lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <NDBBKKOCALIBPMFFNMEMMENMEIAA.cseagle@redshift.com>
From: cseagle at redshift.com (Chris Eagle)
Subject: DDoS on the 16th - Fail if no DNS resolution?

It uses the user's default locale for time.

here is the code snippet:

   GetDateFormat(LOCALE_USER_DEFAULT, 0, NULL, "d", day, 3);
   GetDateFormat(LOCALE_USER_DEFAULT, 0, NULL, "M", mon, 3);
   if (atoi(day) > 15 || atoi(mon) > 8) {
      CreateThread(NULL, 0, SynFlood, NULL, 0, &temp);
   }

Also, it only checks the date one time, at start up.  If the worm is running
at midnight on the 15/16, it will NOT initiate the DDoS.  It would have to
be shutdown and restarted again within the desired time window.

Chris


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Darren Reed
Sent: Wednesday, August 13, 2003 6:17 PM
To: Jason Witty
Cc: Full-Disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] DDoS on the 16th - Fail if no DNS
resolution?


In some mail from Jason Witty, sie said:
>
> All,
>
> Has anyone tested this worm yet to see what it'll do if you set up an
> internal DNS entry for windowsupdate.com to point to a black hole address
> (127.0.0.1 for example) and then set the system clock to be August 16th
> (this Saturday)?

Just to flip back to the 15th/16th thing, the significant thing here is
if it is using localtime vs GMT time then it will be the 16th in some
parts of the world before others...eg the West coast of USA is 7 hours
ahead of the East coast of Australia, but a day behind, so come 00:01
Saturday the 16th in Australia, it'll be 7:01am in Seattle on Friday the
15th...

Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ