[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    Re: Flash Worms
From:       "Shoten" <shoten () starpower ! net>
Date:       2001-08-22 19:32:26
[Download RAW message or body]

> Now I do doubt anyone who would release this would have access to a OC-12
> line to release the payload.  But that doesn't mean he/she couldn't hack
> into a site that does.  Or hack into multiple sites and release the
payload
> from multiple sites at one time.

Sayyyy....have any universities been compromised lately?  But the real point
here is not the initial release; it's the scanning for vulnerable IPs that
happens BEFORE that, to develop the "master list" of targets.  Any
compromised site having full saturation of an OC-12-ish line due to a
vulnerability scan of 0.0.0.0/0 is probably going to notice it, no matter
HOW braindead they might be.  But a distributed scan, in lieu of a DDoS,
would work, although it does pose its own problems.  Just build a zombie
that will scan instead of DoS, and have some method by which you can
reliably recover its results.

Oooooh, here you go...have it both scan AND DDoS...have it DDoS you with
ICMP that contains the slightly obfuscated/copyprotected (I hear Adobe's
been doing great things with XOR lately, perhaps they want to chime in?)
results of the scans.

[prev in list] [next in list] [prev in thread] [next in thread]