| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200405241739.i4OHdu1P016910@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Bobax and Kibuv On Mon, 24 May 2004 17:41:34 +0200, Tobias Weisserth <tobias@...sserth.de> said: > I can't understand why it seems so hard to catch samples of worms that > knock at my firewall 24/7. > > Just open the corresponding ports and forward them to a vulnerable > machine on a different subnet (DMZ) and let the worms infect a machine > you designated for this purpose. The only tricky part is catching *only* a Bobax and Kibov. I can guarantee that if you put the shields down low enough to catch something that beats on the LSASS, you'll catch something. The question is whether you'll catch a Bobax before you have to stop and throw a Sasser or other malware off the system.... It's kind of like trying to catch a chlamydia sample by banging hookers without a rubber - you'll probably catch it along with other stuff too.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040524/1d7f7241/attachment.bin
Powered by blists - more mailing lists