lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405241739.i4OHdu1P016910@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Bobax and Kibuv 

On Mon, 24 May 2004 17:41:34 +0200, Tobias Weisserth <tobias@...sserth.de>  said:

> I can't understand why it seems so hard to catch samples of worms that
> knock at my firewall 24/7.
> 
> Just open the corresponding ports and forward them to a vulnerable
> machine on a different subnet (DMZ) and let the worms infect a machine
> you designated for this purpose.

The only tricky part is catching *only* a Bobax and Kibov.  I can guarantee
that if you put the shields down low enough to catch something that beats on
the LSASS, you'll catch something.  The question is whether you'll catch a
Bobax before you have to stop and throw a Sasser or other malware off the
system....

It's kind of like trying to catch a chlamydia sample by banging hookers without
a rubber - you'll probably catch it along with other stuff too....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040524/1d7f7241/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ