Bugtraq mailing list archives
Re: Internet Wide DOS Attack using IRC
From: boldi () BUDAPEST HU (Bencsath Boldizsar)
Date: Sat, 3 Oct 1998 00:40:39 +0200
Hi! So, we can declare, that this should be a BACK ORIFICE attack, which is often distributed on ICQ & IRC as a game, or something like that. BO has several feautres, like plugins, which can be used to notify the "owner,distributor" of the "BO server" about the new ip number of the server. If the distributor is using defaults, e.g. no password set, and port 31337 is used, then the unix client can be used to inform the user by a system dialogbox about the attack, but - it is funny- most people think it's a joke, that his machine is open, or they think, if they get this message, that someone tries to attack their computer by this fake news.. Anyway, it's true, there is a (or more?) bo "remover" tool, which doesn't removes bo, just puts on another port.. So with the default install, it is also possible to get out the users' email from their registry file, like Blizzard did it some times ago, and then write some serious email about the removal of this tool. But, it's not easy to do this, if a password is set on the client. And the distribution is another problem: If someone will put BO in some install packages of true softwares, which can be distributed by anything, CD in a magazine, or by the internet - this will infect many many computers. And even virus scanners are not used by everyone. And this is the point when Microsoft made serious mistakes. Write software for everybody, which is so easy to manage, that you don't need anybody's help, and so you don't need to know anything about your computer? The the dialup resellers: They don't say You: Hey, You are in some kind of risk, if you are connected. So, many many people don't want to know anything about their computer, and this is a big trap. And if we found solutions for BO, anything like disabling in routers, ..., there is still chance, that anybody else can write programs like that. Smarter ones. All I can say , that it's far more important to let the people know about this kind of attack, than it was by the first virii of the pc. Imagine a big company with a bad intranet, and a silly secretary who gets this file, and some secrets of the company is landing at the other company's side.. -------------------------------- Bencsath Boldizsar boldi () inf bme hu boldi () rulez org http://www.inf.bme.hu/~boldi --------------------------------
Current thread:
- IE4 Custom Folder Marc (Oct 01)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
- Re: IE4 Custom Folder David LeBlanc (Oct 02)
- Several potential security problems in IBM/Tivoli OPC Tracker Age Klaus.Kusche () OOE GV AT (Oct 02)
- Announcements from The Palace (fwd) Mike Holling (Oct 02)
- Re: IE4 Custom Folder Christopher K Davis (Oct 02)
- Internet Wide DOS Attack using IRC dbarba (Oct 02)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC [deicide] (Oct 02)
- Re: Internet Wide DOS Attack using IRC Bencsath Boldizsar (Oct 02)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
- CERT: IN-98.04 Darren Reed (Oct 01)