Vulnerability Development mailing list archives

Re: BackOrifice == DDoS Server???

From: xm () GEEKMAFIA DYNIP COM (Ex Machina)
Date: Fri, 30 Jun 2000 10:39:19 -0400


Didn't bo2k impliment an IDEA crypto module. I thought the lame crypto
packages were only included due to US export restrictions at the time of
the release.

Also since a lot of the raw packet shpaing tools from places like
packetfactory.net have been ported to win32, it would be simple to use
bo2k as a real spooded dos tool.

Ex Machina (xm () geekmafia dynip com)    http://geekmafia.dynip.com/~xm/
phone:  1-877-LPT-WHIP         icq:  3387005           aim:  ExMachina
GnuPG Keyprint:     0627 C3A8 DE25 F7FB 46BD  4870 2006 CF7F EBDA 949D

On Thu, 29 Jun 2000, Bluefish wrote:

Date: Thu, 29 Jun 2000 19:04:00 +0200
From: Bluefish <11a () GMX NET>
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: BackOrifice == DDoS Server???

2 years ago when Back Orifice made its debut, I've noticed the command
"PROCSPAWN".
(Unix Back Orifice Source Code available at www.rootshell.com.)


Additionally, remember that it is possible to code plugins for BO. It
could be made into an even more dangerous attack.

The big question though, is if BO is more easily used (= more scriptkidz
using it) or more stealthed (higher % of the users installing it without
understanding it) than other available DDoS tools. Otherwise this is
simply yet another tool.

Im not too sure if many people knew about this, but it's here for those
who didn't know, and to expose that programs written for another use
could be abused for something of its original intent.


BO is written to serve dual purposes (to be used and abused). That, added
to it's bad security (two of the cryptographic plugins were broken due to
flawed MD5 implementation, and because it was written to serve dual
pruposes, no one has bothered to analyse the security of it) sugest that
it now only is usefull for abuse..... Given how week the original
cryptographic modules were (same key always - MD5 gave a static response)
it would seem the authors didn't bother to investigate the security of it
very much.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

Current thread:

Re: BackOrifice == DDoS Server??? Ex Machina (Jun 30)
- Re: BackOrifice == DDoS Server??? Bluefish (Jul 01)
- <Possible follow-ups>
- Re: BackOrifice == DDoS Server??? Ryan Permeh (Jun 30)
- Re: BackOrifice == DDoS Server??? Bluefish (Jul 01)
- Re: BackOrifice == DDoS Server??? Brooke, O'Neil (Jul 05)