Re: mydoom.c information

[John Sage <jsage () finchhaven com>]

Now I'm confused...

On Sun, Mar 07, 2004 at 09:43:03AM -0800, morning_wood wrote:
> From: "morning_wood" <se_cur_ity () hotmail com>
> To: <full-disclosure () lists netsys com>
> Subject: [Full-disclosure] mydoom.c information
> Date: Sun, 7 Mar 2004 09:43:03 -0800
>
> > > bascially looking for sync-src-1.00.tbz.  That message was
> > > posted to this
> >
> > avail on infected hosts
> >
> > > This is how I came to be in possession of it:
> > >
> > > nc -l -p 3127 > doomjuice.dump
> > >
> > >  You will probably want to write a loop to restart netcat
> > > because it exits after a successful transfer.
>  
>  nc -L -p 3127 > out.txt note: " -L " will not exit your netcat, as
>  it is for a persistant listener.

/* snip */


[jsage@sparky /storage/virii] $ nc -h
GNU netcat 0.7.1, a rewrite of the famous networking tool.
Basic usages:
connect to somewhere:  nc [options] hostname port [port] ...
listen for inbound:    nc -l -p port [options] [hostname] [port] ...
tunnel to somewhere:   nc -L hostname:port -p port [options]
 
Mandatory arguments to long options are mandatory for short options too.
Options:
  -c, --close                close connection on EOF from stdin
  -e, --exec=PROGRAM         program to exec after connect
  -g, --gateway=LIST         source-routing hop point[s], up to 8
  -G, --pointer=NUM          source-routing pointer: 4, 8, 12, ...
  -h, --help                 display this help and exit
  -i, --interval=SECS        delay interval for lines sent, ports scanned
  -l, --listen               listen mode, for inbound connects
  -L, --tunnel=ADDRESS:PORT  forward local port to remote address

/* snip */


Does persistent listener == tunnel?


- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html