posts before and I am well aware you are a respected member of the community.
From reading your first post in this thread I got the impression that you were unaware that there was (is) a tweaked version of this exploit and I wanted to point that out.
I did not want to put in the link because that would make it to easy for the skids to get at it and I figured you would be able to find it yourself, I just wanted to share some knowledge. I think I should have made it clearer in my first post in this thread.
And for the shutdown thing, I have seen it happen right in front of me too, I believe there are quite some different versions of the exploit around.
miscommunication leads to complications.
-
August 12th, 2003, 01:31 PM
#32
tftp listens on port 69 adsubtract proxy and this worm listen on 4444
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
August 12th, 2003, 01:57 PM
#33
Just to wrap up things, www.incidents.org is I have found always a good place to look when you suspect a new worm may be on the loose (or a place to check back with). Since they receive reports from so many different places, they tend to see trends faster and are usually a couple of days ahead of the curve in announcing things like this.
Also note, that when they find a worm, they continuously update the web page as they learn more (if you look at it now, it is substantially different than when I first posted the link).
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
August 13th, 2003, 07:42 PM
#34
Junior Member
On a side note, about a month ago I wrote a tutorial concerning this topic. You might find it useful: http://www.antionline.com/showthread...&postid=644317
-
August 13th, 2003, 07:47 PM
#35
O.K,
Heres my story.
I patched all the machines with an outside connection (Proxys etc)
What happened next has taken me all day to clear.
Someone has connected in to my velocoraptor and into a terminal server.
They were infected with some bugger of a bit of code which IP scans the range they are assigned dynamically.
It then opens the exploit and downloads a copy of its self to that machine and the process starts again.
Its everywhere and the sentrys are doing overtime dealing with port requests.
-
August 14th, 2003, 02:26 AM
#36
Member
wow I haven't been here since january and the constant arguing and newbie machoness hasn't changed. oh well
I read somewhere you shouldn\'t always believe what you read so what the Hell am I supposed to do?
-
August 14th, 2003, 07:24 AM
#37
Junior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
