lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: infsec at gmail.com (Willem Koenings)
Subject: Re: SQL injection worm ?

On Wed, 5 Jan 2005 18:27:25 -0500 (EST), bugtraq@...security.net
<bugtraq@...security.net> wrote:
> Here is some additional information.

> ? ircname  : [UNC]69402
> | channels : #!processor
> ? server   : shellcodewarez.info (ScW Network)
> : idle     : 4 hours 57 mins 9 secs (signon: Tue Jan  4 23:40:01 2005)
> ??????---?--??-??????---?--??-?????????--- --  -
> | [UNC]73047 (vjfud@...013F.3F070E03.2BA09B8.IP) (unknown)
> ? ircname  : [UNC]73047
> | channels : +#!processor
> ? server   : shellcodewarez.info (ScW Network)
> : idle     : 4 hours 57 mins 26 secs (signon: Wed Jan  5 07:48:45 2005)
> 
> As you can see they are masking the ip addresses.

That depends. When new victim arrives on the channel, you can see his IP:

[13:06] * [UNC]08801 (ngnvje@....93.182.253) has joined #!processor

but on inquery it's really masked, yes:

[13:07] [UNC]08801 is ngnvje@...5494.1E6027D8.277B9277.IP * [UNC]08801 
[13:07] [UNC]08801 is on #!processor  
[13:07] [UNC]08801 using shellcodewarez.info ScW Network 
[13:07] [UNC]08801 has been idle 49 secs, signed on thursday jan 06 01:18 pm

all the best,

W.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ