Re: bugtraq.c httpd apache ssl attack

[Fernando Nunes <fmcn () netcabo pt>]

In-Reply-To: <20020913135517.28304.qmail () mail securityfocus com>

After the program "/tmp/.bugtraq" starts running, it becomes a member of a 
virtual network. Network members comunicate using UDP port 2002.
The program can, when instructed (using udp port 2002):

- Execute arbitrary commands on the machines
- Route messages to other machines in the virtual network
- Execute Tcp flood attacks
- IPv6 Tcp flood
- Dns flood attacks
- Email scan ("Search in every machine file for emain addresses")
- etc....

In 3 dias, about 1500 diferent IP address tried to contact my machine at 
UDP port 2002. Fortunally i have iptables configured.

Regards
Fernando Nunes
Portugal
N
ote: To easily correlate this attack with others, here is the header of 
the "/tmp/.bugtraq.c" file.

/**************************************************************************
**
 
*                                                                          
*
 *           Peer-to-peer UDP Distributed Denial of Service 
(PUD)           *
 *                         by 
contem@efnet                                  *
 
*                                                                          
*
 *         Virtually connects computers via the udp protocol on 
the         *
 *  specified port.  Uses a newly created peer-to-peer protocol 
that        *
 *  incorperates uses on unstable or dead computers.  The program 
is        *
 *  ran with the parameters of another ip on the virtual network.  
If       *
 *  running on the first computer, run with the ip 127.0.0.1 or 
some        *
 *  other type of local address.  
Ex:                                       *
 
*                                                                          
*
 *           Computer A:   ./program 
127.0.0.1                              *
 *           Computer B:   ./program 
Computer_A                             *
 *           Computer C:   ./program 
Computer_A                             *
 *           Computer D:   ./program 
Computer_C                             *
 
*                                                                          
*
 *         Any form of that will work.  The linking process works 
by        *
 *  giving each computer the list of avaliable computers, 
then              *
 *  using a technique called broadcast segmentation combined with 
TCP       *
 *  like functionality to insure that another computer on the 
network       *
 *  receives the broadcast packet, segments it again and 
recreates          *
 *  the packet to send to other hosts.  That technique can be used 
to       *
 *  support over 16 million simutaniously connected 
computers.              *
 
*                                                                          
*
 *         Thanks to ensane and st for donating shells and test 
beds        *
 *  for this program.  And for the admins who removed me because 
I          *
 *  was testing this program (you know who you are) need to 
watch           *
 *  their 
backs.                                                            *
 
*                                                                          
*
 *         I am not responsible for any harm caused by this 
program!        *
 *  I made this program to demonstrate peer-to-peer communication 
and       *
 *  should not be used in real life.  It is an education program 
that       *
 *  should never even be ran at all, nor used in any way, shape 
or          *
 *  form.  It is not the authors fault if it was used for any 
purposes      *
 *  other than 
educational.                                                 *
 
*                                                                          
*
 
***************************************************************************
*/