Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BackOrifice == DDoS Server???

From: mrousseau () SECURED ORG (Masial)
Date: Fri, 30 Jun 2000 01:41:50 -0400

Just raising some questions...


-----Original Message-----
From: John Swensson
[snip]
could put out a large flood, The largest drone list I have encounter wasnt
more then 50, all of them on win9x, (backorifice doesnt run on NT). BO2k
does, but I have never seen it used for such.


The idea of a DDoS plugin is scary. Does that RCR plugin exist for BO2K? Or
are plugins compatible between BO and BO2K?


-----Original Message-----
From: Bluefish
[snip]
BO is written to serve dual purposes (to be used and abused). That, added
to it's bad security (two of the cryptographic plugins were broken due to
flawed MD5 implementation, and because it was written to serve dual
pruposes, no one has bothered to analyse the security of it) sugest that
it now only is usefull for abuse..... Given how week the original
cryptographic modules were (same key always - MD5 gave a static response)
it would seem the authors didn't bother to investigate the security of it


Would you also know if the encryption plugins for BO2K are also flawed? They
come in various flavors.

Serpent Encryption
Blowfish Encryption
CAST-256 Encryption
IDEA Encryption
RC6 Encryption

I think surely, there should be reasons to worry if the RCR plugin (or
another DDoS plugin) runs on BO2K and if the BO2K code is actually cleaner
then the original BO code, with working crypto and all. Think about a
smart-replication plugin that would eMail a copy of itself along with some
cute looking executable on your HD to some of your friends if the date is...
say a multiple of 7? Or propagate slowly via shared folders and files, one
might be able to acheive a network of far more then 50 machines...

There also comes the question of tracability, how easy can someone trace
back to the 'master' of the DDoS if that attack was organised via BO? Aside
from the "wait for teen to brag and sacrifice him" technique.

But is this more dangerous then the original DDoS networks (trinoo,
shambralsumtin et al) ?

I'm not sure.

M.
Secured Industries
Why fear the unknown?
22E2 812A 50AA DC3B 107D 60E2 9998 959E 10E3 6031
Previous By Date Next
Previous By Thread Next

Current thread: