Bugtraq mailing list archives
credit (was Re: About IGMP and another exploit for Windows95x/98x)
From: vision () WHITEHATS COM (Max Vision)
Date: Wed, 14 Jul 1999 20:46:02 -0700
On Tue, 13 Jul 1999, Hector Leon wrote: [From flushot.c]
ip->id = htons(1234);
Hi, The exploit posted earlier as "flushot" has been re-released over the past year several times. The posting by Hector Leon gives credit for flushot.c to Dark Shadow, yet on the Dark Shadow website (http://www.angelfire.com/ar/WarzonE/flushot.html), flushot.c is available for download, with different source code (giving credit to Legion 2000). Here are the assorted banner functions found: 1234.c (tony () funradio fr / Cameleon Groupe) printf("\n1234 1.0 BY CAMELEON G.\n"); printf("reprise de came.c and ssping.c\n\n"); bloop.c (Legion2000 Security Research) printf("Bloop v 1.0\n\n"); printf("\n\n"); flushot.c (DarkShadow / The flu Hacking Group) printf("Remote Flushot v 1.0\n\n"); printf("\n\n"); arcticbrew.c (Mac X / The Arctic League) printf("\nArctic Brew!\n"); printf("kinda close 2 ssping and land\n\n"); Although 1234.c was released long before the others, I don't know who the original author was. Either way, the practice of re-releasing other people's code is out of control here :) FYI, tcpdump of an attack from any of them: SOURCE > TARGET: icmp: parameter problem - octet 0 (frag 1234:SOURCE > TARGET: icmp: parameter problem - octet 0 (frag 1234:9@0+) SOURCE > TARGET: (frag 1234:SOURCE > TARGET: (frag 1234:16@8+) This attack does not seem to affect Win98SE (4.10.2222A) nor Win2000 (5.00.2072). Max Vision Senior Security Architect Globalstar L.P.
Current thread:
- aix 4.2 4.3.1, adb GZ Apple (Jul 12)
- Re: aix 4.2 4.3.1, adb Mike Austin (Jul 13)
- Root Perms Gained with Patrol SNMP Agent 3.2 (all others?) Andrew Alness (Jul 13)
- Announcing First Annual ToorCon Ben (Jul 13)
- ircd exploit in ircu based code Kevin Day (Jul 13)
- Re: ircd exploit in ircu based code Kev (Jul 15)
- About IGMP and another exploit for Windows95x/98x Hector Leon (Jul 13)
- credit (was Re: About IGMP and another exploit for Windows95x/98x) Max Vision (Jul 14)
- Re: aix 4.2 4.3.1, adb Troy A. Bollinger (Jul 13)
- DoS attack on AT&T Wireless text-messaging service Peter Gamache (Jul 14)
- BO2K Aleph One (Jul 15)
- <Possible follow-ups>
- Re: aix 4.2 4.3.1, adb Peter.Fredriksson () Skriptor com (Jul 13)
- Re: aix 4.2 4.3.1, adb Troy A. Bollinger (Jul 15)