Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: is it even possible for a worm with dcom vuln?

From: "wirepair" <wirepair () roguemail net>
Date: Mon, 28 Jul 2003 12:49:48 -0700
Very true, and I just found a universal offset for all win2k sp's {i only tested sp2-4) (0x010016C6 - from svchost.exe) so I'm seeing the potential for a worm much more now heh... god help us all :D 
-wire
On Mon, 28 Jul 2003 15:42:54 -0400 (EDT) 
 Jose Nazario <jose () monkey org> wrote:

dont forget that slapper (the mod_ssl worm) did just that, it
fingerprinted the host and then attacked. windows fingerprinting tools
exist (ie xprobe, which uses udp and icmp packets) which are fine
grained enough.

you're right in that it wont be a FAST moving worm like sapphire, but it
doesn't have to be all that fast to cause damage ...

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://monkey.org/~jose/


--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
Previous By Date Next
Previous By Thread Next

Current thread: