Vulnerability Development mailing list archives
Re: is it even possible for a worm with dcom vuln?
From: "wirepair" <wirepair () roguemail net>
Date: Mon, 28 Jul 2003 12:49:48 -0700
Very true, and I just found a universal offset for all win2k sp's {i only tested sp2-4) (0x010016C6 - from svchost.exe) so I'm seeing the potential for a worm much more now heh... god help us all :D
-wireOn Mon, 28 Jul 2003 15:42:54 -0400 (EDT)
Jose Nazario <jose () monkey org> wrote:
dont forget that slapper (the mod_ssl worm) did just that, it fingerprinted the host and then attacked. windows fingerprinting tools exist (ie xprobe, which uses udp and icmp packets) which are fine grained enough. you're right in that it wont be a FAST moving worm like sapphire, but it doesn't have to be all that fast to cause damage ... ___________________________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf
Current thread:
- is it even possible for a worm with dcom vuln? wirepair (Jul 28)
- Re: is it even possible for a worm with dcom vuln? H D Moore (Jul 28)
- <Possible follow-ups>
- Re: is it even possible for a worm with dcom vuln? wirepair (Jul 28)
- is it even possible for a worm with dcom vuln? Victor Pereira (Jul 30)