Security Incidents mailing list archives
Re: Annoy Those Sub7 Scanners.
From: Chris Keladis <Chris.Keladis () CMC CWO NET AU>
Date: Sun, 27 Aug 2000 19:33:13 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 True, but if you want to be rather clever about it, you could write an app to respond with chargen only when the source port is a certain value. You could possibly pick up on other characteristics of Sub7 to narrow it down. Agreed, it wont stop the bounce attack you talk of, but at least you could reach your intended audience, with some degree of "stealthness" :) Actually, thinking about it, you could probably write your own chargen which spits out x amount of entropy and stops, hopefully enough to kill Sub7, but prevent flooding. Sounds like a fun weekend project in perl or C :) Regards, Chris. At 04:42 PM 8/27/00 +0200, Rune Kristian Viken wrote:
On Sat, 26 Aug 2000, you wrote:It appears that when Sub7 scans a port that chargen is sitting on, it can't handle it, and crashes. A three-finger-salute is needed toregain anyuse of Windows.Uh. There really are pros and cons of setting up chargen.. It acts as an extreme traffic amplifier.. so .. I really don't think its a good idea to set up chargen's ;) -- "Rune Kristian Viken" <arcade () kvinesdal com> / arcade@irc (EFnet/IRCnet) Kvinesdalsnett System Administrator (http://arcade.kvinesdal.com/)
Chris Keladis System/Security Administrator Custom Management Centre Cable & Wireless Optus. Phone: (02) 9775-5312 Mobile: (0402) 067-375 E-Mail: Chris.Keladis () cmc cwo net au -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOap4KCEx0akmf5vwEQIFzwCfTbBx+X0n3/flzIo+NR3ewSm+KKAAoMry 0s6GPKH1MX3MIN9ub9swCdT6 =h/fb -----END PGP SIGNATURE-----
Current thread:
- Annoy Those Sub7 Scanners. Max (Aug 26)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Rune Kristian Viken (Aug 27)
- Re: Annoy Those Sub7 Scanners. Chris Keladis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Thierry (Aug 27)
- Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Valdis Kletnieks (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 29)
- <Possible follow-ups>
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. Doug Kahler (Aug 27)
- Re: Annoy Those Sub7 Scanners. Valdis Kletnieks (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Greg A. Woods (Aug 28)