Vulnerability Development mailing list archives
Re: BackOrifice == DDoS Server???
From: mrousseau () SECURED ORG (Masial)
Date: Fri, 30 Jun 2000 01:41:50 -0400
Just raising some questions...
-----Original Message----- From: John Swensson [snip] could put out a large flood, The largest drone list I have encounter wasnt more then 50, all of them on win9x, (backorifice doesnt run on NT). BO2k does, but I have never seen it used for such.
The idea of a DDoS plugin is scary. Does that RCR plugin exist for BO2K? Or are plugins compatible between BO and BO2K?
-----Original Message----- From: Bluefish [snip] BO is written to serve dual purposes (to be used and abused). That, added to it's bad security (two of the cryptographic plugins were broken due to flawed MD5 implementation, and because it was written to serve dual pruposes, no one has bothered to analyse the security of it) sugest that it now only is usefull for abuse..... Given how week the original cryptographic modules were (same key always - MD5 gave a static response) it would seem the authors didn't bother to investigate the security of it
Would you also know if the encryption plugins for BO2K are also flawed? They come in various flavors. Serpent Encryption Blowfish Encryption CAST-256 Encryption IDEA Encryption RC6 Encryption I think surely, there should be reasons to worry if the RCR plugin (or another DDoS plugin) runs on BO2K and if the BO2K code is actually cleaner then the original BO code, with working crypto and all. Think about a smart-replication plugin that would eMail a copy of itself along with some cute looking executable on your HD to some of your friends if the date is... say a multiple of 7? Or propagate slowly via shared folders and files, one might be able to acheive a network of far more then 50 machines... There also comes the question of tracability, how easy can someone trace back to the 'master' of the DDoS if that attack was organised via BO? Aside from the "wait for teen to brag and sacrifice him" technique. But is this more dangerous then the original DDoS networks (trinoo, shambralsumtin et al) ? I'm not sure. M. Secured Industries Why fear the unknown? 22E2 812A 50AA DC3B 107D 60E2 9998 959E 10E3 6031
Current thread:
- BackOrifice == DDoS Server??? GJones (Jun 28)
- Re: BackOrifice == DDoS Server??? John Swensson (Jun 29)
- Re: BackOrifice == DDoS Server??? Masial (Jun 29)
- Re: BackOrifice == DDoS Server??? Bluefish (Jun 29)
- <Possible follow-ups>
- Re: BackOrifice == DDoS Server??? Maxime Rousseau (Jun 29)
- Re: BackOrifice == DDoS Server??? John Swensson (Jun 29)