Full Disclosure mailing list archives
Re: mydoom.c information
From: Gyrniff <root () pq dk>
Date: Sun, 7 Mar 2004 22:16:30 +0100
As I recall the -L option (persistent listener) only works on the windows port. On Sunday 07 March 2004 20:44, John Sage wrote:
Now I'm confused... On Sun, Mar 07, 2004 at 09:43:03AM -0800, morning_wood wrote:From: "morning_wood" <se_cur_ity () hotmail com> To: <full-disclosure () lists netsys com> Subject: [Full-disclosure] mydoom.c information Date: Sun, 7 Mar 2004 09:43:03 -0800bascially looking for sync-src-1.00.tbz. That message was posted to thisavail on infected hostsThis is how I came to be in possession of it: nc -l -p 3127 > doomjuice.dump You will probably want to write a loop to restart netcat because it exits after a successful transfer.nc -L -p 3127 > out.txt note: " -L " will not exit your netcat, as it is for a persistant listener./* snip */ [jsage@sparky /storage/virii] $ nc -h GNU netcat 0.7.1, a rewrite of the famous networking tool. Basic usages: connect to somewhere: nc [options] hostname port [port] ... listen for inbound: nc -l -p port [options] [hostname] [port] ... tunnel to somewhere: nc -L hostname:port -p port [options] Mandatory arguments to long options are mandatory for short options too. Options: -c, --close close connection on EOF from stdin -e, --exec=PROGRAM program to exec after connect -g, --gateway=LIST source-routing hop point[s], up to 8 -G, --pointer=NUM source-routing pointer: 4, 8, 12, ... -h, --help display this help and exit -i, --interval=SECS delay interval for lines sent, ports scanned -l, --listen listen mode, for inbound connects -L, --tunnel=ADDRESS:PORT forward local port to remote address /* snip */ Does persistent listener == tunnel? - John
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- mydoom.c information m . mohr (Mar 06)
- Re: mydoom.c information Gregory A. Gilliss (Mar 07)
- Message not available
- Re: mydoom.c information m . mohr (Mar 07)
- Re: mydoom.c information John Sage (Mar 07)
- Re: mydoom.c information m . mohr (Mar 07)
- Re: mydoom.c information m . mohr (Mar 07)
- <Possible follow-ups>
- mydoom.c information morning_wood (Mar 07)
- Re: mydoom.c information John Sage (Mar 07)
- Re: mydoom.c information morning_wood (Mar 07)
- Re: mydoom.c information John Sage (Mar 07)
- Re: mydoom.c information Gyrniff (Mar 07)
- RE: mydoom.c information Chris Eagle (Mar 07)
- RE: mydoom.c information Frank Knobbe (Mar 07)
- RE: mydoom.c information m . mohr (Mar 07)
- RE: mydoom.c information Frank Knobbe (Mar 07)
- Re: mydoom.c information Maxime Ducharme (Mar 08)
- Re: mydoom.c information Rodrigo Barbosa (Mar 08)
- Re: mydoom.c information John Sage (Mar 07)