Vulnerability Development mailing list archives
Re: BackOrifice == DDoS Server???
From: 11a () GMX NET (Bluefish)
Date: Thu, 29 Jun 2000 19:04:00 +0200
2 years ago when Back Orifice made its debut, I've noticed the command "PROCSPAWN". (Unix Back Orifice Source Code available at www.rootshell.com.)
Additionally, remember that it is possible to code plugins for BO. It could be made into an even more dangerous attack. The big question though, is if BO is more easily used (= more scriptkidz using it) or more stealthed (higher % of the users installing it without understanding it) than other available DDoS tools. Otherwise this is simply yet another tool.
Im not too sure if many people knew about this, but it's here for those who didn't know, and to expose that programs written for another use could be abused for something of its original intent.
BO is written to serve dual purposes (to be used and abused). That, added to it's bad security (two of the cryptographic plugins were broken due to flawed MD5 implementation, and because it was written to serve dual pruposes, no one has bothered to analyse the security of it) sugest that it now only is usefull for abuse..... Given how week the original cryptographic modules were (same key always - MD5 gave a static response) it would seem the authors didn't bother to investigate the security of it very much. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- BackOrifice == DDoS Server??? GJones (Jun 28)
- Re: BackOrifice == DDoS Server??? John Swensson (Jun 29)
- Re: BackOrifice == DDoS Server??? Masial (Jun 29)
- Re: BackOrifice == DDoS Server??? Bluefish (Jun 29)
- <Possible follow-ups>
- Re: BackOrifice == DDoS Server??? Maxime Rousseau (Jun 29)
- Re: BackOrifice == DDoS Server??? John Swensson (Jun 29)